Strange Cron Job takes up 100% of CPU Ubuntu 18 LTS ServerList what a CRON Job is doingCron job not executing?Cron job not executingRunning CRON job on Ubuntu server for SugarCRMCron job isn't workingCron job every secondCron job not runningUbuntu Server cron job doesn't workCron job,crontabCron job stopped workingsetting up rsync cron job, not executing

Film where a boy turns into a princess

Character Frequency in a String

Inadvertently nuked my disk permission structure - why?

Area of parallelogram = Area of square. Shear transform

Other than a swing wing, what types of variable geometry have flown?

Is Grandpa Irrational? Another Grandpa Mystery

How to optimize IN query on indexed column

Determine if a triangle is equilateral, isosceles, or scalene

Why is the return type for ftell not fpos_t?

Is it normal practice to screen share with a client?

Keeping an "hot eyeball planet" wet

How can I prevent corporations from growing their own workforce?

How do campaign rallies gain candidates votes?

Why do people say "I am broke" instead of "I am broken"?

This message is flooding my syslog, how to find were it comes from?

Monty Hall Problem with a Fallible Monty

Memory capability and powers of 2

Why are angular mometum and angular velocity not necessarily parallel, but linear momentum and linear velocity are always parallel?

Spoken encryption

Is the apartment I want to rent a scam?

Problem loading expl3 in plain TeX

If my business card says 〇〇さん, does that mean I'm referring to myself with an honourific?

What do teaching faculty do during semester breaks?

Is there a published campaign where a missing artifact or a relic is creating trouble by its absence?



Strange Cron Job takes up 100% of CPU Ubuntu 18 LTS Server


List what a CRON Job is doingCron job not executing?Cron job not executingRunning CRON job on Ubuntu server for SugarCRMCron job isn't workingCron job every secondCron job not runningUbuntu Server cron job doesn't workCron job,crontabCron job stopped workingsetting up rsync cron job, not executing






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I keep getting weir cron jobs showing up and I have no clue what they do. I typically issue kill -9 to stop them. They take up 100% of my CPU and can run for days until I check. Does anyone know what this means?



sudo crontab -l
0 0 */3 * * /root/.firefoxcatche/a/upd>/dev/null 2>&1
@reboot /root/.firefoxcatche/a/upd>/dev/null 2>&1
5 8 * * 0 /root/.firefoxcatche/b/sync>/dev/null 2>&1
@reboot /root/.firefoxcatche/b/sync>/dev/null 2>&1
#5 1 * * * /tmp/.X13-unix/.rsync/c/aptitude>/dev/null 2>&1


I am running Ubuntu 18 LTS server fully up-to-date as of yesterday 7/24/2019










share|improve this question

















  • 1





    .firefoxcatche probably doesn't have anything to do with firefox – could this just be a bitcoin miner? Try uploading the executables to virustotal.

    – Thom Wiggers
    10 hours ago











  • How do I do that?

    – MCP_infiltrator
    10 hours ago











  • I can't find the crontab to hash it out

    – MCP_infiltrator
    10 hours ago






  • 1





    "I can't find the crontab to hash it out " what does that mean? why would sudo crontab -e to edit not work? But if this is a cryptominer you did not install... those will be re-added. 1st look in "/root/.firefoxcatche/a/upd" what it does.

    – Rinzwind
    10 hours ago






  • 1





    "Do I have to log in as root to get there? " This is a question I do not expect to see from a administrator. You really need to know what you are doing from now on. Change the admin password ASAP. Inspect the files listed in cron. Eradicate them.

    – Rinzwind
    9 hours ago

















3















I keep getting weir cron jobs showing up and I have no clue what they do. I typically issue kill -9 to stop them. They take up 100% of my CPU and can run for days until I check. Does anyone know what this means?



sudo crontab -l
0 0 */3 * * /root/.firefoxcatche/a/upd>/dev/null 2>&1
@reboot /root/.firefoxcatche/a/upd>/dev/null 2>&1
5 8 * * 0 /root/.firefoxcatche/b/sync>/dev/null 2>&1
@reboot /root/.firefoxcatche/b/sync>/dev/null 2>&1
#5 1 * * * /tmp/.X13-unix/.rsync/c/aptitude>/dev/null 2>&1


I am running Ubuntu 18 LTS server fully up-to-date as of yesterday 7/24/2019










share|improve this question

















  • 1





    .firefoxcatche probably doesn't have anything to do with firefox – could this just be a bitcoin miner? Try uploading the executables to virustotal.

    – Thom Wiggers
    10 hours ago











  • How do I do that?

