Skip to main content
Topic: Strange process with many numbers as a process name ???? [SOLVED] (Read 1455 times) previous topic - next topic
0 Members and 3 Guests are viewing this topic.

Strange process with many numbers as a process name ???? [SOLVED]

I have a conky module that lists top processes in CPU and RAM consumption on the desktop and I recently have noticed a process that has about 10 digits, all numbers, running.  It shows up on the CPU list, never on RAM, so I assume it is low on RAM consumption.
When I open a tasks list (lxtask) that lists all root, user, and other system processes it never shows up anywhere.

Anyone knows what this is?  One day I recorded the exact name of it and used killall to see if it stops and it didn't find it.
The name changes with each boot.

Re: Strange process with many numbers as a name running ????

Reply #1
It is possible to have hidden processes apparently, this interesting app I came across only a few days ago claims to find them although I have not tried it:
https://gitlab.com/nowayout/prochunter
"Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits."
If you are trying to cpu limit processes by PID it doesn't work on everything, I guess (but don't know for sure) they are spawning sub processes which exist only briefly, and it is the sub processes that are using the cpu and have their own PID, but they do not show up in top or similar because they are being created and destroyed too rapidly. That doesn't sound like your description though.

Re: Strange process with many numbers as a name running ????

Reply #2
Quote from: fungalnet – on
I have a conky module that lists top processes in CPU and RAM consumption on the desktop and I recently have noticed a process that has about 10 digits, all numbers, running.  It shows up on the CPU list, never on RAM, so I assume it is low on RAM consumption.
When I open a tasks list (lxtask) that lists all root, user, and other system processes it never shows up anywhere.

Sounds fishy...

Try the community/unhide and see if it shows anything.

Code: [Select]
unhide -v brute

Do you have wine installed? Try uninstalling and rebooting and see if the process shows up, if you have wine at all. (Maybe a windows virus/malware/etc)

Otherwise maybe you have one of those famed, rare linux rootkits found in the wild? Congratulations? Don't run random scripts off the internet without protection, or do not run them at all.

I hope the real cause of this is mundane. Good luck! Enjoy the coming Gregorian New Year. :D

Re: Strange process with many numbers as a name running ????

Reply #3
unhide didn't reveal anything
rkhunter didn't either

Re: Strange process with many numbers as a name running ????

Reply #4
ps -auxw ?
 

Re: Strange process with many numbers as a name running ????

Reply #5
Thnx mrbrklyn

It is a temporary conky shell script that runs the process list I see the weird number

artix     3043  0.0  0.0  15860  3020 tty1     S+   18:23   0:00 /bin/bash /tmp/conky-manager/15147373921339657703.sh

On the process list I see this:   15147373921339657703
On other listings as in lxtask it shows as a bash shell
On htop it shows the same as ps-auxw

Happy new year

Re: Strange process with many numbers as a process name ???? [SOLVED]

Reply #6
Quote from: fungalnet – on
Thnx mrbrklyn

It is a temporary conky shell script that runs the process list I see the weird number

artix     3043  0.0  0.0  15860  3020 tty1     S+   18:23   0:00 /bin/bash /tmp/conky-manager/15147373921339657703.sh

On the process list I see this:   15147373921339657703
On other listings as in lxtask it shows as a bash shell
On htop it shows the same as ps-auxw

Happy new year


I had thought that a process can't start with a number.  Or maybe because the process is actually bash?

Re: Strange process with many numbers as a process name ???? [SOLVED]

Reply #7
It appears as if you run conky-manager it creates a script/shell on /tmp and that shell produces the above.
If I just run on autostart a statement of
$ conky -c ~/conky/conkyconfigurationscript
the outcome is exactly the same without this weird process.  In fact if you keep a copy of the conky-manager scripts and uninstall it the outcome is the same.

This is for a reference to solve future inquiries of such a weird process running.

This a copy of what one of those weird conky-manager scripts look like, stored in /tmp/conky-manager and are not deleted, I actually found about 10 of them, mostly identical as I do not change it much.

Code: [Select]
#!/bin/bash
rsync -aim --dry-run --include="*.ttf" --include="*.TTF" --include="*.otf"  --include="*.OTF" --include="*/" --exclude="*" "/home/artix/.conky/" /tmp