Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Strange system activity no matter what I try
Top Forums UNIX for Dummies Questions & Answers Strange system activity no matter what I try Post 302588139 by justgoogleit on Saturday 7th of January 2012 12:54:20 AM
Old 01-07-2012
Network Strange system activity no matter what I try
When I choose to encrypt my drive during a Linux install, it encryps it, but I receive errors in dmesg and in ~/.xsessions-errors during use. The first error is in dmesg where it sometimes shows errors writing to the encypted device. The second error is in ~/.xsessions-errors with an error about writing to a cleartext device With the above errors noted, I've also discovered some strange events:

1. gvfsd-burn running with several instances while I'm not using any burning application

2. The .gvfs directory showing up in ls -l result with question marks, googled and told to enter fusermount -u .gvfs and log out and log back in but this event occurs again I don't know what it's doing this for.

3. When backing up a large amount of files to an external drive, I receive a nautilus popup saying a file has changed, would I like to replace it, when I haven't changed any of the files. Who is doing the changing?

4. Hard disk drive light flashes on and off with a second or two in between the flickers, running top and lsof, and checking logs, I can't find anything causing this activity?

5. Running unhide, which installs with rkhunter, shows several ports open when I'm not using them, I've firewalled most outgoing ports, nothing is listed as using any of these hidden ports.

6. Chkrootkit shows tty7 gnome desktop as being hidden from wtmp.

7. Console-kit-daemon runs several times, cannot pin down why this is.

8. Rkhunter and chkrootkit scans come out as clean, no rootkits or problems found, other than #6 from chkrootkit. What is recommended? It sounds like a rootkit's installed, and when I check binaries with chkrootkit -x command some of the strings sound weird, some binaries contain "mmap, mmove, fork, shell, shell always, fake, anonymous" and more I've wiped the drive and installed several times, these problems continue regardless of my efforts.

When I examined my wiped HDD from an "ultimate boot cd" disk utility, I saw a garbled message followed by "virus detected!" "booting hd1" I wasn't sure if a bad burn of the ubcd was placing it there, or if my BIOS is infected and is the source of the constant re-infection. I scanned my hdd with an antivirus and it discovered memtest+ in a kernel directory was infected, but it didn't elaborate. Even when I install disk without encryption, the hdd light flashes constantly, like someone is doing something, but no extra programs are running except a gnome desktop,

I've even tried smaller window managers but the disk keeps accessing. I'm guessing whatever is running has poisoned certain binaries like ls, ps, who, last, and so on. What is recommended in this condition? Any tips on what could be happening?
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

mksysb and system activity

Hello, With AIX 5.3 is it possible to run a mksysb with users logged into the system? The users are accessing a database app that runs on a separate physical disk than the system files. Does this even matter? Thanks (1 Reply)
Discussion started by: samsa1mi
1 Replies

2. AIX

System activity

Hi, I want to find program's file read,write for a particular time.For example i am executing an application called test1, this will get input from some parameter files(file1,file2,file3) and it will write to some files(file4,file5), so i want to execute one program which will capture these... (3 Replies)
Discussion started by: gnanadurai_it
3 Replies

3. Shell Programming and Scripting

How to monitor system activity while executing tests

I need to monitor system activity (RAM, CPU usage, execution time) while running some tests on solaris, linux and aix and save the output. Please advise whether there's a utility available for these systems? How can time the execution of the command? Thanks! (2 Replies)
Discussion started by: smovla
2 Replies

4. Cybersecurity

FTP logfile shows strange activity at login

Has anyone seen or know what is causing this FTP log file line-item? 3 times when I successfully logged into FTP today, the log file shows a server response of a wrong password (530) to an IP address that is not mine... Below are FTP Log-file entries. I have removed my username & IP address: ... (2 Replies)
Discussion started by: bricolage
2 Replies

5. Red Hat

system activity and information data

Hi all, i need to collect all system activities data(processes running, disk details, memory, etc), system logs and things related. i heard of cfg2html but its not available for my CentOS distro(i may need to install separately but thats not what i wana do). i can use sar for syatem... (1 Reply)
Discussion started by: ajayyadavmca
1 Replies

6. Infrastructure Monitoring

System Activity Report

Hi team , I am working on monitoring the solaris machine utilization continously with shell script without using any thirdparty software. I stuck at below commands which are limited to 1000000000 seconds. CPU Utilization sar -u 1 1000000000 Disk Utilization sar -d 1 1000000000 Memory... (4 Replies)
Discussion started by: tarun_nix
4 Replies

LEARN ABOUT MINIX

dmesg

DMESG(1)							   User Commands							  DMESG(1)

NAME

       dmesg - print or control the kernel ring buffer

SYNOPSIS

       dmesg [options]

       dmesg --clear
       dmesg --read-clear [options]
       dmesg --console-level level
       dmesg --console-on
       dmesg --console-off

DESCRIPTION

       dmesg is used to examine or control the kernel ring buffer.

       The default action is to display all messages from the kernel ring buffer.

OPTIONS

       The --clear, --read-clear, --console-on, --console-off, and --console-level options are mutually exclusive.

       -C, --clear
	      Clear the ring buffer.

       -c, --read-clear
	      Clear the ring buffer after first printing its contents.

       -D, --console-off
	      Disable the printing of messages to the console.

       -d, --show-delta
	      Display  the  timestamp  and the time delta spent between messages.  If used together with --notime then only the time delta without
	      the timestamp is printed.

       -E, --console-on
	      Enable printing messages to the console.

       -e, --reltime
	      Display the local time and the delta in human-readable format.  Be aware that conversion to the local time could be inaccurate  (see
	      -T for more details).

       -F, --file file
	      Read  the syslog messages from the given file.  Note that -F does not support messages in kmsg format. The old syslog format is sup-
	      ported only.

       -f, --facility list
	      Restrict output to the given (comma-separated) list of facilities.  For example:

		     dmesg --facility=daemon

	      will print messages from system daemons only.  For all supported facilities see the --help output.

       -H, --human
	      Enable human-readable output.  See also --color, --reltime and --nopager.

       -k, --kernel
	      Print kernel messages.

       -L, --color[=when]
	      Colorize the output.  The optional argument when can be auto, never or always.  If the when argument  is	omitted,  it  defaults	to
	      auto.  The colors can be disabled; for the current built-in default see the --help output.  See also the COLORS section below.

       -l, --level list
	      Restrict output to the given (comma-separated) list of levels.  For example:

		     dmesg --level=err,warn

	      will print error and warning messages only.  For all supported levels see the --help output.

       -n, --console-level level
	      Set  the level at which printing of messages is done to the console.  The level is a level number or abbreviation of the level name.
	      For all supported levels see the --help output.

	      For example, -n 1 or -n alert prevents all messages, except emergency (panic) messages, from appearing on the console.   All  levels
	      of  messages are still written to /proc/kmsg, so syslogd(8) can still be used to control exactly where kernel messages appear.  When
	      the -n option is used, dmesg will not print or clear the kernel ring buffer.

       -P, --nopager
	      Do not pipe output into a pager.	A pager is enabled by default for --human output.

       -r, --raw
	      Print the raw message buffer, i.e. do not strip the log-level prefixes.

	      Note that the real raw format depends on the method how dmesg(1) reads kernel messages.  The /dev/kmsg device uses a different  for-
	      mat  than  syslog(2).  For backward compatibility, dmesg(1) returns data always in the syslog(2) format.	It is possible to read the
	      real raw data from /dev/kmsg by, for example, the command 'dd if=/dev/kmsg iflag=nonblock'.

       -S, --syslog
	      Force dmesg to use the syslog(2) kernel interface to read kernel messages.  The default is to use /dev/kmsg  rather  than  syslog(2)
	      since kernel 3.5.0.

       -s, --buffer-size size
	      Use a buffer of size to query the kernel ring buffer.  This is 16392 by default.	(The default kernel syslog buffer size was 4096 at
	      first, 8192 since 1.3.54, 16384 since 2.1.113.)  If you have set the kernel buffer to be larger than the default, then  this  option
	      can be used to view the entire buffer.

       -T, --ctime
	      Print human-readable timestamps.

	      Be aware that the timestamp could be inaccurate!	The time source used for the logs is not updated after system SUSPEND/RESUME.

       -t, --notime
	      Do not print kernel's timestamps.

       --time-format format
	      Print  timestamps  using	the  given  format, which can be ctime, reltime, delta or iso.	The first three formats are aliases of the
	      time-format-specific options.  The iso format is a dmesg implementation of the ISO-8601 timestamp format.  The purpose of this  for-
	      mat  is  to  make the comparing of timestamps between two systems, and any other parsing, easy.  The definition of the iso timestamp
	      is: YYYY-MM-DD<T>HH:MM:SS,<microseconds><-+><timezone offset from UTC>.

	      The iso format has the same issue as ctime: the time may be inaccurate when a system is suspended and resumed.

       -u, --userspace
	      Print userspace messages.

       -w, --follow
	      Wait for new messages.  This feature is supported only on systems with a readable /dev/kmsg (since kernel 3.5.0).

       -x, --decode
	      Decode facility and level (priority) numbers to human-readable prefixes.

       -V, --version
	      Display version information and exit.

       -h, --help
	      Display help text and exit.

COLORS

       Implicit coloring can be disabled by an empty file /etc/terminal-colors.d/dmesg.disable.  See terminal-colors.d(5) for more  details  about
       colorization configuration.

       The logical color names supported by dmesg are:

       subsys The message sub-system prefix (e.g. "ACPI:").

       time   The message timestamp.

       timebreak
	      The message timestamp in short ctime format in --reltime or --human output.

       alert  The text of the message with the alert log priority.

       crit   The text of the message with the critical log priority.

       err    The text of the message with the error log priority.

       warn   The text of the message with the warning log priority.

       segfault
	      The text of the message that inform about segmentation fault.

SEE ALSO

       terminal-colors.d(5), syslogd(8)

AUTHORS

       Karel Zak <kzak@redhat.com>

       dmesg was originally written by Theodore Ts'o <tytso@athena.mit.edu>

AVAILABILITY

       The  dmesg  command  is	part  of the util-linux package and is available from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils
       /util-linux/>.

util-linux							     July 2012								  DMESG(1)
All times are GMT -4. The time now is 09:40 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy