Hi tdphanab1,

Quote Originally Posted by ab View Post
[...] then you may want to disconnect
your system and see if it has been hacked. The m64.pl process shows up in
Google as possibly being a bit of malware used as a bitcoin miner, which
means somebody is making money by using your CPU to do bitcoin "mining".

https://www.virustotal.com/en/file/a...737c/analysis/

Quote Originally Posted by tdphanab1 View Post
So any guidence to solved this issue ? I activated SSH server on my SLES maybe this is the problem ? so I have to disable the SSH ?
typical CERT procedures apply. Check where that m64.pl is coming from and where it is placed. If you cannot safely determine "someone from the inside" has placed and started that program, but have to fear your system was compromised, detach it from all networks and start analysis. If you then conclude your system was broken into, try to identify the attack vector (to make sure you won't open that "hole" again), try to find out if more than BTC mining was added (i.e. the system was used to attack further systems on your network) and then reinstall the server.

The decision not to re-install ought only be made if you're sufficiently sure what had been done and that the system is still "safe" - no back-doors, no malware, no new accounts, all security holes covered,...

Regards,
Jens