Linux Mint Forums

[zacharysonicfast]

What does all this stuff mean??
I was checking for malware and similar. I see a LOT of fake stuff.
Anything I should worry about?

http://www.unhide-forensics.info
[*]Searching for Fake processes by verifying that all threads seen by ps are also seen by others

Found FAKE PID: 1 Command = /sbin/init not seen by 2 sys fonc
Found FAKE PID: 2 Command = [kthreadd] not seen by 2 sys fonc
Found FAKE PID: 3 Command = [ksoftirqd/0] not seen by 2 sys fonc
Found FAKE PID: 6 Command = [migration/0] not seen by 2 sys fonc
Found FAKE PID: 7 Command = [watchdog/0] not seen by 2 sys fonc
Found FAKE PID: 8 Command = [migration/1] not seen by 2 sys fonc
Found FAKE PID: 9 Command = [kworker/1:0] not seen by 2 sys fonc
Found FAKE PID: 10 Command = [ksoftirqd/1] not seen by 2 sys fonc
Found FAKE PID: 12 Command = [watchdog/1] not seen by 2 sys fonc
Found FAKE PID: 13 Command = [migration/2] not seen by 2 sys fonc
Found FAKE PID: 15 Command = [ksoftirqd/2] not seen by 2 sys fonc
Found FAKE PID: 16 Command = [watchdog/2] not seen by 2 sys fonc
Found FAKE PID: 17 Command = [migration/3] not seen by 2 sys fonc
Found FAKE PID: 19 Command = [ksoftirqd/3] not seen by 2 sys fonc
Found FAKE PID: 20 Command = [watchdog/3] not seen by 2 sys fonc
Found FAKE PID: 21 Command = [cpuset] not seen by 2 sys fonc
Found FAKE PID: 22 Command = [khelper] not seen by 2 sys fonc
Found FAKE PID: 23 Command = [kdevtmpfs] not seen by 2 sys fonc
Found FAKE PID: 24 Command = [netns] not seen by 2 sys fonc
Found FAKE PID: 26 Command = [sync_supers] not seen by 2 sys fonc
Found FAKE PID: 27 Command = [bdi-default] not seen by 2 sys fonc
Found FAKE PID: 28 Command = [kintegrityd] not seen by 2 sys fonc
Found FAKE PID: 29 Command = [kblockd] not seen by 2 sys fonc
Found FAKE PID: 30 Command = [ata_sff] not seen by 2 sys fonc
Found FAKE PID: 31 Command = [khubd] not seen by 2 sys fonc
Found FAKE PID: 32 Command = [md] not seen by 2 sys fonc
Found FAKE PID: 34 Command = [khungtaskd] not seen by 2 sys fonc
Found FAKE PID: 35 Command = [kswapd0] not seen by 2 sys fonc
Found FAKE PID: 36 Command = [ksmd] not seen by 2 sys fonc
Found FAKE PID: 37 Command = [khugepaged] not seen by 2 sys fonc
Found FAKE PID: 38 Command = [fsnotify_mark] not seen by 2 sys fonc
Found FAKE PID: 39 Command = [ecryptfs-kthrea] not seen by 2 sys fonc
Found FAKE PID: 40 Command = [crypto] not seen by 2 sys fonc
Found FAKE PID: 48 Command = [kthrotld] not seen by 2 sys fonc
Found FAKE PID: 49 Command = [kworker/3:1] not seen by 2 sys fonc
Found FAKE PID: 50 Command = [scsi_eh_0] not seen by 2 sys fonc
Found FAKE PID: 51 Command = [scsi_eh_1] not seen by 2 sys fonc
Found FAKE PID: 52 Command = [scsi_eh_2] not seen by 2 sys fonc
Found FAKE PID: 53 Command = [scsi_eh_3] not seen by 2 sys fonc
Found FAKE PID: 54 Command = [scsi_eh_4] not seen by 2 sys fonc
Found FAKE PID: 55 Command = [scsi_eh_5] not seen by 2 sys fonc
Found FAKE PID: 80 Command = [devfreq_wq] not seen by 2 sys fonc
Found FAKE PID: 82 Command = [kworker/2:1] not seen by 2 sys fonc
Found FAKE PID: 123 Command = [kworker/1:1] not seen by 2 sys fonc
Found FAKE PID: 286 Command = [jbd2/sda1-8] not seen by 2 sys fonc
Found FAKE PID: 287 Command = [ext4-dio-unwrit] not seen by 2 sys fonc
Found FAKE PID: 371 Command = upstart-udev-bridge --daemon not seen by 2 sys fonc
Found FAKE PID: 373 Command = /sbin/udevd --daemon not seen by 2 sys fonc
Found FAKE PID: 482 Command = /usr/sbin/sshd -D not seen by 2 sys fonc
Found FAKE PID: 526 Command = rsyslogd -c5 not seen by 2 sys fonc
Found FAKE PID: 549 Command = rsyslogd -c5 not seen by 2 sys fonc
Found FAKE PID: 550 Command = rsyslogd -c5 not seen by 2 sys fonc
Found FAKE PID: 551 Command = rsyslogd -c5 not seen by 2 sys fonc
Found FAKE PID: 555 Command = [irq/47-mei] not seen by 2 sys fonc
Found FAKE PID: 562 Command = [cfg80211] not seen by 2 sys fonc
Found FAKE PID: 596 Command = [kpsmoused] not seen by 2 sys fonc
Found FAKE PID: 619 Command = dbus-daemon --system --fork --activation=upstart not seen by 2 sys fonc
Found FAKE PID: 629 Command = /sbin/udevd --daemon not seen by 2 sys fonc
Found FAKE PID: 630 Command = /sbin/udevd --daemon not seen by 2 sys fonc
Found FAKE PID: 648 Command = [kworker/2:2] not seen by 2 sys fonc
Found FAKE PID: 689 Command = [kworker/3:2] not seen by 2 sys fonc
Found FAKE PID: 702 Command = /usr/sbin/bluetoothd not seen by 2 sys fonc
Found FAKE PID: 713 Command = [krfcommd] not seen by 2 sys fonc
Found FAKE PID: 738 Command = avahi-daemon: running [XXXXXXXX-K55A.local] not seen by 2 sys fonc (I X'd out my user name here)
Found FAKE PID: 741 Command = avahi-daemon: chroot helper not seen by 2 sys fonc
Found FAKE PID: 754 Command = /usr/sbin/cupsd -F not seen by 2 sys fonc
Found FAKE PID: 770 Command = [hd-audio0] not seen by 2 sys fonc
Found FAKE PID: 806 Command = smbd -F not seen by 2 sys fonc
Found FAKE PID: 836 Command = /usr/sbin/modem-manager not seen by 2 sys fonc
Found FAKE PID: 838 Command = smbd -F not seen by 2 sys fonc
Found FAKE PID: 844 Command = NetworkManager not seen by 2 sys fonc
Found FAKE PID: 848 Command = NetworkManager not seen by 2 sys fonc
Found FAKE PID: 3234 Command = NetworkManager not seen by 2 sys fonc
Found FAKE PID: 845 Command = [led_workqueue] not seen by 2 sys fonc
Found FAKE PID: 847 Command = upstart-socket-bridge --daemon not seen by 2 sys fonc
Found FAKE PID: 854 Command = /usr/lib/policykit-1/polkitd --no-debug not seen by 2 sys fonc
Found FAKE PID: 858 Command = /usr/lib/policykit-1/polkitd --no-debug not seen by 2 sys fonc
Found FAKE PID: 880 Command = /sbin/wpa_supplicant -B -P /run/sendsigs.omit.d/wpasupplicant.pid -u -s -O /var/run/wpa_supplicant not seen by 2 sys fonc
Found FAKE PID: 1044 Command = /sbin/getty -8 38400 tty4 not seen by 2 sys fonc
Found FAKE PID: 1049 Command = /sbin/getty -8 38400 tty5 not seen by 2 sys fonc
Found FAKE PID: 1068 Command = /sbin/getty -8 38400 tty2 not seen by 2 sys fonc
Found FAKE PID: 1069 Command = /sbin/getty -8 38400 tty3 not seen by 2 sys fonc
Found FAKE PID: 1071 Command = /usr/sbin/winbindd not seen by 2 sys fonc
Found FAKE PID: 1072 Command = /sbin/getty -8 38400 tty6 not seen by 2 sys fonc
Found FAKE PID: 1073 Command = /usr/sbin/winbindd not seen by 2 sys fonc
Found FAKE PID: 1090 Command = acpid -c /etc/acpi/events -s /var/run/acpid.socket not seen by 2 sys fonc
Found FAKE PID: 1092 Command = cron not seen by 2 sys fonc
Found FAKE PID: 1096 Command = kdm not seen by 2 sys fonc
Found FAKE PID: 1106 Command = /usr/sbin/irqbalance not seen by 2 sys fonc
Found FAKE PID: 1135 Command = /usr/sbin/preload -s /var/lib/preload/preload.state not seen by 2 sys fonc
Found FAKE PID: 1139 Command = /usr/bin/X :0 vt7 -br -nolisten tcp -auth /var/run/xauth/A:0-a9ZyLb not seen by 2 sys fonc
Found FAKE PID: 1277 Command = /sbin/getty -8 38400 tty1 not seen by 2 sys fonc
Found FAKE PID: 1281 Command = -:0 not seen by 2 sys fonc
Found FAKE PID: 1880 Command = [flush-8:0] not seen by 2 sys fonc
Found FAKE PID: 1897 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1898 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1899 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1900 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1901 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1902 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1903 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1904 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1905 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1906 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1907 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1908 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1909 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1910 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1911 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1912 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1913 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1914 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1915 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1916 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1917 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1918 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1919 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1920 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1921 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1922 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1923 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1924 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1925 