Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Strange system activity no matter what I try
Top Forums UNIX for Dummies Questions & Answers Strange system activity no matter what I try Post 302588139 by justgoogleit on Saturday 7th of January 2012 12:54:20 AM
Old 01-07-2012
Network Strange system activity no matter what I try
When I choose to encrypt my drive during a Linux install, it encryps it, but I receive errors in dmesg and in ~/.xsessions-errors during use. The first error is in dmesg where it sometimes shows errors writing to the encypted device. The second error is in ~/.xsessions-errors with an error about writing to a cleartext device With the above errors noted, I've also discovered some strange events:

1. gvfsd-burn running with several instances while I'm not using any burning application

2. The .gvfs directory showing up in ls -l result with question marks, googled and told to enter fusermount -u .gvfs and log out and log back in but this event occurs again I don't know what it's doing this for.

3. When backing up a large amount of files to an external drive, I receive a nautilus popup saying a file has changed, would I like to replace it, when I haven't changed any of the files. Who is doing the changing?

4. Hard disk drive light flashes on and off with a second or two in between the flickers, running top and lsof, and checking logs, I can't find anything causing this activity?

5. Running unhide, which installs with rkhunter, shows several ports open when I'm not using them, I've firewalled most outgoing ports, nothing is listed as using any of these hidden ports.

6. Chkrootkit shows tty7 gnome desktop as being hidden from wtmp.

7. Console-kit-daemon runs several times, cannot pin down why this is.

8. Rkhunter and chkrootkit scans come out as clean, no rootkits or problems found, other than #6 from chkrootkit. What is recommended? It sounds like a rootkit's installed, and when I check binaries with chkrootkit -x command some of the strings sound weird, some binaries contain "mmap, mmove, fork, shell, shell always, fake, anonymous" and more I've wiped the drive and installed several times, these problems continue regardless of my efforts.

When I examined my wiped HDD from an "ultimate boot cd" disk utility, I saw a garbled message followed by "virus detected!" "booting hd1" I wasn't sure if a bad burn of the ubcd was placing it there, or if my BIOS is infected and is the source of the constant re-infection. I scanned my hdd with an antivirus and it discovered memtest+ in a kernel directory was infected, but it didn't elaborate. Even when I install disk without encryption, the hdd light flashes constantly, like someone is doing something, but no extra programs are running except a gnome desktop,

I've even tried smaller window managers but the disk keeps accessing. I'm guessing whatever is running has poisoned certain binaries like ls, ps, who, last, and so on. What is recommended in this condition? Any tips on what could be happening?
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

mksysb and system activity

Hello, With AIX 5.3 is it possible to run a mksysb with users logged into the system? The users are accessing a database app that runs on a separate physical disk than the system files. Does this even matter? Thanks (1 Reply)
Discussion started by: samsa1mi
1 Replies

2. AIX

System activity

Hi, I want to find program's file read,write for a particular time.For example i am executing an application called test1, this will get input from some parameter files(file1,file2,file3) and it will write to some files(file4,file5), so i want to execute one program which will capture these... (3 Replies)
Discussion started by: gnanadurai_it
3 Replies

3. Shell Programming and Scripting

How to monitor system activity while executing tests

I need to monitor system activity (RAM, CPU usage, execution time) while running some tests on solaris, linux and aix and save the output. Please advise whether there's a utility available for these systems? How can time the execution of the command? Thanks! (2 Replies)
Discussion started by: smovla
2 Replies

4. Cybersecurity

FTP logfile shows strange activity at login

Has anyone seen or know what is causing this FTP log file line-item? 3 times when I successfully logged into FTP today, the log file shows a server response of a wrong password (530) to an IP address that is not mine... Below are FTP Log-file entries. I have removed my username & IP address: ... (2 Replies)
Discussion started by: bricolage
2 Replies

5. Red Hat

system activity and information data

Hi all, i need to collect all system activities data(processes running, disk details, memory, etc), system logs and things related. i heard of cfg2html but its not available for my CentOS distro(i may need to install separately but thats not what i wana do). i can use sar for syatem... (1 Reply)
Discussion started by: ajayyadavmca
1 Replies

6. Infrastructure Monitoring

System Activity Report

Hi team , I am working on monitoring the solaris machine utilization continously with shell script without using any thirdparty software. I stuck at below commands which are limited to 1000000000 seconds. CPU Utilization sar -u 1 1000000000 Disk Utilization sar -d 1 1000000000 Memory... (4 Replies)
Discussion started by: tarun_nix
4 Replies

LEARN ABOUT CENTOS

dmesg

DMESG(1)							   User Commands							  DMESG(1)

NAME

       dmesg - print or control the kernel ring buffer

SYNOPSIS

       dmesg [options]

       dmesg --clear
       dmesg --read-clear [options]
       dmesg --console-level level
       dmesg --console-on
       dmesg --console-off

DESCRIPTION

       dmesg is used to examine or control the kernel ring buffer.

       The default action is to read all messages from kernel ring buffer.

OPTIONS

       The --clear, --read-clear, --console-on, --console-off and --console-level options are mutually exclusive.

       -C, --clear
	      Clear the ring buffer.

       -c, --read-clear
	      Clear the ring buffer contents after printing.

       -D, --console-off
	      Disable printing messages to the console.

       -d, --show-delta
	      Display  the  timestamp  and time delta spent between messages.  If used together with --notime then only the time delta without the
	      timestamp is printed.

       -e, --reltime
	      Display the local time and delta in human readable format.

       -E, --console-on
	      Enable printing messages to the console.

       -F, --file file
	      Read log from file.

       -f, --facility list
	      Restrict output to defined (comma separated) list of facilities.	For example

		     dmesg --facility=daemon

	      will print messages from system daemons only.  For all supported facilities see dmesg --help output.

       -H, --human
	      Enable human readable output.  See also --color, --reltime and --nopager.

       -h, --help
	      Print a help text and exit.

       -k, --kernel
	      Print kernel messages.

       -L, --color
	      Colorize important messages.

       -l, --level list
	      Restrict output to defined (comma separated) list of levels.  For example

		     dmesg --level=err,warn

	      will print error and warning messages only.  For all supported levels see dmesg --help output.

       -n, --console-level level
	      Set the level at which logging of messages is done to the console.  The level is a level number or abbreviation of the  level  name.
	      For all supported levels see dmesg --help output.

	      For  example,  -n 1 or -n alert prevents all messages, except emergency (panic) messages, from appearing on the console.	All levels
	      of messages are still written to /proc/kmsg, so syslogd(8) can still be used to control exactly where kernel messages appear.   When
	      the -n option is used, dmesg will not print or clear the kernel ring buffer.

       -P, --nopager
	      Do not pipe output into a pager, the pager is enabled for --human output.

       -r, --raw
	      Print the raw message buffer, i.e., do not strip the log level prefixes.

	      Note  that  the  real raw format depends on method how dmesg(1) reads kernel messages. The /dev/kmsg uses different format than sys-
	      log(2).  For backward compatibility dmesg(1) returns data always in syslog(2) format. The real raw data from /dev/kmsg  is  possible
	      to read for example by command 'dd if=/dev/kmsg iflag=nonblock'.

       -S, --syslog
	      Force  to use syslog(2) kernel interface to read kernel messages. The default is to use /dev/kmsg rather than syslog(2) since kernel
	      3.5.0.

       -s, --buffer-size size
	      Use a buffer of size to query the kernel ring buffer.  This is 16392 by default.	(The default kernel syslog buffer size was 4096 at
	      first,  8192  since  1.3.54, 16384 since 2.1.113.)  If you have set the kernel buffer to be larger than the default then this option
	      can be used to view the entire buffer.

       -T, --ctime
	      Print human readable timestamps.	The timestamp could be inaccurate!

	      The time source used for the logs is not updated after system SUSPEND/RESUME.

       -t, --notime
	      Do not print kernel's timestamps.

       -u, --userspace
	      Print userspace messages.

       -V, --version
	      Output version information and exit.

       -w, --follow
	      Wait for new messages. This feature is supported on systems with readable /dev/kmsg only (since kernel 3.5.0).

       -x, --decode
	      Decode facility and level (priority) number to human readable prefixes.

SEE ALSO

       syslogd(8)

AUTHORS

       Karel Zak <kzak@redhat.com>
       Theodore Ts'o <tytso@athena.mit.edu>

AVAILABILITY

       The dmesg command is part of the util-linux package and is available from Linux Kernel Archive  <ftp://ftp.kernel.org/pub/linux/utils/util-
       linux/>.

util-linux							     July 2012								  DMESG(1)
All times are GMT -4. The time now is 08:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy