Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 16
Hi. The above title is a little dramatic I realize, but it is nonetheless close to the truth. In fact, this is the second forum from which I have sought ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    10

    Desperately Seeking Help Linux/Windows knowledge -- Sanity at Stake


    Hi.

    The above title is a little dramatic I realize, but it is nonetheless close to the truth. In fact, this is the second forum from which I have sought help (fyi, I am new here and this is my first post), however this is my first Linux forum and I hope that it will be more successful.

    This is a very long story, but I will try to summarize as succinctly as possible.

    First, I am not a "native" Linux user. I cut the Windows cord finally only 6 months ago. I am currently writing this post from a Mint Linux distro, but I had used Ubuntu as a dual boot until this security problem

    However, while I am not terribly well-versed yet in Linux, I have been using (and very effortlessly so) computers for 20-25 years. I was a programmer for awhile in my teens. Started programming in BASIC in junior high (and started to learn assembly), then COBOL during high school because of a job I had, then VB during college. HTML/CSS came next, then Python, and currently trying to get through the initial pangs of the glyph like feel of Perl -- however, I am especially excited to get my hands dirty with it given its significance in Unix/Linux.

    I am making a career transition at the moment from attorney to "not quite sure yet" in the IT area. So, overall my Linux skills are about a 2/10 (but part of my stagnant growth is due the problem I am having--the reason for this post). OK, that is a little background on me. Thank you for reading. Now to my problem.

    About 5 months ago, I was learning various wireless protocols and was using some tools to learn tcp and udp packet structure, etc... Somehow and at some point along the way my only pc a laptop -- which as an fyi, was a dual boot machine with Ubuntu Intrepid and Windows 7-- had a security breach. I thought then that it might just be a virus/trojan/worm or something I had to hunt down and eradicate. However, it turns out that it could very well be something worse -- a total hijacking, which I cannot seem to get rid of....to this day.

    After a month of trying to get my laptop to a normal functioning state, I decided to seek out help on the web. Since I was using a beta Windows version and suspected a possible security flaw, I first went to sevenforums.com to discuss my problem. While everyone there is helpful and very knowledgeable in Windows, no one has yet to offer me any solutions which I have not already tried.

    My theory as to what is taking place -- based on 4 months of trying to work on this -- is that the intruder is using something rather novel (I will explain this below) to gain initial penetration (incidentally, this intruder/hijacker is not particularly malicious or destructive, but rather only seems to automate much of his presence until he needs to actively do something in his defense. He really only restricts my using Windows when it interferes with whatever he is using my laptop for -- and this is still unclear to me. On the windows forum, I have posted countless screenshots and other data showing very strange and unusual states in Windows, but the group at large seems to think I have not taken the right steps to clean my machine.

    My theory, and it seems no one believes me (or at least no one who has any real knowledge in IT/computers), is that for initial access, this intruder uses bluetooth from an AP to my laptop assisted by a trojan that --because he will actively get involved as needed-- is infinitely mutatable and relocatable. From that point he establishes a typical TCP/UDP connection (as much connection as UDP will allow anyway), and in Windows, I am then on a doman/Active Directory, and even my Administrator privileges cannot go beyond his Server-level admin privileges.

    As strange as that may seem to anyone who is reading this, he is not only in Windows, but Linux as well. I first became aware of this when I would use my Backtrack USB or CD. After the infection, I never had root privileges in any linux distro I had--whether I was using a LIVE CD or a full installation. And given the nature of Backtrack, he will severely restrict my use of either Backtrack 3 or 4, as I would guess the tools contained on those CDs might expose him. But my first clue was that I was no longer (and never since) had root privileges in any Distro I have used. Sometimes I would have the name "root", but the PID of 1000. Or he would get into the boot process or LIVE installation before me with privileges and lock things or set things up so I could not use them as expected (yet I was then root with the apparent PID of 0, but somehow he had made it impossible for me to fix what he change (I now have a solid and pretty secure ethernet connection, but back when I relied on wireless, this whole mess rendered my laptop almost useless. He has also made devices and commands in Linux disappear --and this is where my inadequate Linux skills show because I do not know what to do to retrieve them.

    In windows, I end up trying to take back control of my laptop by terminating processes or services which I have learned he needs, which then results in a battle for the control of my pc, which sooner or later crashes due to the fact that whatever I have done (presumably) has damaged the system or he chooses to prevent me from booting into windows because the system can no longer function correctly to support is full functionality.

    Being used to my dual-boot setup, originally I had to reinstall both OS's countless times. Finally, since I knew that his means of access and existence were based on Windows code, I stopped doing full installs of Ubuntu, and have since then been using a Mint Linux (Deb/Ubuntu based) LIVE CD for Linux (which is more frequent than before since Windows use always end up with a drive-wipe and a reinstallation) and just reinstalled Windows 7 or Vista (if I had to ensure that the installatino of an OS was 100% clean). The one thing I do know about Linux is that it is far more simpler -- with the proper skill level-- to isolate and track someone like this than it is in windows. However, he is extrememely intelligent in both OSs, and as said has higher privileges than me in both as well. I basically have a roommate I do not want, and try as I might, I cannot exorcise him from this laptop. Before I go further, look at the attached screenshot of a terminal window where I executed "ps a". I think to anyone who is familiar with Linux and X-windows, you can see that something sticks out like the proverbial sore thumb. See attached.

    I know this is unbelieveable, but last weekend, I went so far as to swap out the old 250GB Toshiba HD for a brand new WD 320GB drive, then installing Windows Vista from factory CDs. Either the trojan he used was still somehow in memory, or bluetooth or another protocol I am not familiar with (nor are the Windows people) is still allowing him access in some very arcane way

    While I am in this LIVE CD right now, I had planned on going to run ps -i and ps -ef to show you why I think he can change his privileges before I login....but I am now unable to use the command "ps".

    I know this is very hard to believe, but if you take my word that the screenshot is authentic (and I would love to know what else you can derive from that output), then if you are aggressive and can instruct me what to do, I and my sanity, would be eternally grateful.

    In any case, please tell me what you think.

    Thank you very much, and I apologize that my first post could not be one of contribution instead of asking for assistance,,,

    Paul
    Attached Images Attached Images

  2. #2
    Linux Guru rokytnji's Avatar
    Join Date
    Jul 2008
    Location
    Desert
    Posts
    4,043
    Howdy and Welcome ConnerX. Have you ran rkhunter yet in Mint? While I probably don't have the skillset to bail ya out of your predicament. I did enjoy reading your post. That is some Intro.

    You should be able to find rkhunter in Synaptic Package manger in your Linux Mint. The 2 rkhunter links I posted are how tos so you can run it. I suggest you set a firewall also using Firestarter which is a GUI frontend for iptables firewall. Here is another How to for Firestarter Setup.

    And since ya can never have to many How to Here Is Another

    Good Luck ConnerX

    EDIT: Your screenshot won't show up because you are new to the forum. It is because of Spam protection that this is so.
    Linux Registered User # 475019
    Lead,Follow, or get the heck out of the way. I Have a Masters in Raising Hell
    Tech Books
    Free Linux Books
    Newbie Guide
    Courses at Home

  3. #3
    Just Joined!
    Join Date
    May 2009
    Posts
    10
    Thank you very much for your suggestion, but while the intruder was not around for a bit, the second I opened a terminal, he was back. By the time I got to ./install rkhunter my user rights to install the rootkit detector came up "permission denied".

    That is why I cannot do anything in Linux, in windows, and believe it or not, I had a flash drive with the infection/rootkit on it (I assuming this anyway), and while at a commercial internet cafe with workstations, I used the flash drive. Moments later all my rights on that system were denied in the same manner. I know that in addition to bluetooth, which is for wireless purposes, he uses primary UDP embedded in ipv6. This makes it easy for him to get past NATs and firewalls too.

  4. #4
    Linux Guru rokytnji's Avatar
    Join Date
    Jul 2008
    Location
    Desert
    Posts
    4,043
    Wow. Well then. Do you have the ability to open Synaptic Package Manger and install rkhunter from there?
    Linux Registered User # 475019
    Lead,Follow, or get the heck out of the way. I Have a Masters in Raising Hell
    Tech Books
    Free Linux Books
    Newbie Guide
    Courses at Home

  5. #5
    Just Joined!
    Join Date
    May 2009
    Posts
    10
    Well I feel stupid....it was in synaptics. I installed it and it is running.

    Although....I have my doubts. I will let you know.

    But it has been four months that I have been dealing with it. In windows, this guy or these people (or kids) or whoever.... they can get hooks into everything before I login, they have already made configurations if necessary to their advantage.

    I do not know how long it takes to run... But I will post when it does. Meanwhile... check out the attached from running this command: ps -A e -l -y

    It is just all processes, with the environment displayed after the command in each process, then the -l and -y are formatting switches (I believe).

    I see a couple of words which really spook me in this output. One is SSH, The other is Bluetooth. Since my theory has been that either my motherboard or memory takes a VERY long time to lose its charge (which means it holds the code that is causing my problem), OR the people responsible for the trojan are using another means (at least initally) to access my laptop). In the past 4 months, I have removed my wireless NIC and the problem remains--active involvement by someone or a code that is running (and really smart!). Then after I swapped out my old drive for a brand new drive, I was nearing implosion with how confused I was that this problem won't seem to go away. So after reading for several hours on MSDN (microsoft developers info) the only thing I could come up with to explain a method (reasonably plausible anyway) to get to my lap top when my wireless NIC is not installed and I am not connected to an ethernet LAN or dsl or anything wired, would be another RF. Infared would not work because it is way too short-range and the line-of-sight requirements are too strict. However, Bluetooth can go up to a mile with enough power behind it; it is a radio frquency and can be carried by APs from the internet, and further, the line of sight needs are a lot less. One problem (or rather debate) I am having with other people (Windows people) is that they insist that there needs to be mutual authentication for anything like this to take place. Being someone with a "hacker" mindset, I would think that anyone who has an "absolute" when it comes to computer/internet security is not really going to be very good at security. Generally, at the Windows forum, where I am also posting about this, this theory is met with anything from rejection to laughter.

