what is the process named unknown process belonging to root?
MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
what is the process named unknown process belonging to root?
Hi
There is a process named as "unknown process" which is changing it's ID in every second and has no window or ....just belongs to root!
I am thinking to some processes which i previously mentioned in a separate thread as "child not found" at that time it was not detected by "system monitor" but now after installing Mandriva2012 it is shown there...
It is not using CPU or memory as it shows....
I also have tried to make an executable script and copied that in /bin and some other places... could it be the result of that? or what?
Should i be concerned about that? Please help!
Could you post the relevant output from ps -A, making sure to enclose them in "code" tags, which become available when you click "Go Advanced" down there at the bottom of the Quick Reply window?
Also, does this process appear in the output of a top command?
That information may give persons who look at this more to go on.
Could you post the relevant output from ps -A, making sure to enclose them in "code" tags, which become available when you click "Go Advanced" down there at the bottom of the Quick Reply window?
Also, does this process appear in the output of a top command?
That information may give persons who look at this more to go on.
I did not see this process in top command may be because processes continuously change position there!
I also attach some screenshots about this now ....there were more attachments ...but maximum allowed was 3
Last edited by unSpawn; 08-10-2012 at 08:17 PM.
Reason: //Replace BB email with code tag
I forgot to mention this:
CPU usage is shown 100 percent in system monitor but although the system is not as fast as before ,there is no difficulty in working
also i do not know why this is 100 percent because the sum of working process's CPU usage is much much less than 100
Last edited by irajjs; 08-04-2012 at 07:16 PM.
Reason: correcting a word's spell
I did not look up each one individually, but, at first glance, they all look legit.
If you see a process name you do not recognize, your best bet is to google it. You could also try "man [process name]" to see if there is a man file for that command. For some of them, you might need to run "apropos [process name]" to determine whether and where a man file exists.
I see the phrase "unknown" in the .PNG files you've posted.
If you don't see "unknown" in output from the ps command, it could be that things are changing too quickly in the system, to catch a process with that name.
Or, it may be that "unknown" is not literally the process name, but instead an interpretation of the data by the utility that you're using to display System Activity.
If you can find a man or info page for the utility, it might describe the utility's output enough to mention whether or not the utility will sometimes label something as "unknown".
If you cannot find such a page, perhaps you can track down the program for the utility, then you might be able to determine whether or not the utility contains the phrase "unknown". This approach isn't necessarily definite, because if the utility is pulling in other code, such as from a library, "unknown" might be supplied by a library routine. But if the utility's program contains "unknown" then it might well be just labeling something as "unknown".
In the environment I'm using, if I wanted to find out if ps contains "unknown", I could do something like this. Find the ps program with these commands:
Code:
which ps ; whereis ps
which for me gives this output:
Code:
/bin/ps
ps: /bin/ps /usr/share/man/man1p/ps.1p.gz
Then to find out what type of program it is, a binary executable, or a shell script, etc., run this command:
Code:
file /bin/ps
in my situation, the output is:
Code:
/bin/ps: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.4, stripped
so it's a binary. If it was a shell script, fgrep could be used directly on it. Since ps is a binary, to look for "unknown" in ps these commands can be used:
Code:
strings -a /bin/ps | fgrep -i unknown | less
which produces this output:
Code:
unknown
Environment specified an unknown personality.
Unknown page size! (assume 4096)
Unknown gnu long option.
Unknown AIX field descriptor.
Unknown sort specifier.
Unknown user-defined format specifier "%s".
Unknown HZ value! (%d) Assume %Ld.
So it looks as if the ps command itself, can label things as "unknown", in one way or another.
If nothing else, you could try a loop in a bash shell to try to catch "unknown" in the ps output, just in case the process name actually does contain "unknown", or ps describes something about the process as "unknown":
Code:
for loop_count in {1..120..1}
do
ps gaxu | egrep -i '(%CPU)|(unknown)'
echo ''
sleep 1
done
I must confess that I did not have the energy to look at all the image attachments last night.
I'm inclined to think that the "unknown" has something to do with how the process list is rendered to the screen in the GUI interface and not with any process that is actually taking place in the processor, as it is rendered in the window frame and not in the process list.
Hi
Thank you for your attention (both of you frakbell and kakaka)
Today i noticed that the unknown process was duplicated for some hours but after shutting down the system one of them was disappeared in the next system run.
i want to remind something which i mentioned in my first post:
The unknown process changes it's ID in each second so obviously it is not easily studied
I think that most possibly it is my own script which i have marked that as executable! and if so then it is ideal! My system is in it's best ever state now but i just want to make sure that it is not a destroyer virus!
later i am going to run the codes that you offered
right now i am busy with some other problems like "webcam" and "speech" and i am working hard (time is 3.15 am now!)
i will post any new findings about this later
Regards
I see the phrase "unknown" in the .PNG files you've posted.
If you don't see "unknown" in output from the ps command, it could be that things are changing too quickly in the system, to catch a process with that name.
Or, it may be that "unknown" is not literally the process name, but instead an interpretation of the data by the utility that you're using to display System Activity.
If you can find a man or info page for the utility, it might describe the utility's output enough to mention whether or not the utility will sometimes label something as "unknown".