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1926 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1927 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1928 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1929 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1930 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1931 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1932 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1933 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1934 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1935 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1936 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1937 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1938 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1939 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1940 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1941 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1942 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1943 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1944 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1945 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1946 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1947 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1948 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1949 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1950 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1951 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1952 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1953 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1954 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1955 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1956 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1957 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1958 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1959 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1961 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 1962 Command = /usr/sbin/console-kit-daemon --no-daemon not seen by 2 sys fonc
Found FAKE PID: 2549 Command = /usr/lib/upower/upowerd not seen by 2 sys fonc
Found FAKE PID: 2550 Command = /usr/lib/upower/upowerd not seen by 2 sys fonc
Found FAKE PID: 2551 Command = /usr/lib/upower/upowerd not seen by 2 sys fonc
Found FAKE PID: 2663 Command = /usr/lib/udisks/udisks-daemon not seen by 2 sys fonc
Found FAKE PID: 2665 Command = /usr/lib/udisks/udisks-daemon not seen by 2 sys fonc
Found FAKE PID: 2669 Command = /usr/lib/udisks/udisks-daemon not seen by 2 sys fonc
Found FAKE PID: 2664 Command = udisks-daemon: not polling any devices not seen by 2 sys fonc
Found FAKE PID: 2826 Command = /usr/lib/rtkit/rtkit-daemon not seen by 2 sys fonc
Found FAKE PID: 2828 Command = /usr/lib/rtkit/rtkit-daemon not seen by 2 sys fonc
Found FAKE PID: 2829 Command = /usr/lib/rtkit/rtkit-daemon not seen by 2 sys fonc
Found FAKE PID: 3233 Command = /sbin/dhclient -d -4 -sf /usr/lib/NetworkManager/nm-dhcp-client.action -pf /var/run/sendsigs.omit.d/network-manager.dhclient-wlan0.pid -lf /var/lib/dhcp/dhclient-56af987f-b307-4fae-8bb5-84c29979e3cc-wlan0.lease -cf /var/run/nm-dhclient-wlan0.conf wlan0 not seen by 2 sys fonc
Found FAKE PID: 3237 Command = /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/nm-dns-dnsmasq.conf --cache-size=0 --proxy-dnssec not seen by 2 sys fonc
Found FAKE PID: 3314 Command = nmbd -D not seen by 2 sys fonc
Found FAKE PID: 6583 Command = [kworker/u:2] not seen by 2 sys fonc
Found FAKE PID: 6620 Command = [kworker/u:1] not seen by 2 sys fonc
Found FAKE PID: 6622 Command = [kworker/0:0] not seen by 2 sys fonc
Found FAKE PID: 6644 Command = dbus-launch --autolaunch=aafe7cf9d2665ab93d93d43a00000006 --binary-syntax --close-stderr not seen by 2 sys fonc
Found FAKE PID: 6645 Command = //bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session not seen by 2 sys fonc
Found FAKE PID: 19934 Command = /usr/bin/freshclam -d --quiet not seen by 2 sys fonc
Found FAKE PID: 21900 Command = [kworker/0:2] not seen by 2 sys fonc
Found FAKE PID: 27597 Command = [kworker/u:0] not seen by 2 sys fonc
Found FAKE PID: 29090 Command = [kworker/0:1] not seen by 2 sys fonc




I thought about upgrading my hard drive and installing a fresh copy of Linux. I want to be certain that my computer is clean so nothing gets transferred or infected onto the new drive.

I don't know how to make clamav work. Seems far too complicated for me. I need every molecule of the computer checked for malware before I invest nearly $300 (US) for a new SSD drive. And if there is anything, how to remove it and prevent it from happening again. It would be nice if I could determine how any malware got on there, assuming there is any.

Any other ways to check for stuff or ensure I can have a clean computer?

[catweazel]

What does all this stuff mean??

What does the documentation say?

[zacharysonicfast]

What documentation?

[untnu]

what is this?

[MtnDewManiac]

What does the documentation say?

Code: Select all

http://www.unhide-forensics.info/unhide-linux26.html
http://www.unhide-forensics.info/unhide-tcp.html

what is this?

Some kind of website located in Spain (Madrid), hosted by the Level 3 Communications ISP. Looks like it's at 40.409° latitude, -3.692° longitude if you want to use Google's street-level viewer gizmo or the like to take a look.

Seems kind of sketchy/low-budget. But it might be legitimate. It says there are nine different distros "shipping Unhide." But, then, a scammer probably wouldn't say, "No distro ships our app," so... who knows? I try not to download security (or "security") apps from random websites or eat from random people's plates at the mall. Never know what I could catch....

[eanfrid]

For this case, unhide is indeed a well-known O/S security software usually run with rkhunter. As usual, it requires Linux knowledge and practice and RTFM (and it is present in LM official repos).

Edit: BTW, all the lines listed in the output above seem to be legitimate processus i.e. 100% false positive with the run options you chose

[Orbmiser]

"I want to be certain that my computer is clean so nothing gets transferred or infected onto the new drive."

And what gives you any indication that your Linux is infected?
I find many paranoid window users trying to apply all this kind of Anti-virus on a clean linux machine and going hog wild paranoid.

You do know the chance is highly unlikely that you have a linux virus right? As there are No linux viruses in the wild?
Someone can chime in here if that isn't the case. I dual boot with Win7. And if my windows side would get one.
Then would let my Windows Ant-Vir and Malware programs deal with it.

With using advanced linux tools with little understanding Linux you are creating all kinds of Fear,Uncertainty & Doubt.
Many of us don't even use Anti Virus programs on linux unless we are running a server or on a windows network.
Which is more about protectively protecting window users than our linux installation.

[zacharysonicfast]

"I want to be certain that my computer is clean so nothing gets transferred or infected onto the new drive."

And what gives you any indication that your Linux is infected?
I find many paranoid window users trying to apply all this kind of Anti-virus on a clean linux machine and going hog wild paranoid.

You do know the chance is highly unlikely that you have a linux virus right? As there are No linux viruses in the wild?
Someone can chime in here if that isn't the case. I dual boot with Win7. And if my windows side would get one.
Then would let my Windows Ant-Vir and Malware programs deal with it.

With using advanced linux tools with little understanding Linux you are creating all kinds of Fear,Uncertainty & Doubt.
Many of us don't even use Anti Virus programs on linux unless we are running a server or on a windows network.
Which is more about protectively protecting window users than our linux installation.

What about rootkits and trojans and other malware?