    I have been all over Chicago (where I live) and no matter where I am, this "bug" (which is likely automated a good deal of the time--but also it is used to assist in direct access to my pc to do things to disrupt whatever I am doing because for whatever reason he/she/they do not want me to do it. Or they may reconfigure things and set ACL or group policies so I can no longer run an app, access a directory, etc. Which is why I typically have to reinstall.

    But in Linux--which I will say is far less affected by this -- is by no means immune. As I have said (I think) in my other post, when I did not have an ethernet connection and relied on wireless, I had a real tough time getting any work done because I was constantly fighting for control of my laptop so I could get access to the internet. In Linux, eth1, my wireless adapter, would suddenly just not be output when I used ifconfig. I am sure that it is something someone with particularly strong linux skills could do (or maybe not, because I do not have very strong skills), but I do know that I need this thing gone and quick.....I am going to end up homeless and with some mental disorder....

    Look at this output...I do not understand a lot of the switches and what the process or command that is running is supposed to be doing, so if you have any info you could share, it would be immensely helpful.

  6. #6
    Just Joined!
    Join Date
    May 2009
    Posts
    10
    Below is the output from rkhunter. there are two suspect files (but I am not sure what to do with them). The amusing thing is that I am on a LIVE CD, not an installation. if these two files are actually malicious, imagine what they could do to a full installation (if i do not get a really good firewall)....


    mint@mint ~ $ sudo rkhunter -c
    [ Rootkit Hunter version 1.3.2 ]

    Checking system commands...

    Performing 'strings' command checks
    Checking 'strings' command [ OK ]

    Performing 'shared libraries' checks
    Checking for preloading variables [ None found ]
    Checking for preload file [ Not found ]
    Checking LD_LIBRARY_PATH variable [ Not found ]

    Performing file properties checks
    Checking for prerequisites [ OK ]
    /bin/bash [ OK ]
    /bin/cat [ OK ]
    /bin/chmod [ OK ]
    /bin/chown [ OK ]
    /bin/cp [ OK ]
    /bin/date [ OK ]
    /bin/df [ OK ]
    /bin/dmesg [ OK ]
    /bin/echo [ OK ]
    /bin/ed [ OK ]
    /bin/egrep [ OK ]
    /bin/fgrep [ OK ]
    /bin/fuser [ OK ]
    /bin/grep [ OK ]
    /bin/ip [ OK ]
    /bin/kill [ OK ]
    /bin/login [ OK ]
    /bin/ls [ OK ]
    /bin/lsmod [ OK ]
    /bin/mktemp [ OK ]
    /bin/more [ OK ]
    /bin/mount [ OK ]
    /bin/mv [ OK ]
    /bin/netstat [ OK ]
    /bin/ps [ OK ]
    /bin/pwd [ OK ]
    /bin/readlink [ OK ]
    /bin/sed [ OK ]
    /bin/sh [ OK ]
    /bin/su [ OK ]
    /bin/touch [ OK ]
    /bin/uname [ OK ]
    /bin/which [ OK ]
    /bin/dash [ OK ]
    /usr/bin/awk [ OK ]
    /usr/bin/basename [ OK ]
    /usr/bin/chattr [ OK ]
    /usr/bin/cut [ OK ]
    /usr/bin/diff [ OK ]
    /usr/bin/dirname [ OK ]
    /usr/bin/dpkg [ OK ]
    /usr/bin/dpkg-query [ OK ]
    /usr/bin/du [ OK ]
    /usr/bin/env [ OK ]
    /usr/bin/file [ OK ]
    /usr/bin/find [ OK ]
    /usr/bin/GET [ OK ]
    /usr/bin/groups [ OK ]
    /usr/bin/head [ OK ]
    /usr/bin/id [ OK ]
    /usr/bin/killall [ OK ]
    /usr/bin/last [ OK ]
    /usr/bin/lastlog [ OK ]
    /usr/bin/ldd [ OK ]
    /usr/bin/less [ OK ]
    /usr/bin/locate [ OK ]
    /usr/bin/logger [ OK ]
    /usr/bin/lsattr [ OK ]
    /usr/bin/lsof [ OK ]
    /usr/bin/mail [ OK ]
    /usr/bin/md5sum [ OK ]
    /usr/bin/mlocate [ OK ]
    /usr/bin/newgrp [ OK ]
    /usr/bin/passwd [ OK ]
    /usr/bin/perl [ OK ]
    /usr/bin/pstree [ OK ]
    /usr/bin/rkhunter [ OK ]
    /usr/bin/runcon [ OK ]
    /usr/bin/sha1sum [ OK ]
    /usr/bin/size [ OK ]
    /usr/bin/sort [ OK ]
    /usr/bin/stat [ OK ]
    /usr/bin/strace [ OK ]
    /usr/bin/strings [ OK ]
    /usr/bin/sudo [ OK ]
    /usr/bin/tail [ OK ]
    /usr/bin/test [ OK ]
    /usr/bin/top [ OK ]
    /usr/bin/touch [ OK ]
    /usr/bin/tr [ OK ]
    /usr/bin/uniq [ OK ]
    /usr/bin/users [ OK ]
    /usr/bin/vmstat [ OK ]
    /usr/bin/w [ OK ]
    /usr/bin/watch [ OK ]
    /usr/bin/wc [ OK ]
    /usr/bin/wget [ OK ]
    /usr/bin/whatis [ OK ]
    /usr/bin/whereis [ OK ]
    /usr/bin/which [ OK ]
    /usr/bin/who [ OK ]
    /usr/bin/whoami [ OK ]
    /usr/bin/mawk [ OK ]
    /usr/bin/lwp-request [ OK ]
    /usr/bin/bsd-mailx [ OK ]
    /usr/bin/w.procps [ OK ]
    /sbin/depmod [ OK ]
    /sbin/ifconfig [ OK ]
    /sbin/ifdown [ OK ]
    /sbin/ifup [ OK ]
    /sbin/init [ OK ]
    /sbin/insmod [ OK ]
    /sbin/ip [ OK ]
    /sbin/lsmod [ OK ]
    /sbin/modinfo [ OK ]
    /sbin/modprobe [ OK ]
    /sbin/rmmod [ OK ]
    /sbin/runlevel [ OK ]
    /sbin/sulogin [ OK ]
    /sbin/sysctl [ OK ]
    /sbin/syslogd [ OK ]
    /usr/sbin/adduser [ OK ]
    /usr/sbin/chroot [ OK ]
    /usr/sbin/cron [ OK ]
    /usr/sbin/groupadd [ OK ]
    /usr/sbin/groupdel [ OK ]
    /usr/sbin/groupmod [ OK ]
    /usr/sbin/grpck [ OK ]
    /usr/sbin/nologin [ OK ]
    /usr/sbin/pwck [ OK ]
    /usr/sbin/tcpd [ OK ]
    /usr/sbin/unhide [ Warning ]
    /usr/sbin/useradd [ OK ]
    /usr/sbin/userdel [ OK ]
    /usr/sbin/usermod [ OK ]
    /usr/sbin/vipw [ OK ]
    /usr/sbin/unhide-linux26 [ Warning ]

