The officially official Devuan Forum!

You are not logged in.

#1 2021-12-14 23:38:06

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

[SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

My system is a relatively new laptop with AMD processor & graphics and an NVMe SSD, with the OS being Devuan Chimaera Cinnamon.

Recently the fan started going on on a regular basis, something it never did before, making me suspect that a cyber-currency miner is running (Psensor shows temps as high as 61, which should never happen given that I don't game or use cpu-intensive applications). If this was a Windows system, I'd run Malwarebytes, but this is Linux, so I looked to Clam. When I started Clamtk, a message informed me that "An update is available," but there is no update button. So I killed Clamtk and executed "sudo apt update", "sudo freshclam", "sudo clamscan /" in a terminal. "sudo apt update" returned "All packages are up to date." But then when I started Clamtk again, the message still appeared, making me think the update failed. Any thoughts?

~$ sudo freshclam
Tue Dec 14 15:48:38 2021 -> ClamAV update process started at Tue Dec 14 15:48:38 2021
Tue Dec 14 15:48:38 2021 -> ^Your ClamAV installation is OUTDATED!
Tue Dec 14 15:48:38 2021 -> ^Local version: 0.103.3 Recommended version: 0.103.4
Tue Dec 14 15:48:38 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Tue Dec 14 15:48:38 2021 -> daily.cld database is up-to-date (version: 26387, sigs: 1950745, f-level: 90, builder: raynman)
Tue Dec 14 15:48:38 2021 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Tue Dec 14 15:48:38 2021 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

~$ sudo clamscan --recursive /
<whole bunch of lines deleted>

~$ whereis freshclam
freshclam: /usr/bin/freshclam /usr/share/man/man1/freshclam.1.gz

~$ whereis clamscan
clamscasn:

~$ ldd $(which freshclam)
	linux-vdso.so.1 (0x00007ffee231f000)
	libclamav.so.9 => /usr/lib/x86_64-linux-gnu/libclamav.so.9 (0x00007f1d507e2000)
	libfreshclam.so.2 => /usr/lib/x86_64-linux-gnu/libfreshclam.so.2 (0x00007f1d507ac000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1d5078a000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1d505c5000)
	libjson-c.so.5 => /usr/lib/x86_64-linux-gnu/libjson-c.so.5 (0x00007f1d505b2000)
	libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f1d5059f000)
	libltdl.so.7 => /usr/lib/x86_64-linux-gnu/libltdl.so.7 (0x00007f1d50592000)
	libxml2.so.2 => /usr/lib/x86_64-linux-gnu/libxml2.so.2 (0x00007f1d503e4000)
	libmspack.so.0 => /usr/lib/x86_64-linux-gnu/libmspack.so.0 (0x00007f1d503cf000)
	libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f1d500db000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1d500be000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1d4ff7a000)
	libtfm.so.1 => /usr/lib/x86_64-linux-gnu/libtfm.so.1 (0x00007f1d4fd3e000)
	libpcre2-8.so.0 => /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f1d4fca6000)
	libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f1d4fc8c000)
	libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007f1d4fbf1000)
	libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f1d4fb5e000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f1d509f8000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1d4fb56000)
	libicuuc.so.67 => /usr/lib/x86_64-linux-gnu/libicuuc.so.67 (0x00007f1d4f96d000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f1d4f945000)
	libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14 (0x00007f1d4f918000)
	libidn2.so.0 => /usr/lib/x86_64-linux-gnu/libidn2.so.0 (0x00007f1d4f8f7000)
	librtmp.so.1 => /usr/lib/x86_64-linux-gnu/librtmp.so.1 (0x00007f1d4f8d6000)
	libssh2.so.1 => /usr/lib/x86_64-linux-gnu/libssh2.so.1 (0x00007f1d4f8a1000)
	libpsl.so.5 => /usr/lib/x86_64-linux-gnu/libpsl.so.5 (0x00007f1d4f88d000)
	libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f1d4f83a000)
	libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007f1d4f7e4000)
	liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007f1d4f7d3000)
	libbrotlidec.so.1 => /usr/lib/x86_64-linux-gnu/libbrotlidec.so.1 (0x00007f1d4f7c3000)
	libicudata.so.67 => /usr/lib/x86_64-linux-gnu/libicudata.so.67 (0x00007f1d4dcaa000)
	libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f1d4dadd000)
	libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f1d4dac3000)
	libunistring.so.2 => /usr/lib/x86_64-linux-gnu/libunistring.so.2 (0x00007f1d4d941000)
	libgnutls.so.30 => /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007f1d4d73f000)
	libhogweed.so.6 => /usr/lib/x86_64-linux-gnu/libhogweed.so.6 (0x00007f1d4d6f6000)
	libnettle.so.8 => /usr/lib/x86_64-linux-gnu/libnettle.so.8 (0x00007f1d4d6ae000)
	libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007f1d4d62d000)
	libgcrypt.so.20 => /usr/lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f1d4d50d000)
	libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f1d4d433000)
	libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f1d4d401000)
	libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f1d4d3fb000)
	libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f1d4d3ec000)
	libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f1d4d3cf000)
	libbrotlicommon.so.1 => /usr/lib/x86_64-linux-gnu/libbrotlicommon.so.1 (0x00007f1d4d3ac000)
	libp11-kit.so.0 => /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007f1d4d276000)
	libtasn1.so.6 => /usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007f1d4d260000)
	libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f1d4d23a000)
	libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f1d4d233000)
	libffi.so.7 => /usr/lib/x86_64-linux-gnu/libffi.so.7 (0x00007f1d4d227000)

