In the system monitor I have a number of unknown processes from user root,-1 that keep popping up (see yellow highlight in image1). What are they? http://picasaweb.google.com/lh/photo/OYv_LvndSy-uFEc6Zoe01g?feat=directlink
As you may see zombie processes are also coming and going… among which dns-resolver, ifup, ifdown, ifdown-route, netconfig, nis, ntp-config, udved, grep,
touch… Is that normal??
I usually connect to a server via VPN (to access electronic journals) but recently the access has been denied to me because “my connection is infected with the worm Conficker”.
I know it is very unlikely that a linux pc catches a virus… so I am puzzeld… I have a dual boot with Windows (probably infected in some ways) but haven’t used it for at least a year… and the guys running the server are a bit slow to answer.
Can anyone enlighten me please??
Thanks in advance for all your good suggestions.
Yves.
As to conficker. That is a Windows virus. And in itself can not live in Linux. On the other hand you may have a file on the system that can be infected such as an email. On yet another hand it could be that the server’s software is broken. If you want to be sure your files are clean and not accidentally pass on a virus to a more delicate OS you can install clamav
thanks,
The zombie processes just appear and disappear before I can even kill them.
The link you gave suggest writing a script to kill them automatically, do you have any advice on how to do that?
As for the processes from user root,-1 there can be up to 10 of them popping out, but they also go before I could kill them…
I still do not understand what they are…
As for the virus report, I leave it here for now.
I have done a scan with clamav but it listed a lot of broken executable and encripted zip also among system files that cannot be infected files, so I am afraid that if I quarantine anything I will just mess up the system even more… (I am a bit inexperienced and usually when I try to solve a problem I always create another one…)
-are these new problems after running ok for a while?
-if these began immediately after an initial clean/format install did you:
download the install image yourself directly from http://software.opensuse.org/ ? or, if not what was the source of your
install image?
did you md5sum check that iso against the md5sum also available
from http://software.opensuse.org/ ? was it a 100% perfect match?
if you/did you then burn the image to a disk yourself and then did
you do this first, before actual install? http://tinyurl.com/yajm2aq and, if you did what was the result of
that test?
have you since the initial install run all security updates and
patches available via YaST or the Online Updater?
how often, if ever do you log into KDE/Gnome/etc as root to solve
problems? to browse the net?
your password is it long and strong, without ‘words’ found in
dictionaries or easily guessed, does it have both upper and lower case
letters…and does it have some numbers and symbols? is your root
password even longer and stronger?
are there any others who have your passwords and access to your
machine?
i ask these things because it kinda sounds like (to me) that either
you have a faulty install or have been rooted…
however, the server’s “my connection is infected with the worm
Conficker” does not say YOUR machine is infected, but rather the connection is…and, i wonder if you are (say) in a dorm or company
or building or wifi where many folks would be going out to the net
through the same (apparent) single IP and someone else within that
group is sending infecting emails etc which has been detected by the
firewall/gateway of the electronic journals holder and therefore
marked the single IP as a source…and, everyone inside the
building/dorm/local network is therefor suspect?
Pb with cpu usage is solved.
I went to look at the files in /var/log/ especially /var/log/warn
and found that the system was trying every few seconds to install a network card but failed, so tried again, and again…
That wlan card I have on one of the pci slot was not compatible/not recognized by the system at the time I switch from Windows to linux and I just never really bothered with it.
Now it appears in the hardware list, maybe after some update of the system… ? Anyway I disabled it and things are now fine.
but to answer some of your questions
-are these new problems after running ok for a while?
as I said it might have followed an automatic update…
have you since the initial install run all security updates and patches available via YaST or the Online Updater?
yep!
how often, if ever do you log into KDE/Gnome/etc as root to solve problems? to browse the net?
hardly ever… if never…
your password is it long and strong…
I think it as strong as it can be… and not shared with anyone…
however, the server’s “my connection is infected with the worm
Conficker” does not say YOUR machine is infected, but rather the connection is…and, i wonder if you are (say) in a dorm or company or building or wifi where many folks would be going out to the net through the same (apparent) single IP and someone else within that group is sending infecting emails etc which has been detected by the firewall/gateway of the electronic journals holder and therefore marked the single IP as a source…and, everyone inside the building/dorm/local network is therefor suspect?
thanks… well we are 1 mac + 1 linux pc connecting with the same router… the weird thing is that kvpnc seems able to tunnel to the server but access is systematically denied in the browser (firefox)…
anyway I will try to contact the server support a n+1 time…