What is this process?
I just ran a 'ps aux' (after a long time of ignoring it) and I noticed that among the processes there is one called "-:0" (except for the quotes). It actually looks like this:
Code:
root 3630 0.0 0.0 1576 456 tty6 Ss+ 20:56 0:00 /sbin/getty 38400 tty6 chkrootkit returns clean output, so does rkhunter except for: Code:
Scanning for hidden files... [ Warning! ] |
Re: What is this process?
I just ran a 'ps aux' (after a long time of ignoring it) and I noticed that among the processes there is one called "-:0" (except for the quotes) ... Is it normal?
I believe that's just the Xserver. If you were to start another instance, it would appear as :1. Anytime you need to verify of a process like that, you can look up information on the process in /proc/<PID>. In this case, just take a look at /proc/3743/cmdline chkrootkit returns clean output, so does rkhunter except for: Code:
Scanning for hidden files... [ Warning! ] Chkrootkit flags any hidden files or dirs that it finds outside of the home directory portions of the filesystem. So this causes alot of false positives. Those appear to be normal, but it's usually a good idea to look at the contents just to be sure. |
Well, 'cat /proc/3662/cmdline' (it has another PID each boot, it probably doesn't matter anyhow) returns
Code:
-:0 Also, the Xserver isn't represented by Code:
root 3623 3.7 3.6 20216 18732 ? S 12:57 0:42 /usr/X11R6/bin/X -nolisten tcp -auth /var/run/xauth Not to mention that my XP install seems to have problems as well: no matter what URL I'd type in the address bar (FF or IE, rgeardless), it only displays a page that says "MONSTER", and the page's title is "Babilon computers". Anyway, I have to google for this, I didn't have time so far to do it. |
An update: a 'pstree -p' tells me that the process is actually called kdm and it belongs to XFree86. It looks like this:
Code:
├─kdm(3620)─┬─XFree86(3623) Code:
root 3662 0.0 0.2 3216 1332 ? S 12:57 0:00 -:0 And does anybody have any ideas on the other, XP problem? Google didn't reveal anything so far. |
As for the XP problem, are you by any chance going through a proxy or something.
|
Sounds completely normal. I remember thinking it was strange the first time I saw it as well. As for the XP system, could be a trojan but a malicious proxy sounds very possible too. I'd do an antivirus scan and run a spyware remover like adaware
|
Indeed, the Win problem turned out to be a spyware (I'm not sure if it's WebHancer, New.Net or CommonName, one of them though). It affects the Windows' LSP, rendering impossible any kind of Web Connection.
Right now I'm downloading some trouble-fixer (LSPFix if anyone heard of it) and if it won't work...I have to do it manually...uninstall & reinstall Windows' Communication support and some other stuff. I mentioned this just in case someone else has the same problem. Anyway, thanks Capt_Caveman for the tips and for making my fears go away. Also thanks to pAn1k for the spared time. |
All times are GMT -5. The time now is 06:34 AM. |