RT-AX88U maxing out a core and regularly showing 60+ MB/s upload

[dave14305]

Can either of you run this command to see what is actually running?

for i in $(pidof sshd); do ls -l /proc/$i/exe; done

This malware is trying very hard to cover its tracks,

 

[doczenith1]

I think I'm experiencing a similar issue. Been going on for a few months now. I may try turning off the OpenVPN server and see if that changes anything.

AiCloud - OFF
AiProtection - OFF
SSH Port Forwarding - OFF
OpenVPN server - ON (non-standard port but do see connection attempts)
WireGuard server - ON

I don't see any sustained data transfer nor have seen any high cpu usage like the OP.

Daily

Last 24 hours showing some ridiculous values.

 

[firecracker]

Can either of you run this command to see what is actually running?

for i in $(pidof sshd); do ls -l /proc/$i/exe; done

This malware is trying very hard to cover its tracks,

I did this and nothing was returned. Simply moved to the next line with another prompt.

 

[firecracker]

Thanks.


It doesn't seem to be the cause, but the option I was referring to was Administration - System > Allow SSH Port Forwarding.

EDIT: Reboot the router after making any changes to get rid of the currently running {sshd} processes.

My "System" page does not have that option. Running stock firmware, not merlin if that helps.