    [Press <ENTER> to continue]


    Checking for rootkits...

    Performing check of known rootkit files and directories
    55808 Trojan - Variant A [ Not found ]
    ADM Worm [ Not found ]
    AjaKit Rootkit [ Not found ]
    aPa Kit [ Not found ]
    Apache Worm [ Not found ]
    Ambient (ark) Rootkit [ Not found ]
    Balaur Rootkit [ Not found ]
    BeastKit Rootkit [ Not found ]
    beX2 Rootkit [ Not found ]
    BOBKit Rootkit [ Not found ]
    CiNIK Worm (Slapper.B variant) [ Not found ]
    Danny-Boy's Abuse Kit [ Not found ]
    Devil RootKit [ Not found ]
    Dica-Kit Rootkit [ Not found ]
    Dreams Rootkit [ Not found ]
    Duarawkz Rootkit [ Not found ]
    Enye LKM [ Not found ]
    Flea Linux Rootkit [ Not found ]
    FreeBSD Rootkit [ Not found ]
    ****`it Rootkit [ Not found ]
    GasKit Rootkit [ Not found ]
    Heroin LKM [ Not found ]
    HjC Kit [ Not found ]
    ignoKit Rootkit [ Not found ]
    ImperalsS-FBRK Rootkit [ Not found ]
    Irix Rootkit [ Not found ]
    Kitko Rootkit [ Not found ]
    Knark Rootkit [ Not found ]
    Li0n Worm [ Not found ]
    Lockit / LJK2 Rootkit [ Not found ]
    Mood-NT Rootkit [ Not found ]
    MRK Rootkit [ Not found ]
    Ni0 Rootkit [ Not found ]
    Ohhara Rootkit [ Not found ]
    Optic Kit (Tux) Worm [ Not found ]
    Oz Rootkit [ Not found ]
    Phalanx Rootkit [ Not found ]
    Phalanx Rootkit (strings) [ Not found ]
    Portacelo Rootkit [ Not found ]
    R3dstorm Toolkit [ Not found ]
    RH-Sharpe's Rootkit [ Not found ]
    RSHA's Rootkit [ Not found ]
    Scalper Worm [ Not found ]
    Sebek LKM [ Not found ]
    Shutdown Rootkit [ Not found ]
    SHV4 Rootkit [ Not found ]
    SHV5 Rootkit [ Not found ]
    Sin Rootkit [ Not found ]
    Slapper Worm [ Not found ]
    Sneakin Rootkit [ Not found ]
    Suckit Rootkit [ Not found ]
    SunOS Rootkit [ Not found ]
    SunOS / NSDAP Rootkit [ Not found ]
    Superkit Rootkit [ Not found ]
    TBD (Telnet BackDoor) [ Not found ]
    TeLeKiT Rootkit [ Not found ]
    T0rn Rootkit [ Not found ]
    Trojanit Kit [ Not found ]
    Tuxtendo Rootkit [ Not found ]
    URK Rootkit [ Not found ]
    VcKit Rootkit [ Not found ]
    Volc Rootkit [ Not found ]
    X-Org SunOS Rootkit [ Not found ]
    zaRwT.KiT Rootkit [ Not found ]

