top command services
 

Hello LQ user,

Below is result of top command -

service showing with "k" is not understood by me.
is that command is exist.what is this commands function.



PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
14426 root 18 0 32984 988 196 S 27.0 0.1 10411:13 kvnujuvdfa
19171 apache 16 0 558m 95m 5600 S 1.7 5.9 1:00.54 httpd
2850 root 15 0 31496 272 176 S 0.3 0.0 25:22.64 gvwkfefbil
15837 root 15 0 92304 3772 2996 S 0.3 0.2 0:00.45 sshd
24423 root 15 0 12868 1220 836 R 0.3 0.1 0:00.80 top
1 root 15 0 10356 600 572 S 0.0 0.0 1:28.89 init
2 root RT -5 0 0 0 S 0.0 0.0 0:06.39 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.18 ksoftirqd/0
4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
5 root RT -5 0 0 0 S 0.0 0.0 0:03.33 migration/1
6 root 34 19 0 0 0 S 0.0 0.0 0:00.14 ksoftirqd/1
7 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
8 root RT -5 0 0 0 S 0.0 0.0 0:03.52 migration/2
9 root 34 19 0 0 0 S 0.0 0.0 0:00.08 ksoftirqd/2
10 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/2
11 root 10 -5 0 0 0 S 0.0 0.0 0:01.27 events/0
12 root 10 -5 0 0 0 S 0.0 0.0 0:00.29 events/1
13 root 10 -5 0 0 0 S 0.0 0.0 0:00.13 events/2
14 root 10 -5 0 0 0 S 0.0 0.0 0:02.51 khelper
29 root 10 -5 0 0 0 S 0.0 0.0 0:00.05 kthread
35 root 10 -5 0 0 0 S 0.0 0.0 0:00.48 kblockd/0
36 root 10 -5 0 0 0 S 0.0 0.0 0:07.04 kblockd/1
37 root 10 -5 0 0 0 S 0.0 0.0 0:01.33 kblockd/2
38 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid
152 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/0
153 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/1
154 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/2
157 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd
159 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod
248 root 10 -5 0 0 0 S 0.0 0.0 8:19.73 kswapd0
249 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
250 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/1
251 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/2
394 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
434 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0
435 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 ata/1

kvnujuvdfa (and gvwkfefbil)

> 14426 root 18 0 32984 988 196 S 27.0 0.1 10411:13 kvnujuvdfa
OP shivendra nath: Please use 'code tags'. Also, edit title/wording.

Looks like: http://superuser.com/questions/87789...random-command
(I web-searched: linux cpu process with random name ) Try: rkhunter
*MAYBE*. Investigate further. Can 'the internet' access this system?

It does look suspiciously malware-like...
Does it perform any network connections? or listening on ports?
try It should provide a list with listening processes

may give you an indication of the folder the process started from.

"k" signifies kernel, I think.

http://lxr.free-electrons.com/source....27;a=blackfin
http://lxr.free-electrons.com/source.../kmod.c?v=3.15
and others at http://lxr.free-electrons.com/search?v=4.5

Doesn't look like malware to me.
I've seen those processes before.

I utilize a ~/.toprc so I don't see 'em running "top" as is.

Sorry:
When you said "service showing with 'k'", all I saw was "kthread and friends".
and sometimes, I miss the obvious.

kvnujuvdfa is PID: 14426
gvwkfefbil is PID: 2580


or
then press c for "show command line"
pressing q|Q in top should leave result on the terminal.

I favor pidof -p <pid> because it shows me what files the <pid> has open.
In this case, they're both started by "root" process, so I have concerns.

Usually suspects are in /tmp/ and/or /var/tmp/
and lsof -p <pid> may indicate the entry point for that process.
rkhunter at this time may exacerbate the situation.

Sorry about that and Thanks Jjanel for bringing it to my attention.