LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-01-2017, 04:16 AM   #1
shivendra nath
LQ Newbie
 
Registered: May 2010
Posts: 5

Rep: Reputation: 0
top command services


Hello LQ user,

Below is result of top command -

service showing with "k" is not understood by me.
is that command is exist.what is this commands function.



PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
14426 root 18 0 32984 988 196 S 27.0 0.1 10411:13 kvnujuvdfa
19171 apache 16 0 558m 95m 5600 S 1.7 5.9 1:00.54 httpd
2850 root 15 0 31496 272 176 S 0.3 0.0 25:22.64 gvwkfefbil
15837 root 15 0 92304 3772 2996 S 0.3 0.2 0:00.45 sshd
24423 root 15 0 12868 1220 836 R 0.3 0.1 0:00.80 top
1 root 15 0 10356 600 572 S 0.0 0.0 1:28.89 init
2 root RT -5 0 0 0 S 0.0 0.0 0:06.39 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.18 ksoftirqd/0
4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
5 root RT -5 0 0 0 S 0.0 0.0 0:03.33 migration/1
6 root 34 19 0 0 0 S 0.0 0.0 0:00.14 ksoftirqd/1
7 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
8 root RT -5 0 0 0 S 0.0 0.0 0:03.52 migration/2
9 root 34 19 0 0 0 S 0.0 0.0 0:00.08 ksoftirqd/2
10 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/2
11 root 10 -5 0 0 0 S 0.0 0.0 0:01.27 events/0
12 root 10 -5 0 0 0 S 0.0 0.0 0:00.29 events/1
13 root 10 -5 0 0 0 S 0.0 0.0 0:00.13 events/2
14 root 10 -5 0 0 0 S 0.0 0.0 0:02.51 khelper
29 root 10 -5 0 0 0 S 0.0 0.0 0:00.05 kthread
35 root 10 -5 0 0 0 S 0.0 0.0 0:00.48 kblockd/0
36 root 10 -5 0 0 0 S 0.0 0.0 0:07.04 kblockd/1
37 root 10 -5 0 0 0 S 0.0 0.0 0:01.33 kblockd/2
38 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid
152 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/0
153 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/1
154 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/2
157 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd
159 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod
248 root 10 -5 0 0 0 S 0.0 0.0 8:19.73 kswapd0
249 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
250 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/1
251 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/2
394 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
434 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0
435 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 ata/1
 
Old 02-01-2017, 04:39 AM   #2
Jjanel
Member
 
Registered: Jun 2016
Distribution: any&all, in VBox; Ol'UnixCLI; NO GUI resources
Posts: 999
Blog Entries: 12

Rep: Reputation: 363Reputation: 363Reputation: 363Reputation: 363
kvnujuvdfa (and gvwkfefbil)

> 14426 root 18 0 32984 988 196 S 27.0 0.1 10411:13 kvnujuvdfa
Code:
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
14426 root      18   0 32984  988  196 S 27.0  0.1  10411:13 kvnujuvdfa
19171 apache    16   0  558m  95m 5600 S  1.7  5.9   1:00.54 httpd
 2850 root      15   0 31496  272  176 S  0.3  0.0  25:22.64 gvwkfefbil
OP shivendra nath: Please use 'code tags'. Also, edit title/wording.

Looks like: http://superuser.com/questions/87789...random-command
(I web-searched: linux cpu process with random name ) Try: rkhunter
*MAYBE*. Investigate further. Can 'the internet' access this system?

Last edited by Jjanel; 02-02-2017 at 06:13 PM.
 
Old 02-01-2017, 04:43 AM   #3
koloth
Member
 
Registered: Jun 2004
Location: Athens, Greece
Distribution: Slack@Home - RHEL@Work
Posts: 150

Rep: Reputation: 29
It does look suspiciously malware-like...
Does it perform any network connections? or listening on ports?
try
Quote:
netstat -tpln
It should provide a list with listening processes
 
Old 02-01-2017, 06:06 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,461

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
Code:
ps -aux
may give you an indication of the folder the process started from.
 
Old 02-01-2017, 06:41 AM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
"k" signifies kernel, I think.

http://lxr.free-electrons.com/source....27;a=blackfin
http://lxr.free-electrons.com/source.../kmod.c?v=3.15
and others at http://lxr.free-electrons.com/search?v=4.5

Doesn't look like malware to me.
I've seen those processes before.

I utilize a ~/.toprc so I don't see 'em running "top" as is.

Code:
RCfile for "top with windows"		# shameless braggin'
Id:a, Mode_altscr=0, Mode_irixps=1, Delay_time=3.000, Curwin=0
Def	fieldscur=AEHIOQTWKNMbcdfgjplrsuvyzX
	winflags=30137, sortindx=13, maxtasks=20
	summclr=1, msgsclr=1, headclr=3, taskclr=1
Job	fieldscur=ABcefgjlrstuvyzMKNHIWOPQDX
	winflags=62777, sortindx=0, maxtasks=0
	summclr=6, msgsclr=6, headclr=7, taskclr=6
Mem	fieldscur=ANOPQRSTUVbcdefgjlmyzWHIKX
	winflags=62777, sortindx=13, maxtasks=0
	summclr=5, msgsclr=5, headclr=4, taskclr=5
Usr	fieldscur=ABDECGfhijlopqrstuvyzMKNWX
	winflags=62777, sortindx=4, maxtasks=0
	summclr=3, msgsclr=3, headclr=2, taskclr=3

Last edited by Habitual; 02-01-2017 at 06:44 AM.
 
Old 02-03-2017, 12:07 PM   #6
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Sorry:
When you said "service showing with 'k'", all I saw was "kthread and friends".
and sometimes, I miss the obvious.

kvnujuvdfa is PID: 14426
gvwkfefbil is PID: 2580


Code:
lsof -p <pid>
or
Code:
top -p <pid>
then press c for "show command line"
pressing q|Q in top should leave result on the terminal.

I favor pidof -p <pid> because it shows me what files the <pid> has open.
In this case, they're both started by "root" process, so I have concerns.

Usually suspects are in /tmp/ and/or /var/tmp/
and lsof -p <pid> may indicate the entry point for that process.
rkhunter at this time may exacerbate the situation.

Sorry about that and Thanks Jjanel for bringing it to my attention.

Last edited by Habitual; 02-03-2017 at 12:09 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Rise of Open Cloud Architecture and Over-the-Top (OTT) Network Services LXer Syndicated Linux News 0 05-27-2016 09:47 PM
How to pass parameters to Top command using command line. pinga123 Linux - Newbie 1 06-09-2015 12:43 AM
LXer: Can You Top This? 15 Practical Linux Top Command Examples LXer Syndicated Linux News 0 01-09-2010 09:42 PM
Finding the top CPU-using processes? "top" command does not help... catalytical Linux - Server 1 04-06-2009 04:50 PM
Command to see all services? ginda Linux - Newbie 2 02-05-2005 06:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration