CENTOS 7 Locked out by process using 100%

General support questions
Post Reply
ilgoro
Posts: 1
Joined: 2022/05/16 07:32:04

CENTOS 7 Locked out by process using 100%

Post by ilgoro » 2022/05/16 07:37:52

Hi, I've a Liferay 6.2 application with postgres 13 running on as Aruba vps cloud.
In last days i had some problem with CPU usage that is often at 100%.
I see a task called .tom7 but i cant understand what is.
Here the result of top command
[root@aru-278902 opt]# top
top - 09:23:17 up 38 min, 2 users, load average: 1.25, 1.28, 0.89
Tasks: 158 total, 1 running, 156 sleeping, 0 stopped, 1 zombie
%Cpu(s): 25.2 us, 0.2 sy, 0.0 ni, 74.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 8164652 total, 2085692 free, 4279812 used, 1799148 buff/cache
KiB Swap: 2187260 total, 2187260 free, 0 used. 3551100 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3199 root 15 -5 2667420 13228 404 S 99.7 0.2 4:15.77 .tom7
724 root 20 0 348776 4908 3668 S 0.3 0.1 0:01.87 vmtoolsd
1101 root 20 0 591424 14400 4696 S 0.3 0.2 0:04.40 fail2ban-server
1424 postgres 20 0 414936 3408 1568 S 0.3 0.0 0:00.07 postmaster
1450 root 20 0 4944944 1.3g 14768 S 0.3 16.8 4:06.41 java
1969 root 20 0 162104 2292 1600 S 0.3 0.0 0:02.48 top
1 root 20 0 54428 6796 4200 S 0.0 0.1 0:02.78 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd

Anyone can help me?
Thank you!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CENTOS 7 Locked out by process using 100%

Post by TrevorH » 2022/05/16 09:20:46

If you press 'c' in top then it displays the full path of the command that is running and you can see where ".tom7" comes from. I am deeply suspicious about it however and fear that you have probbaly been hacked and this is a cryptominer using your electricity to make money for someone else. If it is and it is running as root or there is any evidence of the attacker having gained root access then your only safe option is to reinstall the machine from scratch and restore your data from backups.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply