PDA

View Full Version : 100% Processor Usage



tdphanab1
24-Feb-2014, 01:54
My SLES only installed SAP HANA, every morning processor status always reach 100% all, I see it on System Status Monitor. and at night surely no one using the SAP apps. So every morning I have to restart the server to get it normal.

Any idea how to check what makes the processor 100% usage ?

Thanks

ab
24-Feb-2014, 12:08
Have you tried the typical OS tools like 'top' to see what is using the
system? Which SLES version and patches? Is this production, dev, QA,
etc. and does it happen in other environments? Is anything misbehaving
other than the perceived problem with CPU utilization? Is this a physical
or virtual box? How many CPUs/cores/etc. does it have?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

tdphanab1
26-Feb-2014, 04:22
I am using 2 Xeon 8Core, I try run TOP and it is stated that m64.pl taking much process. what is m64.pl ?
thanks

ab
26-Feb-2014, 05:01
On 02/25/2014 08:24 PM, tdphanab1 wrote:
>
> I am using 2 Xeon 8Core, I try run TOP and it is stated that m64.pl
> taking much process. what is m64.pl ?
> thanks

No idea. Which package is it from? Find out the file's path and then see
which package placed it. If one did not, then you may want to disconnect
your system and see if it has been hacked. The m64.pl process shows up in
Google as possibly being a bit of malware used as a bitcoin miner, which
means somebody is making money by using your CPU to do bitcoin "mining".

https://www.virustotal.com/en/file/ae3e78a63168088360f40dcb3397135e25b85e1cdfc690eb9b 409cd1f92c737c/analysis/

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

tdphanab1
26-Feb-2014, 07:10
So any guidence to solved this issue ? I activated SSH server on my SLES maybe this is the problem ? so I have to disable the SSH ?

jmozdzen
26-Feb-2014, 11:17
Hi tdphanab1,


[...] then you may want to disconnect
your system and see if it has been hacked. The m64.pl process shows up in
Google as possibly being a bit of malware used as a bitcoin miner, which
means somebody is making money by using your CPU to do bitcoin "mining".

https://www.virustotal.com/en/file/ae3e78a63168088360f40dcb3397135e25b85e1cdfc690eb9b 409cd1f92c737c/analysis/



So any guidence to solved this issue ? I activated SSH server on my SLES maybe this is the problem ? so I have to disable the SSH ?

typical CERT procedures apply. Check where that m64.pl is coming from and where it is placed. If you cannot safely determine "someone from the inside" has placed and started that program, but have to fear your system was compromised, detach it from all networks and start analysis. If you then conclude your system was broken into, try to identify the attack vector (to make sure you won't open that "hole" again), try to find out if more than BTC mining was added (i.e. the system was used to attack further systems on your network) and then reinstall the server.

The decision not to re-install ought only be made if you're sufficiently sure what had been done and that the system is still "safe" - no back-doors, no malware, no new accounts, all security holes covered,...

Regards,
Jens