    Performing additional rootkit checks
    Suckit Rookit additional checks [ OK ]
    Checking for possible rootkit files and directories [ None found ]
    Checking for possible rootkit strings [ None found ]

    Performing malware checks
    Checking running processes for suspicious files [ None found ]
    Checking for login backdoors [ None found ]
    Checking for suspicious directories [ None found ]
    Checking for sniffer log files [ None found ]

    Performing trojan specific checks
    Checking for enabled inetd services [ OK ]

    Performing Linux specific checks
    Checking kernel module commands [ OK ]
    Checking kernel module names [ OK ]

    [Press <ENTER> to continue]


    Checking the network...

    Performing check for backdoor ports
    Checking for UDP port 2001 [ Not found ]
    Checking for TCP port 2006 [ Not found ]
    Checking for TCP port 2128 [ Not found ]
    Checking for TCP port 14856 [ Not found ]
    Checking for TCP port 47107 [ Not found ]
    Checking for TCP port 60922 [ Not found ]

    Performing checks on the network interfaces
    Checking for promiscuous interfaces [ None found ]

    [Press <ENTER> to continue]


    Checking the local host...

    Performing system boot checks
    Checking for local host name [ Found ]
    Checking for local startup files [ Found ]
    Checking local startup files for malware [ None found ]
    Checking system startup files for malware [ None found ]

    Performing group and account checks
    Checking for passwd file [ Found ]
    Checking for root equivalent (UID 0) accounts [ None found ]
    Checking for passwordless accounts [ None found ]
    Checking for passwd file changes [ None found ]
    Checking for group file changes [ None found ]
    Checking root account shell history files [ OK ]

    Performing system configuration file checks
    Checking for SSH configuration file [ Not found ]
    Checking for running syslog daemon [ Found ]
    Checking for syslog configuration file [ Found ]
    Checking if syslog remote logging is allowed [ Not allowed ]

    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ None found ]

    [Press <ENTER> to continue]


    Checking application versions...

    Checking version of Exim MTA [ OK ]
    Checking version of GnuPG [ OK ]
    Checking version of OpenSSL [ OK ]


    System checks summary
    =====================

    File properties checks...
    Files checked: 127
    Suspect files: 2

    Rootkit checks...
    Rootkits checked : 109
    Possible rootkits: 0

    Applications checks...
    Applications checked: 3
    Suspect applications: 0

    The system checks took: 30 minutes and 0 seconds

    All results have been written to the logfile (/var/log/rkhunter.log)

    One or more warnings have been found while checking the system.
    Please check the log file (/var/log/rkhunter.log)

    mint@mint ~ $

  7. #7
    Just Joined!
    Join Date
    May 2009
    Posts
    10
    As you can see, my job has been--and continues to be-- painfully difficult. [

    See attached screenshot.

    The screenshot is fairly small, so in case you cannot see it, it says I do not have any right to view the rkhunter.log]


    !!!!!!!!!!!!!!!
    Attached Images Attached Images

  8. #8
    Linux User
    Join Date
    May 2009
    Location
    Big River, Sask, Canada
    Posts
    342
    Did you run the command as root?[code] sudo cat /var/log/rkhunter.log | less[code]
    Registered Linux User #420832

  9. #9
    Just Joined!
    Join Date
    May 2009
    Posts
    10
    Nothing. Although I have not logged out, the file is gone..

    I will do a full install of a distro. I am not getting anywhere with the so called Windows experts. And Windows has so many problems as it is, I think that between Windows and their inability to think out of the box, I was doomed to have a hijacked laptop until I dropped it off a bridge.

    Hopefully I will find a little more creativity in problem solving at a Linux forum like this one.

    Any suggestions on a distro? Happy to move on from Ubuntu/Mint...