Last edited by nobodyuknow (2021-12-15 00:28:27)

Offline

#2 2021-12-15 01:23:10

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Hello:

nobodyuknow wrote:

Recently the fan started going on ...
... something it never did before ...

Have you checked with top or htop to see what may be running the CPU hot?

Also, if you suspect something foul, try running lynis, chkrootkit and rkhunter to see what/if they come up with.
I believe they are all in the repository.

Best,

A.

Offline

#3 2021-12-15 05:36:38

andyprough
Member
Registered: 2019-10-19
Posts: 327  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

>"Any thoughts?"

Last time that happened to me I took the back cover off and found the fan was half broken. Bought a $10 replacement fan and some $8 thermal paste, replaced the fan and applied new thermal paste, and it ran like brand new.

Also check top or htop to see what process is running a lot, like Altoid said. I doubt you have a crypto-miner unless you've been adding weird search bars to your browser, or torrenting a lot of movies off of pirate bay. But you could have an out of control process. ClamAV itself is known to cause high cpu usage sometimes.

Offline

#4 2021-12-15 16:04:18

xinomilo
Unknown
Registered: 2017-07-02
Posts: 315  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

could also be just too much dust on fan. have you ever cleaned it ?

for anything else suspicious, just check processes like others suggested.

Offline

#5 2021-12-15 18:03:34

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Thanks to all who replied. The references to malware tools and process researchers is just what I needed.

The laptop is only a few months old, but it's a possibility that the fan is toast. I hate to open the back because it's one of those new-fangled ones that require a plastic tool -- I used a plastic paint scraper before -- to be inserted to remove the back from the front. Oh, how I miss the old laptops with regular screws. But I'll do it to see if the fan is having problems.

Last edited by nobodyuknow (2021-12-15 18:06:32)

Offline

#6 2021-12-15 20:04:34

andyprough
Member
Registered: 2019-10-19
Posts: 327  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

nobodyuknow wrote:

Thanks to all who replied. The references to malware tools and process researchers is just what I needed.

The laptop is only a few months old, but it's a possibility that the fan is toast. I hate to open the back because it's one of those new-fangled ones that require a plastic tool -- I used a plastic paint scraper before -- to be inserted to remove the back from the front. Oh, how I miss the old laptops with regular screws. But I'll do it to see if the fan is having problems.

If it's a new laptop then it's highly unlikely that your fan is the problem. I'd focus on trying to find the runaway process first. You can use ps -A to get the exact name and process ID of the process you want to kill once you find the offending one with htop. And sudo pkill [process name] will kill it for you. Let us know if you need more help.