    – MCP_infiltrator
    10 hours ago











  • I can't find the crontab to hash it out

    – MCP_infiltrator
    10 hours ago






  • 1





    "I can't find the crontab to hash it out " what does that mean? why would sudo crontab -e to edit not work? But if this is a cryptominer you did not install... those will be re-added. 1st look in "/root/.firefoxcatche/a/upd" what it does.

    – Rinzwind
    10 hours ago






  • 1





    "Do I have to log in as root to get there? " This is a question I do not expect to see from a administrator. You really need to know what you are doing from now on. Change the admin password ASAP. Inspect the files listed in cron. Eradicate them.

    – Rinzwind
    9 hours ago













3












3








3


1






I keep getting weir cron jobs showing up and I have no clue what they do. I typically issue kill -9 to stop them. They take up 100% of my CPU and can run for days until I check. Does anyone know what this means?



sudo crontab -l
0 0 */3 * * /root/.firefoxcatche/a/upd>/dev/null 2>&1
@reboot /root/.firefoxcatche/a/upd>/dev/null 2>&1
5 8 * * 0 /root/.firefoxcatche/b/sync>/dev/null 2>&1
@reboot /root/.firefoxcatche/b/sync>/dev/null 2>&1
#5 1 * * * /tmp/.X13-unix/.rsync/c/aptitude>/dev/null 2>&1


I am running Ubuntu 18 LTS server fully up-to-date as of yesterday 7/24/2019










share|improve this question














I keep getting weir cron jobs showing up and I have no clue what they do. I typically issue kill -9 to stop them. They take up 100% of my CPU and can run for days until I check. Does anyone know what this means?



sudo crontab -l
0 0 */3 * * /root/.firefoxcatche/a/upd>/dev/null 2>&1
@reboot /root/.firefoxcatche/a/upd>/dev/null 2>&1
5 8 * * 0 /root/.firefoxcatche/b/sync>/dev/null 2>&1
@reboot /root/.firefoxcatche/b/sync>/dev/null 2>&1
#5 1 * * * /tmp/.X13-unix/.rsync/c/aptitude>/dev/null 2>&1


I am running Ubuntu 18 LTS server fully up-to-date as of yesterday 7/24/2019







server cron rsync






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 10 hours ago









MCP_infiltratorMCP_infiltrator

1449 bronze badges




1449 bronze badges







  • 1





    .firefoxcatche probably doesn't have anything to do with firefox – could this just be a bitcoin miner? Try uploading the executables to virustotal.

    – Thom Wiggers
    10 hours ago











  • How do I do that?

    – MCP_infiltrator
    10 hours ago











  • I can't find the crontab to hash it out

    – MCP_infiltrator
    10 hours ago






  • 1





    "I can't find the crontab to hash it out " what does that mean? why would sudo crontab -e to edit not work? But if this is a cryptominer you did not install... those will be re-added. 1st look in "/root/.firefoxcatche/a/upd" what it does.

    – Rinzwind
    10 hours ago






  • 1





    "Do I have to log in as root to get there? " This is a question I do not expect to see from a administrator. You really need to know what you are doing from now on. Change the admin password ASAP. Inspect the files listed in cron. Eradicate them.

    – Rinzwind
    9 hours ago












  • 1





    .firefoxcatche probably doesn't have anything to do with firefox – could this just be a bitcoin miner? Try uploading the executables to virustotal.

    – Thom Wiggers
    10 hours ago











  • How do I do that?

    – MCP_infiltrator
    10 hours ago











  • I can't find the crontab to hash it out

    – MCP_infiltrator
    10 hours ago






  • 1





    "I can't find the crontab to hash it out " what does that mean? why would sudo crontab -e to edit not work? But if this is a cryptominer you did not install... those will be re-added. 1st look in "/root/.firefoxcatche/a/upd" what it does.

    – Rinzwind
    10 hours ago






  • 1





    "Do I have to log in as root to get there? " This is a question I do not expect to see from a administrator. You really need to know what you are doing from now on. Change the admin password ASAP. Inspect the files listed in cron. Eradicate them.

    – Rinzwind
    9 hours ago







1




1





.firefoxcatche probably doesn't have anything to do with firefox – could this just be a bitcoin miner? Try uploading the executables to virustotal.

– Thom Wiggers
10 hours ago





.firefoxcatche probably doesn't have anything to do with firefox – could this just be a bitcoin miner? Try uploading the executables to virustotal.

– Thom Wiggers
10 hours ago













How do I do that?

– MCP_infiltrator
10 hours ago





How do I do that?

– MCP_infiltrator
10 hours ago













I can't find the crontab to hash it out

– MCP_infiltrator
10 hours ago





I can't find the crontab to hash it out

– MCP_infiltrator
10 hours ago




1




1





"I can't find the crontab to hash it out " what does that mean? why would sudo crontab -e to edit not work? But if this is a cryptominer you did not install... those will be re-added. 1st look in "/root/.firefoxcatche/a/upd" what it does.

