Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Requesting help please!! regarding kdevtmpfsi and where it is in my server !

Featured Replies

I don't know when it started but recently my server randomly spins up to 100% cpu usage and just runs and runs and runs. it stops when i turn a handful of dockers off. I don't know which one though because it is such a delayed response from the server, so i can turn some off and like 10 minutes later the server comes back to normal. Anyways i have a diagnostics report downloaded to show my logs and everything, im assuming the malware is in my "homeassistant in a box", my firefox, or maybe my immich docker. i deleted home assistant in a box, and firefox just now. Then i turned off immich docker. The server is calm as could be right now. What is the best way to remove the malware on an unraid server? and if i remove the dockers will it go away? also i do not want to get rid of my immich docker (backup photos docker). tower-diagnostics-20250221-0744.zip

  • Community Expert

Bit hard to find out where it could be stuck (from our point of view), but if its a docker, you can enable "Advanced View" in the top right and it will display the cpu usage by the containers.

alternatively you could look where that file is located (if its not stored in a docker image itself) "find /mnt/user/appdata -iname kdevtmpfsi"

to search from inside docker containers, just use "find / -iname kdevtmpfsi"

Edited by Mainfrezzer

  • Author

Thanks. when I get home from work today I'm gonna turn back on immich, and toggle advanced view (i don't know why this wasn't toggled on already). Thanks for the advice, I'll try to give an update with possibly more logs.  I'm assuming something on my server is open to the internet via home assistant, (i hope its not one of my IOT devices in my house >< )

  • Community Expert

After reading it a bit up, i suspect either immich or the PostgreSQL_Immich container to be the culprit(i never ran any of them, so i have no clue how they work). It seems to be attracted to redis, from what i read

( a case for postgresql is also to be found https://github.com/docker-library/postgres/issues/1054)

Edited by Mainfrezzer

  • Author

all i know about them is that immich is for photo backups, and im using the spaceinvader one version, which has the postgresssql container attached to it. Then i run immich through a cloudflare tunnel from my couldflare site, and its protected by a password that is 12 characters long, so i dont know how that would be hacked. I may just get rid of immich/post gres altogether, and then just go download the normal immich docker from unraid. I dont know. 

  • Community Expert
16 minutes ago, cushman3742 said:

all i know about them is that immich is for photo backups, and im using the spaceinvader one version, which has the postgresssql container attached to it. Then i run immich through a cloudflare tunnel from my couldflare site, and its protected by a password that is 12 characters long, so i dont know how that would be hacked. I may just get rid of immich/post gres altogether, and then just go download the normal immich docker from unraid. I dont know. 

 

When it's running, try this from the command prompt then post the ps.txt file (sanitize any usernames or passwords)  ps auxf > ps.txt

  • Author

thankyou so much for responding. i may not be able to get around to doing this until later in the weekend. but i will for sure get back to you @Michael_P and also thanks @Mainfrezzer

  • 2 weeks later...
  • Author

i ended up not figuring out how to do the ps stuff.. so i just deleted both apps, and removed every file with it. hopefully that's enough to get rid of the malware. Might go with seafile as a backup system. really all i wanted to do is backup my pictures and anything else to my server 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.