What's new

[mtdblock3] CPU usage every 10 seconds

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Welcome to the forums @zizzyzizzy.

It doesn't help to come in and the first thing you do is criticize.

Stay focused.

What router are you talking about? What firmware version? When was the last time you did a full reset to factory defaults and then minimally and manually configure the router to connect to your ISP and secure it? Without using any saved backup config file, nor re-inserting any previously used USB drive that was used for amtm (or other) scripts?

Keep in mind that some settings are 'sticky'. And just toggling them on/off is not the same as leaving them off in the first place. That is why a full reset is needed sometimes; to quickly get back to a good/known state with the least amount of time spent 'troubleshooting' needless internal firmware interactions.


Find your model in the link above and follow the steps to do the Asus recommended method to a full reset to factory defaults and then see if your router is still exhibiting this issue.


Some routers seem extra hard to reset and require multiple times with different methods. If your router continues to exhibit the same behavior after following the above link, it might be helpful to try the suggestions in the link below.

 
**UPDATE** I updated the firmware with a release that came out two weeks ago. It's been 30 minutes with no high CPU or high load issues. I would still like to know why mtdblock3 is running in the first place and how to prevent this from happening again.

mtdblock3 (on the OP's router) is the kernel driver that provides access to the storage device containing the operating system. It's always present otherwise you wouldn't have a working system.
 
It appears Asus caused this with a bad update to AIProtection asd, the built-in Trend Micro malware detection.



Apparently someone posted incorrectly that it was AIProtection, and everyone else started parroting the same information. Like these guys:
 
Last edited:
It appears Asus caused this with a bad update to AIProtection. Never mind that AIProtection is not enabled on my router. It sounds like the daemon downloads updates regularly anyway.

As RMerlin stated in another post this is nothing to do with AiProtection. Whoever wrote that piece doesn't understand what asd is.
 
@Makaveli Another necro post here, another three years later. Can you guess why? Yup, this is STILL a problem in 2023, and this is the first post that comes up on a Google search. Condescending comments about necro posting relevant and current information are not appreciated or needed in a help forum.

Anyway, this is still an issue years later. I'm about ready to throw this Asus router out the window because it keeps grinding to a halt. The most likely suspect is mtdblock3, which is eating up 99% of the CPU and causing a load of over 32 on my router. Like the other poster, I don't need or want AI Cloud, which is why it's disabled and yet still bricking my router. Nothing has changed on this router in months.

Does anyone have any suggestions about this issue or comments as to why it's still in issue in 2023? Is there any way to rename or remove the file being run for no reason?

**UPDATE** I updated the firmware with a release that came out two weeks ago. It's been 30 minutes with no high CPU or high load issues. I would still like to know why mtdblock3 is running in the first place and how to prevent this from happening again.
You might want to ping @JGrana... he's got a good bit of knowledge with mtd...
 
Oh snap... "Why were routers affected even when they had been configured to not automatically update and no manual update had been performed? Asus has yet to address this, but the likely answer is that the definitions file for ASD, which resides in memory and scans devices for security threats, gets updated whether or not automatic updates are enabled."
 
The explanation answered the question of what was causing routers to crash, but it raised a new one: Why were routers affected even when they had been configured to not automatically update and no manual update had been performed? Asus has yet to address this, but the likely answer is that the definitions file for ASD, which resides in memory and scans devices for security threats, gets updated whether or not automatic updates are enabled.


The long and short of things is that the 48-hour mystery surrounding the malfunctioning Asus routers has now been solved and a fix is in place. We now return you to your normally scheduled Internet usage.

This is a reason why ASD should not be in an asus router (may be wrong), eventually the users will need protection from it.
 
Last edited:
This is a reason why ASD should not be in an asus router (may be wrong), eventually the users will need protection from it.
asd is not AiProtection. asd is the thing that prevents and removes malware infections from the router. It's there because of all the criticism they got in the past when people didn't update their router's firmware and it got infected. You can't have it both ways.
 
asd is not AiProtection. asd is the thing that prevents and removes malware infections from the router. It's there because of all the criticism they got in the past when people didn't update their router's firmware and it got infected. You can't have it both ways.
Obviously it is not "AI protect".
Agreed, but ASD should be removed. It was a bad addition that had good intentions. Apparently, it's auto update feature is in itself a potential for breaking the router now. It should atleast be a feature the user could turn on/off, and update themselves, but I don't suspect you experienced this bad definition update, otherwise you may have a different opinion. Pray you never do.
 
Last edited:
Obviously it is not "AI protect".
Before your edit you said it was. So you seemed to be confused about what exactly asd does.

Agreed, but ASD should be removed. It was a bad addition that had good intentions. Apparently, it's auto update feature is in itself a potential for breaking the router now.
I agree that this router breaking update should never have happened. The same as those times when Microsoft and Sophos pushed AV updates that bricked Windows. But there are numerous instances reported in these forums where it's prevented malware getting onto the router. There was one just the other day here. The alternative is to go back to the days when Asus routers were constantly being exploited by the likes of VPNFilter or "the Korean malware".

It should atleast be a feature the user could turn on/off, and update themselves...
That would seem like a reasonable compromise (but see RMerlin's comment below), just like AiProtection is optional. The default being on for both to protect the average non-technical user, but optionally off for the geeks who perhaps are running a separate firewall.
 
Last edited:
Agree with @SomeWhereOverTheRainBow ... I wish we were given a way to remove it so we can run our own antivirus/malware on these routers... speaking of which... does anyone use clamav on their routers?

1684596338597.png
 
You might want to ping @JGrana... he's got a good bit of knowledge with mtd...
As others have said, mtdblock3 is not a process/application that “runs”. It is the name of a device (flash memory) that “exists”. In the case of mtdblock3, it exists to store the root file system. The square brackets around the name in ps indicate it didn’t have a command line - it is usually a kernel thread or service. Invoked by another program.
It shows that some other program is using the service (reading and/or writing the root filesystem on the device - mtdblock3) heavily!
 
does anyone use clamav on their routers?
ClamAV has ZERO knowledge of any malware that runs on a router, and it has no understanding of the concept of nvram and JFFS scripts. ASD is specifically designed to handled malwares that targets Asus routers. ClamAV cannot do anything to protect you there - nothing else can. You need a custom-designed solution, just like QNAP has their own Malware Remover.

Allowing it to be disabled would rend it completely useless, because if the user can disable it, then obviously so could any malware targeting your router.

Broken signature files are just a fact of life. Microsoft, Trend Micro, Eset, Norton - they've all pushed a broken signature file at one point or another that broke Windows.
 
ClamAV has ZERO knowledge of any malware that runs on a router, and it has no understanding of the concept of nvram and JFFS scripts.
Super interesting! Thanks for sharing, @RMerlin!
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top