If you cannot find such a page, perhaps you can track down the program for the utility, then you might be able to determine whether or not the utility contains the phrase "unknown". This approach isn't necessarily definite, because if the utility is pulling in other code, such as from a library, "unknown" might be supplied by a library routine. But if the utility's program contains "unknown" then it might well be just labeling something as "unknown".
In the environment I'm using, if I wanted to find out if ps contains "unknown", I could do something like this. Find the ps program with these commands:
Code:
which ps ; whereis ps
which for me gives this output:
Code:
/bin/ps
ps: /bin/ps /usr/share/man/man1p/ps.1p.gz
Then to find out what type of program it is, a binary executable, or a shell script, etc., run this command:
Code:
file /bin/ps
in my situation, the output is:
Code:
/bin/ps: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.4, stripped
so it's a binary. If it was a shell script, fgrep could be used directly on it. Since ps is a binary, to look for "unknown" in ps these commands can be used:
Code:
strings -a /bin/ps | fgrep -i unknown | less
which produces this output:
Code:
unknown
Environment specified an unknown personality.
Unknown page size! (assume 4096)
Unknown gnu long option.
Unknown AIX field descriptor.
Unknown sort specifier.
Unknown user-defined format specifier "%s".
Unknown HZ value! (%d) Assume %Ld.
So it looks as if the ps command itself, can label things as "unknown", in one way or another.
If nothing else, you could try a loop in a bash shell to try to catch "unknown" in the ps output, just in case the process name actually does contain "unknown", or ps describes something about the process as "unknown":
Code:
for loop_count in {1..120..1}
do
ps gaxu | egrep -i '(%CPU)|(unknown)'
echo ''
sleep 1
done
Hope this helps.
Hi
I entered all codes but the last one! because i guess it might cause unknown process sleep and at this time i do not want to make it sleep because as i said it might be my own script which is OK and has no harm on the computer.
The output was nearly the same as in your PC. Thanks
Even though it's probably fair to say that Linux systems tend not to be targeted by virus creators as much as MS-Windows systems, if I had even the slightest suspicion that my Linux system might have a virus, I would make finding out a very high priority! The idea that the system currently seems to be running OK, doesn't mean the program is not a virus. Virus programs can be sneaky. A virus could be trying to use your system to infect other systems, before damaging your system, or something else equally bad.
If I thought an "unknown process" might be a program I wrote, I wouldn't try to find out indirectly, by monitoring it. I would simply disable the program, temporarily, and if need be, reboot the system. irajjs, is this program you wrote supposed to re-run itself, or is it run again and again by cron?
irajjs, did you mean that you didn't run this code:
Code:
for loop_count in {1..120..1}
do
ps gaxu | egrep -i '(%CPU)|(unknown)'
echo ''
sleep 1
done
because you thought it might cause the unknown process to sleep? If so, then running the command:
man sleep
would show you what that form of the sleep command does. It doesn't cause other process to sleep. It's just supposed to cause a delay of 1 second in the program from which it is run. I included so that there would be a delay between runs of the ps command in the shell loop, within the code I provided.
Even though it's probably fair to say that Linux systems tend not to be targeted by virus creators as much as MS-Windows systems, if I had even the slightest suspicion that my Linux system might have a virus, I would make finding out a very high priority! The idea that the system currently seems to be running OK, doesn't mean the program is not a virus. Virus programs can be sneaky. A virus could be trying to use your system to infect other systems, before damaging your system, or something else equally bad.
If I thought an "unknown process" might be a program I wrote, I wouldn't try to find out indirectly, by monitoring it. I would simply disable the program, temporarily, and if need be, reboot the system. irajjs, is this program you wrote supposed to re-run itself, or is it run again and again by cron?
irajjs, did you mean that you didn't run this code:
Code:
for loop_count in {1..120..1}
do
ps gaxu | egrep -i '(%CPU)|(unknown)'
echo ''
sleep 1
done
because you thought it might cause the unknown process to sleep? If so, then running the command:
man sleep
would show you what that form of the sleep command does. It doesn't cause other process to sleep. It's just supposed to cause a delay of 1 second in the program from which it is run. I included so that there would be a delay between runs of the ps command in the shell loop, within the code I provided.
Hi
Thank you for your attention and help,by the way i understood that the unknown process was my own script so there is no danger of virus or worm or spyware (in this case).
a copy of my script had changed it's name and was hidden , i also typed: man unknown and the output was helpful.
Now i think that the problem is solved but a new question is created in my mind :
How do i help my script(unknown process) to become fully active and supported and accepted by all my software ? because it contains instructions for updating and upgrading and generally better working of my computer.
Regards
I'm rather confused about the context in which you are working and your objectives.
In message # 8 in this thread, you said:
which made the situation seem to be that you did not know what the "unknown" process was, that it could have been a virus.
Then in message # 11 you said:
Now you're asking how you get the unknown process to be fully active, supported, and accepted by all your software.
Active in what way?
Supported in what way?
Accepted in what way?
What does the script you wrote do, that it needs to be supported and accepted by other software?
Hi
message#11 came after message#8 and nearly a week later so there has been a progress in my understanding
I want my script to be as the main core program in my PC
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
what is the process named unknown process belonging to root?
output and more...
CPU usage is shown 100 percent!
My own script
steps forward!
