Unknown processes are observed to be running on the server

Solution Verified - Updated -

Issue

  • Output of 'top' shows some unknown or unwanted processes were found to be running on the server.
PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+      COMMAND
47672 root      20   0 33272 1112  208 S 23.9  0.1  36:52.82 pkmqjkdiou      ------->>>>
  • If 'lsof' is used against the same process, then we get following outcome :
# lsof | grep 47672

pkmqjkdio 47672      root  cwd       DIR              253,0      4096          2 /
pkmqjkdio 47672      root  rtd       DIR              253,0      4096          2 /
pkmqjkdio 47672      root  txt       REG              253,0    625878     139290 /usr/bin/pkmqjkdiou        ------->>>>
pkmqjkdio 47672      root    0u      CHR                1,3       0t0       4217 /dev/null
pkmqjkdio 47672      root    1u      CHR                1,3       0t0       4217 /dev/null
pkmqjkdio 47672      root    2u      CHR                1,3       0t0       4217 /dev/null
pkmqjkdio 47672      root    3u     IPv4          222548344       0t0        UDP *:49473

Environment

  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In