    First question regarding my terminal output below..... Why is it that my clock (on my GUI) is correct, yet the system time is different?

    mint@mint ~ $ sudo cat /var/log/less rkhunter.org
    cat: /var/log/less: No such file or directory
    cat: rkhunter.org: No such file or directory
    mint@mint ~ $ who
    mint tty4 2009-05-19 19:27
    mint tty5 2009-05-19 19:27
    mint tty6 2009-05-19 19:27
    mint tty3 2009-05-19 19:27
    mint tty2 2009-05-19 19:27
    mint tty1 2009-05-19 19:28
    mint tty7 2009-05-19 19:28 (:0)
    mint pts/0 2009-05-20 07:07 (:0.0)
    mint@mint ~ $ man ps
    mint@mint ~ $ ps -U root -u root u
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 0.0 0.0 3056 1884 ? Ss 00:26 0:01 /sbin/init
    root 2 0.0 0.0 0 0 ? S< 00:26 0:00 [kthreadd]
    root 3 0.0 0.0 0 0 ? S< 00:26 0:00 [migration/0]
    root 4 0.0 0.0 0 0 ? S< 00:26 0:01 [ksoftirqd/0]
    root 5 0.0 0.0 0 0 ? S< 00:26 0:00 [watchdog/0]
    root 6 0.0 0.0 0 0 ? S< 00:26 0:00 [migration/1]
    root 7 0.0 0.0 0 0 ? S< 00:26 0:01 [ksoftirqd/1]
    root 8 0.0 0.0 0 0 ? S< 00:26 0:00 [watchdog/1]
    root 9 0.0 0.0 0 0 ? S< 00:26 0:00 [events/0]
    root 10 0.0 0.0 0 0 ? S< 00:26 0:01 [events/1]
    root 11 0.0 0.0 0 0 ? S< 00:26 0:00 [khelper]
    root 51 0.0 0.0 0 0 ? S< 00:26 0:00 [kintegrityd/0]
    root 52 0.0 0.0 0 0 ? S< 00:26 0:00 [kintegrityd/1]
    root 54 0.0 0.0 0 0 ? S< 00:26 0:00 [kblockd/0]
    root 55 0.0 0.0 0 0 ? S< 00:26 0:00 [kblockd/1]
    root 57 0.0 0.0 0 0 ? S< 00:26 0:00 [kacpid]
    root 58 0.0 0.0 0 0 ? S< 00:26 0:00 [kacpi_notify]
    root 159 0.0 0.0 0 0 ? S< 00:26 0:00 [cqueue]
    root 163 0.0 0.0 0 0 ? S< 00:26 0:00 [kseriod]
    root 208 0.0 0.0 0 0 ? S 00:26 0:00 [pdflush]
    root 209 0.0 0.0 0 0 ? S 00:26 0:00 [pdflush]
    root 210 0.0 0.0 0 0 ? S< 00:26 0:00 [kswapd0]
    root 252 0.0 0.0 0 0 ? S< 00:26 0:00 [aio/0]
    root 253 0.0 0.0 0 0 ? S< 00:26 0:00 [aio/1]
    root 1248 0.0 0.0 0 0 ? S< 00:26 0:00 [ata/0]
    root 1250 0.0 0.0 0 0 ? S< 00:26 0:00 [ata/1]
    root 1252 0.0 0.0 0 0 ? S< 00:26 0:00 [ata_aux]
    root 1256 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_0]
    root 1257 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_1]
    root 1258 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_2]
    root 1259 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_3]
    root 1261 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_4]
    root 1263 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_5]
    root 1281 0.0 0.0 0 0 ? S< 00:26 0:00 [ksuspend_usbd]
    root 1282 0.0 0.0 0 0 ? S< 00:26 0:01 [khubd]
    root 2064 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_6]
    root 2065 0.0 0.0 0 0 ? S< 00:26 0:00 [scsi_eh_7]
    root 2372 0.0 0.0 0 0 ? S< 00:26 0:01 [aufsd]
    root 2373 0.0 0.0 0 0 ? S< 00:26 0:00 [aufsd]
    root 2374 0.0 0.0 0 0 ? S< 00:26 0:00 [aufsd]
    root 2375 0.0 0.0 0 0 ? S< 00:26 0:00 [aufsd]
