Strange system activity no matter what I try


 
Thread Tools Search this Thread
# 1  
Network Strange system activity no matter what I try

When I choose to encrypt my drive during a Linux install, it encryps it, but I receive errors in dmesg and in ~/.xsessions-errors during use. The first error is in dmesg where it sometimes shows errors writing to the encypted device. The second error is in ~/.xsessions-errors with an error about writing to a cleartext device With the above errors noted, I've also discovered some strange events:

1. gvfsd-burn running with several instances while I'm not using any burning application

2. The .gvfs directory showing up in ls -l result with question marks, googled and told to enter fusermount -u .gvfs and log out and log back in but this event occurs again I don't know what it's doing this for.

3. When backing up a large amount of files to an external drive, I receive a nautilus popup saying a file has changed, would I like to replace it, when I haven't changed any of the files. Who is doing the changing?

4. Hard disk drive light flashes on and off with a second or two in between the flickers, running top and lsof, and checking logs, I can't find anything causing this activity?

5. Running unhide, which installs with rkhunter, shows several ports open when I'm not using them, I've firewalled most outgoing ports, nothing is listed as using any of these hidden ports.

6. Chkrootkit shows tty7 gnome desktop as being hidden from wtmp.

7. Console-kit-daemon runs several times, cannot pin down why this is.

8. Rkhunter and chkrootkit scans come out as clean, no rootkits or problems found, other than #6 from chkrootkit. What is recommended? It sounds like a rootkit's installed, and when I check binaries with chkrootkit -x command some of the strings sound weird, some binaries contain "mmap, mmove, fork, shell, shell always, fake, anonymous" and more I've wiped the drive and installed several times, these problems continue regardless of my efforts.

When I examined my wiped HDD from an "ultimate boot cd" disk utility, I saw a garbled message followed by "virus detected!" "booting hd1" I wasn't sure if a bad burn of the ubcd was placing it there, or if my BIOS is infected and is the source of the constant re-infection. I scanned my hdd with an antivirus and it discovered memtest+ in a kernel directory was infected, but it didn't elaborate. Even when I install disk without encryption, the hdd light flashes constantly, like someone is doing something, but no extra programs are running except a gnome desktop,

I've even tried smaller window managers but the disk keeps accessing. I'm guessing whatever is running has poisoned certain binaries like ls, ps, who, last, and so on. What is recommended in this condition? Any tips on what could be happening?
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

6 More Discussions You Might Find Interesting

1. Infrastructure Monitoring

System Activity Report

Hi team , I am working on monitoring the solaris machine utilization continously with shell script without using any thirdparty software. I stuck at below commands which are limited to 1000000000 seconds. CPU Utilization sar -u 1 1000000000 Disk Utilization sar -d 1 1000000000 Memory... (4 Replies)
Discussion started by: tarun_nix
4 Replies

2. Red Hat

system activity and information data

Hi all, i need to collect all system activities data(processes running, disk details, memory, etc), system logs and things related. i heard of cfg2html but its not available for my CentOS distro(i may need to install separately but thats not what i wana do). i can use sar for syatem... (1 Reply)
Discussion started by: ajayyadavmca
1 Replies

3. Cybersecurity

FTP logfile shows strange activity at login

Has anyone seen or know what is causing this FTP log file line-item? 3 times when I successfully logged into FTP today, the log file shows a server response of a wrong password (530) to an IP address that is not mine... Below are FTP Log-file entries. I have removed my username & IP address: ... (2 Replies)
Discussion started by: bricolage
2 Replies

4. Shell Programming and Scripting

How to monitor system activity while executing tests

I need to monitor system activity (RAM, CPU usage, execution time) while running some tests on solaris, linux and aix and save the output. Please advise whether there's a utility available for these systems? How can time the execution of the command? Thanks! (2 Replies)
Discussion started by: smovla
2 Replies

5. AIX

System activity

Hi, I want to find program's file read,write for a particular time.For example i am executing an application called test1, this will get input from some parameter files(file1,file2,file3) and it will write to some files(file4,file5), so i want to execute one program which will capture these... (3 Replies)
Discussion started by: gnanadurai_it
3 Replies

6. UNIX for Dummies Questions & Answers

mksysb and system activity

Hello, With AIX 5.3 is it possible to run a mksysb with users logged into the system? The users are accessing a database app that runs on a separate physical disk than the system files. Does this even matter? Thanks (1 Reply)
Discussion started by: samsa1mi
1 Replies
EvmConnCheck(3) 					     Library Functions Manual						   EvmConnCheck(3)

NAME
EvmConnCheck(), EvmConnWait(), EvmConnDispatch(), EvmConnFlush() - maintain connection with the EVM daemon SYNOPSIS
Library EVM Support Library Parameters connection The EVM connection that is to be monitored. See the EvmConnCreate(3) manpage. IOWaiting This is the return operand. Possible values for this operand are the following: There is no outstanding I/O activity on the connection. There is outstanding I/O activity on the connection. The client needs to call to handle the outstanding activity. timeout If the timeout value is NULL, it specifies that is to wait until there is activity on the connection. If the timeout value is not NULL, it specifies the amount of time that waits for activity on the connection. count Receives a count of messages queued for sending to the EVM daemon. DESCRIPTION
The routine checks whether there is any I/O activity outstanding on the connection. If there is activity, IOWaiting is set to The program is to then call to handle it. If there is no outstanding I/O activity, IOWaiting is set to An response from this function does not guaran- tee that an event has arrived. An response simply means that there is a message on the connection that needs to be handled. The routine blocks until activity is detected on the connection. If timeout is not NULL, it specifies the amount of time that the function waits for activity on the connection before returning with a status of The routine handles one incoming I/O message on the connection, calling the client's callback function as needed. If there is no message awaiting processing, the function returns immediately. Calling this function is not guaranteed to invoke the connection's callback func- tion. If the callback is invoked, it is not necessarily true that an event has arrived. The routine attempts to send to the EVM daemon any messages that are queued for output as a result of earlier calls on a connection that is marked as a non-blocking connection. The routine continues to send messages from the queue, until either all messages have been sent or until the send buffer is full. On return, if the count output parameter is a number greater than zero, then that number is the number of messages still queued for sending. returns See EvmConnControl(3) for more information. RETURN VALUE
The operation completed without error. One of the arguments to the function is invalid. A value in a structure member is invalid. An operation failed because an attempt to acquire heap memory failed. A read error occurred while reading from the EVM daemon connection. A write error occurred while writing to the EVM daemon connection. An error occurred on the EVM connection. Invoke to destroy the connection. A timeout period expired. The current operation was interrupted by receipt of a signal. One or more messages is queued for sending to the EVM daemon. ERRORS
The value of is not set. FILES
Default pathname for the domain socket. SEE ALSO
Functions connect(2), select(2), socket(2). Routines EvmConnControl(3), EvmConnCreate(3), EvmConnDestroy(3), EvmEventPost(3). Event Management EVM(5). Event Callback EvmCallback(5). Event Connection EvmConnection(5). EVM Events EvmEvent(5). EvmConnCheck(3)

Featured Tech Videos