On 13/04/2008, Tzafrir Cohen <[EMAIL PROTECTED]> wrote:
>
> On Sun, Apr 13, 2008 at 12:35:28AM +0100, Robin wrote:
> > Discovered multiple short term, 5-10 secs, hidden processes appearing on
> my
> > system - Linux localhost 2.6.24-1-amd64 #1 SMP Thu Mar 27 16:52:38 UTC
> 2008
> > x86_64 GNU/Linux. Checked logs. Checked PC with top, htop, ps and then
> > system rkhunter and chkrootkit . Also tried rkhunter and chkrootkit from
> a
> > livecd. In all checks no problems found. Intermittently these processes
> > stop.
>
>
> If they are hidden, how do you see them?
>
> What exactly is the command you run? What is the output?
>
> --
> Tzafrir Cohen | [EMAIL PROTECTED] | VIM is
> http://tzafrir.org.il | | a Mutt's
> [EMAIL PROTECTED] | | best
> ICQ# 16849754 | | friend
>
>
>
>
Noticed that cpu running at 15% with no user applications running. Checked
top which reported nothing running at that level. Ran:
unhide proc :- Which gives intermittent hidden processes
unhide sys :- [*]Searching for Hidden processes through getsid() scanning
Found HIDDEN PID: 16356
[*]Searching for Hidden processes through
sched_getscheduler() scanning
Found HIDDEN PID: 17408
unhide brute :-[*]Starting scanning using brute force against PIDS
Found HIDDEN PID: 2216
Found HIDDEN PID: 2503
Thanks
--
rob
http://www.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=82BS4ZCMFR1
