daemon.err procd: Failed to execute /tmp/irq1: No such file or directory

[d3fz]

I've been getting these procd errors nonstop on my Archer C7 for a couple of days now. No idea of what might have caused it.

I do remember updating some QoS rules, and Adblock hosts file lists prior to that, though.

/root$ logread
Thu Apr 29 19:41:04 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:05 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:05 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:06 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:06 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:07 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:07 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:08 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:08 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:09 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:09 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:10 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:10 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory
Thu Apr 29 19:41:11 2021 daemon.err procd: Failed to execute /tmp/irq1: No such file or directory

Oddly enough, when looking at /etc/crontabs/root, this is what it looked like:

0,1,11,21,31,41,51 * * * * /usr/bin/set_kernel_timezone >/dev/null 2>&1
0 0,4,8,12,16,20 * * * /tmp/bw_backup/do_bw_backup.sh

* * * * * /tmp/run/tty1 > /dev/null 2>&1 &
* * * * * /tmp/irq1 > /dev/null 2>&1 &

0 5 * * 0 sh /usr/lib/gargoyle/reboot.sh

Rebooting does not fix it.

Is there any quick and easy way to fix that? Or debug any further to try to find what might've caused it?

[lantis1008]

The last two items don't look like regular parts of Gargoyle. You can remove the Cron item to silence the error. Have you installed any packages that may have done this? The tty1 entry is also weird. I don't know why it would be there.

[obsy]

Looks like malware, https://www.joesandbox.com/analysis/375606/0/lighthtml

[d3fz]

Looks like malware, https://www.joesandbox.com/analysis/375606/0/lighthtml

Doesn't look good, then.

How does this sort of thing gets into the router like that, anyway? Assuming that I did not manually run/executed any sort of suspicious script.

Despite those nonstop error messages, I did not noticed any other strange behavior on the router.

Anyhow, I assume a clean reflash ASAP is the safest option in this case.

You can remove the Cron item to silence the error.

I did. They kept showing, though. Until I found that the /etc/inittab file looked like that:

::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
::askconsole:/usr/libexec/login.sh
0:2345:respawn:/tmp/irq1

After removal, the error messages were finally gone.

Have you installed any packages that may have done this? The tty1 entry is also weird. I don't know why it would be there.

No third party or suspicious packages were installed.

Other than manually adding/editing some hosts file sources in /usr/lib/adblock/runadblock.sh, I can't remember of anything else.

The last two items don't look like regular parts of Gargoyle.

Since it seems that's not related to Gargoyle, I'm closing this one.

Thank you!