Offline

#7 2021-12-15 23:02:46

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 582  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

One thought, Bios update on new equipment.

And I think it's true what "andyprough" says about torrents...

I usually have to reboot after visiting torrent sites to stop my PC temps from running away when the fans turn off.

But not just downloading Torrents like Devuan iso's.

For your sake, I hope it's just a bios update. :-) all the best.

p.s.  I use Lynis, chkrootkit and rkhunter and clamav daily and they don't show anything in particular. Lynis helps with hardening tips, but I have found there is a limit to how "hard" and still being able to use my computer. Cheers!

Last edited by GlennW (2021-12-15 23:05:56)


pic from 1993, new guitar day.

Offline

#8 2021-12-15 23:07:35

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Thanks for the offer, andyprough. I've been looking at processor percentages listed by top and rarely do any of them exceed 3%, though about once each minute Cinnamon approaches 10%, something I find very curious.

On the temperature front, the NVMe SSD has reached 84 c as per Psensor, which is disappointing given that it's a Samsung Pro with a piece of aluminum Samsung laughingly calls a heatsink. I am beginning to think airflow is an issue, something I will investigate when I open the back. Maybe it's time to drill a few holes in the back. ;-)

Last edited by nobodyuknow (2021-12-15 23:44:18)

Offline

#9 2021-12-15 23:10:08

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

@GlennW

I updated the BIOS to the most recent one as soon as I acquired the laptop. I had to do it immediately because I was planning on replacing the low-capacity "value" SSD it arrived with (it had Windows installed and HP's BIOS update only works with Windows). And I have never used torrents, but it's good to know that rebooting after using them is recommended practice.

Last edited by nobodyuknow (2021-12-15 23:41:51)

Offline

#10 2021-12-15 23:40:07

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Well, that's curious. On a lark, I uninstalled Britty because I'm not blind, uninstalled Clamav and Clamtk because antivirus often uses lots of processor resources, and Gnome Software which I didn't remember installing (but I'm sure I did). The fan is now quiet. It appears that Clam was the problem all along, which is highly ironic.

UPDATE: I spoke way too soon. When I wrote the above, no browser was running. Now that I started using browsers again, the fan is once again running. Time to take the back cover off.

Last edited by nobodyuknow (2021-12-16 01:07:10)

Offline

#11 2021-12-16 01:07:35

andyprough
Member
Registered: 2019-10-19
Posts: 327  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

nobodyuknow wrote:

Well, that's curious. On a lark, I uninstalled Britty because I'm not blind, uninstalled Clamav and Clamtk because antivirus often uses lots of processor resources, and Gnome Software which I didn't remember installing (but I'm sure I did). The fan is now quiet. It appears that Clam was the problem all along, which is highly ironic.

That's been my experience with clam. Not sure if it's even useful on a desktop installation - isn't it just checking windows virus definitions? It seems like it's mainly for things like email servers.

Offline

#12 2021-12-16 01:20:56

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 582  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

nobodyuknow wrote:

@GlennW

I updated the BIOS to the most recent one as soon as I acquired the laptop. I had to do it immediately because I was planning on replacing the low-capacity "value" SSD it arrived with (it had Windows installed and HP's BIOS update only works with Windows). And I have never used torrents, but it's good to know that rebooting after using them is recommended practice.

Correction...
I said the wrong thing about my fans, it's not that they switch off, it's that they switch to full ON, and the noise alerts me, then I feel the excessive heat with my hand. I have 2 fans on the Noctua cpu heatsink, and a psw internal fan, and 4 case fans, when they all switch to full speed it's very obvious/noticable.
Regards, Glenn

Forgot to mention the gpu fan, which hardly ever comes on.

Last edited by GlennW (2021-12-16 01:24:04)


pic from 1993, new guitar day.

Offline

#13 2021-12-17 21:15:45

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

I realized that opening the CD-DVD drive would open a large window on the side of the laptop and maybe allow greater airflow. I have it opened now and the temperature on the NVMe SSD never climbs above 33 c. So the high temeratures are a result of poor engineering on the part of HP. I'm still pondering drilling a few holes in the case, but I'll think about that to make sure I don't do anything stupid.