    root 2412 0.0 0.0 0 0 ? S< 00:26 0:02 [loop0]
    root 4296 0.0 0.0 2496 1004 ? S<s 00:27 0:01 /sbin/udevd --daemon
    root 5361 0.0 0.0 0 0 ? S< 00:27 0:00 [kmmcd]
    root 5365 0.0 0.0 0 0 ? S< 00:27 0:00 [kpsmoused]
    root 6511 0.0 0.0 2956 1408 tty4 Ss 00:27 0:00 /bin/login -f
    root 6512 0.0 0.0 2956 1408 tty5 Ss 00:27 0:00 /bin/login -f
    root 6521 0.0 0.0 2956 1404 tty2 Ss 00:27 0:00 /bin/login -f
    root 6522 0.0 0.0 2956 1404 tty3 Ss 00:27 0:00 /bin/login -f
    root 6525 0.0 0.0 2956 1404 tty6 Ss 00:27 0:00 /bin/login -f
    root 6759 0.0 0.0 2304 1212 ? Ss 00:27 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
    root 6827 0.0 0.0 0 0 ? S< 00:27 0:05 [kondemand/0]
    root 6828 0.0 0.0 0 0 ? S< 00:27 0:06 [kondemand/1]
    root 6958 0.0 0.0 1940 544 ? S 00:27 0:00 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg
    root 7078 0.0 0.0 6512 2676 ? Ss 00:27 0:00 /usr/sbin/cupsd
    root 7143 0.0 0.0 7124 1584 ? Ss 00:27 0:00 /usr/sbin/nmbd -D
    root 7145 0.0 0.0 12692 2768 ? Ss 00:27 0:00 /usr/sbin/smbd -D
    root 7167 0.0 0.0 12692 1112 ? S 00:27 0:00 /usr/sbin/smbd -D
    root 7175 0.0 0.0 17480 2604 ? Ssl 00:27 0:00 /usr/sbin/console-kit-daemon
    root 7176 0.0 0.0 3364 1140 ? S 00:27 0:00 hald-runner
    root 7258 0.0 0.0 3436 1056 ? S 00:27 0:01 hald-addon-input: Listening on /dev/input/event4 /dev/input/event7 /dev/input/event9 /dev/in
    root 7274 0.0 0.0 3448 1040 ? S 00:27 0:00 /usr/lib/hal/hald-addon-cpufreq
    root 7283 0.0 0.0 3440 1156 ? S 00:27 0:08 hald-addon-storage: polling /dev/scd0 (every 2 sec)
    root 7327 0.0 0.0 3488 1544 ? Ss 00:27 0:00 /usr/sbin/bluetoothd
    root 7334 0.0 0.0 0 0 ? S< 00:27 0:00 [btaddconn]
    root 7336 0.0 0.0 0 0 ? S< 00:27 0:00 [btdelconn]
    root 7350 0.0 0.0 0 0 ? S< 00:27 0:00 [krfcommd]
    root 7389 0.0 0.0 14632 2588 ? Ssl 00:28 0:01 /usr/sbin/NetworkManager
    root 7414 0.0 0.0 4240 1828 ? S 00:28 0:00 /sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log
    root 7422 0.0 0.1 6776 2980 ? S 00:28 0:00 /usr/sbin/nm-system-settings --config /etc/NetworkManager/nm-system-settings.conf
    root 7486 0.0 0.0 14240 1756 ? Ss 00:28 0:00 /usr/sbin/gdm
    root 7489 0.0 0.1 14740 3188 ? S 00:28 0:00 /usr/sbin/gdm
    root 7492 5.3 1.3 55180 39092 tty7 Rs+ 00:28 21:26 /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
    root 7511 0.0 0.0 4336 1148 ? Ss 00:28 0:00 /usr/bin/system-tools-backends
    daemon 7529 0.0 0.0 2068 456 ? Ss 00:28 0:00 /usr/sbin/atd
    root 7557 0.0 0.0 3412 1024 ? Ss 00:28 0:00 /usr/sbin/cron
    root 7649 0.0 0.0 2956 1500 tty1 Ss 00:28 0:00 /bin/login -f
    root 8566 0.0 0.0 2252 948 ? S 00:46 0:00 /sbin/dhclient -d -sf /usr/lib/NetworkManager/nm-dhcp-client.action -pf /var/run/dhclient-et
    root 30969 0.1 0.9 56004 27364 ? Ssl 04:49 0:12 python /usr/lib/linuxmint/mintUpdate/mintUpdate.py show 7965
    mint@mint ~ $