– Rinzwind
10 hours ago





"I can't find the crontab to hash it out " what does that mean? why would sudo crontab -e to edit not work? But if this is a cryptominer you did not install... those will be re-added. 1st look in "/root/.firefoxcatche/a/upd" what it does.

– Rinzwind
10 hours ago




1




1





"Do I have to log in as root to get there? " This is a question I do not expect to see from a administrator. You really need to know what you are doing from now on. Change the admin password ASAP. Inspect the files listed in cron. Eradicate them.

– Rinzwind
9 hours ago





"Do I have to log in as root to get there? " This is a question I do not expect to see from a administrator. You really need to know what you are doing from now on. Change the admin password ASAP. Inspect the files listed in cron. Eradicate them.

– Rinzwind
9 hours ago










1 Answer
1






active

oldest

votes


















9














Your machine most likely has a crypto miner infection. You can see someone else reporting similar filenames and behaviour: https://msandbu.org/real-life-detection-of-a-virtual-machine-in-azure-with-security-center/. See also https://www.reddit.com/r/linuxquestions/comments/9fnggy/my_ubuntu_server_has_a_virus_ive_located_it_but_i/.



You can no longer trust that machine, and should re-install it. Be careful with restoring backups.






share|improve this answer























  • I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

    – Rinzwind
    9 hours ago











  • Womp womp womp womp sigh

    – MCP_infiltrator
    9 hours ago













Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1161003%2fstrange-cron-job-takes-up-100-of-cpu-ubuntu-18-lts-server%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









9














Your machine most likely has a crypto miner infection. You can see someone else reporting similar filenames and behaviour: https://msandbu.org/real-life-detection-of-a-virtual-machine-in-azure-with-security-center/. See also https://www.reddit.com/r/linuxquestions/comments/9fnggy/my_ubuntu_server_has_a_virus_ive_located_it_but_i/.



You can no longer trust that machine, and should re-install it. Be careful with restoring backups.






share|improve this answer























  • I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

    – Rinzwind
    9 hours ago











  • Womp womp womp womp sigh

    – MCP_infiltrator
    9 hours ago















9














Your machine most likely has a crypto miner infection. You can see someone else reporting similar filenames and behaviour: https://msandbu.org/real-life-detection-of-a-virtual-machine-in-azure-with-security-center/. See also https://www.reddit.com/r/linuxquestions/comments/9fnggy/my_ubuntu_server_has_a_virus_ive_located_it_but_i/.



You can no longer trust that machine, and should re-install it. Be careful with restoring backups.






share|improve this answer























  • I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

    – Rinzwind
    9 hours ago











  • Womp womp womp womp sigh

    – MCP_infiltrator
    9 hours ago













9












9








9







Your machine most likely has a crypto miner infection. You can see someone else reporting similar filenames and behaviour: https://msandbu.org/real-life-detection-of-a-virtual-machine-in-azure-with-security-center/. See also https://www.reddit.com/r/linuxquestions/comments/9fnggy/my_ubuntu_server_has_a_virus_ive_located_it_but_i/.



You can no longer trust that machine, and should re-install it. Be careful with restoring backups.






share|improve this answer













Your machine most likely has a crypto miner infection. You can see someone else reporting similar filenames and behaviour: https://msandbu.org/real-life-detection-of-a-virtual-machine-in-azure-with-security-center/. See also https://www.reddit.com/r/linuxquestions/comments/9fnggy/my_ubuntu_server_has_a_virus_ive_located_it_but_i/.



You can no longer trust that machine, and should re-install it. Be careful with restoring backups.







share|improve this answer












share|improve this answer



share|improve this answer










answered 10 hours ago









Thom WiggersThom Wiggers

2521 silver badge6 bronze badges




2521 silver badge6 bronze badges












  • I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

    – Rinzwind
    9 hours ago











  • Womp womp womp womp sigh

    – MCP_infiltrator
    9 hours ago

















  • I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

    – Rinzwind
    9 hours ago











  • Womp womp womp womp sigh

    – MCP_infiltrator
    9 hours ago
















I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

– Rinzwind
9 hours ago





I agree. root password got compromised so re-install and be very careful with the backup; it could also be on there.

– Rinzwind
9 hours ago













Womp womp womp womp sigh

– MCP_infiltrator
9 hours ago





Womp womp womp womp sigh

– MCP_infiltrator
9 hours ago

















draft saved

draft discarded
















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1161003%2fstrange-cron-job-takes-up-100-of-cpu-ubuntu-18-lts-server%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單