Thanks to everyone for their assistance.

Offline

#14 2021-12-18 09:45:10

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Try taking a vacuum cleaner attachment to the vents to try and clear out any dust.

nobodyuknow wrote:

a relatively new laptop

nobodyuknow wrote:

the CD-DVD drive

Those two statements appear to be contradictory big_smile

nobodyuknow wrote:

I'm still pondering drilling a few holes in the case

Mentalist tongue

andyprough wrote:

That's been my experience with clam. Not sure if it's even useful on a desktop installation - isn't it just checking windows virus definitions? It seems like it's mainly for things like email servers.

^ This.

There is plenty of malware floating about that will infect a Linux system directly but ClamAV won't catch any of it.


Brianna Ghey — Rest In Power

Offline

#15 2021-12-18 18:25:53

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

@Head_on_a_Stick

Yeah, this is a funny laptop. I bought it from Newegg, which advertised it as refurbished, whatever that means. I really think it is gray-market from Asia. It has a truly matte screen, which for me is a hard requirement, as well as an NVMe SSD and AMD Ryzen 5 processor. The vents are pretty much a joke, really tiny holes that could not possible transfer much air. I'm going to drill-out the outer ring of vent holes to improve the airflow. When I do that, I'll make sure the fan is not obstructed.

Last edited by nobodyuknow (2021-12-18 22:24:52)

Offline

#16 2021-12-18 19:36:38

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

nobodyuknow wrote:

advertised it as refurbished, whatever that means

It's a meaningless marketing term with no legal basis. s/refurbished/cleaned/g.


Brianna Ghey — Rest In Power

Offline

#17 2021-12-18 22:18:44

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 582  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Hi, if you are prepared to take it apart, be sure to check the heatsink compound (for any of the heatsinks) and re-apply. It maybe the one thing they did not do when refurbing.


pic from 1993, new guitar day.

Offline

#18 2021-12-18 22:24:08

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

@GlennW

Absolutely. The processor temps are much higher than they should be. Looking at the HP manual, the same heatsink bar is used for both processor and GPU, so it's a two-fer.

Offline

#19 2021-12-21 17:18:40

nobodyuknow
Member
Registered: 2017-09-10
Posts: 173  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Here is the final report.

I installed Crucial Ballistix memory (it has a thin aluminum strip covering the chips to serve as a heatsink). Maybe it'll keep those temps lower. It is a matched set of 8 GB each, so performance can only improve.

I drilled a few holes in the bottom case under the NVMe SSD. It can only improve the airflow, especially considering that it's located at the far corner of the laptop with no otherwise ventilation.

But the biggest bang for the buck was with the processor. My old HP laptop has a copper heatsink and bar, but this new one has a thin aluminum one. Damn those beancounters! When I removed the heatsink, I found a glob of thermal paste. It wasn't hard or crusty, just applied far too thick. When I applied a thin coating of Noctua thermal paste, the temps dropped around 25 degrees!

It was a hardware problem all along.

Offline

#20 2021-12-21 18:01:42

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Hello:

nobodyuknow wrote:

... the final report.
--- snip ---
... a hardware problem all along.

Hmmm ....

Head_on_a_Stick wrote:

... meaningless marketing term with no legal basis. s/refurbished/cleaned/g.

nobodyuknow wrote:

It was a hardware problem all along due to ridiculously poor/negligent workmanship.   <--- reads accurately now

Been there and done that.
Quite a few times actually.

Assuming that because it was a [Sun/HP/IBM/Dell/Sony/whatever] unit, it could not be what I suspected from the start.
25+ years later, I know better.

Glad you got it worked out.  8^D

Best,

A.

Offline

#21 2021-12-21 20:03:03

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 582  

Re: [SOLVED] laptop fan running too much: cyber currency miner? Clam inop?

Fantastic! Always great to see a solution. All the best!


pic from 1993, new guitar day.

Offline

Board footer