Search

How to determine if the running process [oom_reaper] is normal system process?

Last modified date: 2022-06-24
Applicable Products:
  • Security

A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named "[oom_reaper]" could occupy around 50% of the total CPU usage. This process mimics a kernel process but its PID is usually greater than 1000.

You can check the PID by the procedures below.

  1. Run ssh access to the NAS.

  2. Run ps | grep oom_reaper  and check the output.

  3. In the following output example, 580 is the PID of [oom_reaper]

    img

    • if the PID < 1000, the process is a normal system process.

    • if the PID > 1000, follow the instructions below.

      1. Update QTS or QuTS hero to the latest version.
      2. Install and update Malware Remover to the latest version.
      3. Use stronger passwords for your administrator and other user accounts.
      4. Update all installed applications to their latest versions.
      5. Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.

Related link:

Was this article helpful?

Yes. No.
56% of people think it helps.
Thank you for your feedback.

Please tell us how this article can be improved:

If you want to provide additional feedback, please include it below.

Choose specification

      Show more Less

      Choose Your Country or Region

      back to top