  10. #10
    Just Joined!
    Join Date
    May 2009
    Posts
    10
    Latest run of ps -Ae

    I am not using any of the apps that are being used in the process list....tomboy, nautilus, mixer, etc.

    mint@mint ~ $ ps -Ae
    PID TTY TIME CMD
    1 ? 00:00:01 init
    2 ? 00:00:00 kthreadd
    3 ? 00:00:00 migration/0
    4 ? 00:00:01 ksoftirqd/0
    5 ? 00:00:00 watchdog/0
    6 ? 00:00:00 migration/1
    7 ? 00:00:01 ksoftirqd/1
    8 ? 00:00:00 watchdog/1
    9 ? 00:00:00 events/0
    10 ? 00:00:01 events/1
    11 ? 00:00:00 khelper
    51 ? 00:00:00 kintegrityd/0
    52 ? 00:00:00 kintegrityd/1
    54 ? 00:00:00 kblockd/0
    55 ? 00:00:00 kblockd/1
    57 ? 00:00:00 kacpid
    58 ? 00:00:00 kacpi_notify
    159 ? 00:00:00 cqueue
    163 ? 00:00:00 kseriod
    208 ? 00:00:00 pdflush
    209 ? 00:00:00 pdflush
    210 ? 00:00:00 kswapd0
    252 ? 00:00:00 aio/0
    253 ? 00:00:00 aio/1
    1248 ? 00:00:00 ata/0
    1250 ? 00:00:00 ata/1
    1252 ? 00:00:00 ata_aux
    1256 ? 00:00:00 scsi_eh_0
    1257 ? 00:00:00 scsi_eh_1
    1258 ? 00:00:00 scsi_eh_2
    1259 ? 00:00:00 scsi_eh_3
    1261 ? 00:00:00 scsi_eh_4
    1263 ? 00:00:00 scsi_eh_5
    1281 ? 00:00:00 ksuspend_usbd
    1282 ? 00:00:01 khubd
    2064 ? 00:00:00 scsi_eh_6
    2065 ? 00:00:00 scsi_eh_7
    2372 ? 00:00:01 aufsd
    2373 ? 00:00:00 aufsd
    2374 ? 00:00:00 aufsd
    2375 ? 00:00:00 aufsd
    2412 ? 00:00:02 loop0
    4296 ? 00:00:01 udevd
    5361 ? 00:00:00 kmmcd
    5365 ? 00:00:00 kpsmoused
    6511 tty4 00:00:00 login
    6512 tty5 00:00:00 login
    6521 tty2 00:00:00 login
    6522 tty3 00:00:00 login
    6525 tty6 00:00:00 login
    6533 tty4 00:00:00 bash
    6534 tty5 00:00:00 bash
    6537 tty6 00:00:00 bash
    6546 tty3 00:00:00 bash
    6547 tty2 00:00:00 bash
    6759 ? 00:00:00 acpid
    6827 ? 00:00:05 kondemand/0
    6828 ? 00:00:06 kondemand/1
    6907 ? 00:00:00 syslogd
    6958 ? 00:00:00 dd
    6960 ? 00:00:00 klogd
    6983 ? 00:00:02 dbus-daemon
    7005 ? 00:00:00 avahi-daemon
    7006 ? 00:00:00 avahi-daemon
    7078 ? 00:00:00 cupsd
    7143 ? 00:00:00 nmbd
    7145 ? 00:00:00 smbd
    7167 ? 00:00:00 smbd
    7170 ? 00:00:02 hald
    7175 ? 00:00:00 console-kit-dae
    7176 ? 00:00:00 hald-runner
    7258 ? 00:00:01 hald-addon-inpu
    7274 ? 00:00:00 hald-addon-cpuf
    7275 ? 00:00:00 hald-addon-acpi
    7283 ? 00:00:08 hald-addon-stor
    7327 ? 00:00:00 bluetoothd
    7334 ? 00:00:00 btaddconn
    7336 ? 00:00:00 btdelconn
    7350 ? 00:00:00 krfcommd
    7389 ? 00:00:01 NetworkManager
    7414 ? 00:00:00 wpa_supplicant
    7422 ? 00:00:00 nm-system-setti
    7486 ? 00:00:00 gdm
    7489 ? 00:00:00 gdm
    7492 tty7 00:22:01 Xorg
    7511 ? 00:00:00 system-tools-ba
    7529 ? 00:00:00 atd
    7557 ? 00:00:00 cron
    7649 tty1 00:00:00 login
    7658 tty1 00:00:00 bash
    7716 ? 00:00:00 x-session-manag
    7836 ? 00:00:00 ssh-agent
    7839 ? 00:00:00 dbus-launch
    7840 ? 00:00:01 dbus-daemon
    7843 ? 00:00:02 pulseaudio
    7846 ? 00:00:00 gconf-helper
    7848 ? 00:00:05 gconfd-2
    7854 ? 00:00:00 seahorse-agent
    7858 ? 00:00:00 gnome-keyring-d
    7861 ? 00:00:00 gnome-keyring-d
    7862 ? 00:00:07 gnome-settings-
    7864 ? 00:00:34 metacity
    7894 ? 00:00:00 gvfsd
    7910 ? 00:00:00 gvfs-fuse-daemo
    7933 ? 00:00:33 gnome-panel
    7936 ? 00:00:45 nautilus
    7939 ? 00:00:00 bonobo-activati
    7948 ? 00:00:00 gvfs-hal-volume
    7950 ? 00:00:00 gvfs-gphoto2-vo
    7952 ? 00:00:00 bluetooth-apple
    7958 ? 00:00:17 gnome-do
    7961 ? 00:00:00 gvfsd-burn
    7968 ? 00:00:01 nm-applet
    7971 ? 00:00:01 python
    7973 ? 00:00:02 gnome-power-man
    7985 ? 00:00:04 tomboy
    7987 ? 00:00:00 mixer_applet2
    7989 ? 00:00:22 mintMenu
    7992 ? 00:00:00 gvfsd-trash
    8050 ? 00:01:43 gnome-screensav
    8119 ? 00:00:01 trackerd
    8566 ? 00:00:00 dhclient
    8573 ? 00:00:01 notification-da
    8634 ? 00:40:49 firefox
    9616 ? 00:00:00 exim4
    15275 ? 00:00:03 gnome-terminal
    15277 ? 00:00:00 gnome-pty-helpe
    15278 pts/0 00:00:00 bash
    15360 ? 00:00:10 npviewer.bin
    15859 ? 00:00:00 gnome-terminal <defunct>
    15862 pts/1 00:00:00 bash
    15877 pts/1 00:00:00 ps
    29804 ? 00:00:00 gvfsd-computer
    30968 ? 00:00:00 gksudo
    30969 ? 00:00:14 mintUpdate
    31529 ? 00:00:16 evince

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •