# chkproc -v shows a lot of hidden processes

## skynetstreet

chkproc -v shows the following output.

PID  1642(/proc/1642): not in readdir output

PID  1642: not in ps output

PID  1643(/proc/1643): not in readdir output

PID  1643: not in ps output

PID  1645(/proc/1645): not in readdir output

PID  1645: not in ps output

PID  1646(/proc/1646): not in readdir output

PID  1646: not in ps output

PID  1648(/proc/1648): not in readdir output

PID  1648: not in ps output

PID  1654(/proc/1654): not in readdir output

PID  1654: not in ps output

PID  3339(/proc/3339): not in readdir output

PID  3339: not in ps output

PID  3907(/proc/3907): not in readdir output

PID  3907: not in ps output

PID  3908(/proc/3908): not in readdir output

PID  3908: not in ps output

PID  3909(/proc/3909): not in readdir output

PID  3909: not in ps output

PID  4415(/proc/4415): not in readdir output

PID  4415: not in ps output

PID  4418(/proc/4418): not in readdir output

PID  4418: not in ps output

PID  4419(/proc/4419): not in readdir output

PID  4419: not in ps output

PID  4420(/proc/4420): not in readdir output

PID  4420: not in ps output

PID  4421(/proc/4421): not in readdir output

PID  4421: not in ps output

PID  4422(/proc/4422): not in readdir output

PID  4422: not in ps output

PID  4423(/proc/4423): not in readdir output

PID  4423: not in ps output

PID  4424(/proc/4424): not in readdir output

PID  4424: not in ps output

PID  4425(/proc/4425): not in readdir output

PID  4425: not in ps output

PID  4426(/proc/4426): not in readdir output

PID  4426: not in ps output

PID  4427(/proc/4427): not in readdir output

PID  4427: not in ps output

PID  4428(/proc/4428): not in readdir output

PID  4428: not in ps output

PID  4429(/proc/4429): not in readdir output

PID  4429: not in ps output

PID  4430(/proc/4430): not in readdir output

PID  4430: not in ps output

PID  4431(/proc/4431): not in readdir output

PID  4431: not in ps output

PID  4432(/proc/4432): not in readdir output

PID  4432: not in ps output

PID  4433(/proc/4433): not in readdir output

PID  4433: not in ps output

PID  4434(/proc/4434): not in readdir output

PID  4434: not in ps output

PID  4435(/proc/4435): not in readdir output

PID  4435: not in ps output

PID  4436(/proc/4436): not in readdir output

PID  4436: not in ps output

PID  4437(/proc/4437): not in readdir output

PID  4437: not in ps output

PID  4438(/proc/4438): not in readdir output

PID  4438: not in ps output

PID  4439(/proc/4439): not in readdir output

PID  4439: not in ps output

PID  4440(/proc/4440): not in readdir output

PID  4440: not in ps output

PID  4441(/proc/4441): not in readdir output

PID  4441: not in ps output

PID  4442(/proc/4442): not in readdir output

PID  4442: not in ps output

PID  4443(/proc/4443): not in readdir output

PID  4443: not in ps output

PID  4444(/proc/4444): not in readdir output

PID  4444: not in ps output

PID  4445(/proc/4445): not in readdir output

PID  4445: not in ps output

PID  4446(/proc/4446): not in readdir output

PID  4446: not in ps output

PID  4447(/proc/4447): not in readdir output

PID  4447: not in ps output

PID  4448(/proc/4448): not in readdir output

PID  4448: not in ps output

PID  4449(/proc/4449): not in readdir output

PID  4449: not in ps output

PID  4450(/proc/4450): not in readdir output

PID  4450: not in ps output

PID  4451(/proc/4451): not in readdir output

PID  4451: not in ps output

PID  4452(/proc/4452): not in readdir output

PID  4452: not in ps output

PID  4453(/proc/4453): not in readdir output

PID  4453: not in ps output

PID  4454(/proc/4454): not in readdir output

PID  4454: not in ps output

PID  4455(/proc/4455): not in readdir output

PID  4455: not in ps output

PID  4456(/proc/4456): not in readdir output

PID  4456: not in ps output

PID  4457(/proc/4457): not in readdir output

PID  4457: not in ps output

PID  4458(/proc/4458): not in readdir output

PID  4458: not in ps output

PID  4459(/proc/4459): not in readdir output

PID  4459: not in ps output

PID  4460(/proc/4460): not in readdir output

PID  4460: not in ps output

PID  4461(/proc/4461): not in readdir output

PID  4461: not in ps output

PID  4462(/proc/4462): not in readdir output

PID  4462: not in ps output

PID  4463(/proc/4463): not in readdir output

PID  4463: not in ps output

PID  4464(/proc/4464): not in readdir output

PID  4464: not in ps output

PID  4465(/proc/4465): not in readdir output

PID  4465: not in ps output

PID  4466(/proc/4466): not in readdir output

PID  4466: not in ps output

PID  4467(/proc/4467): not in readdir output

PID  4467: not in ps output

PID  4468(/proc/4468): not in readdir output

PID  4468: not in ps output

You have    62 process hidden for readdir command

You have    62 process hidden for ps command

rkhunter -c says "Performing 'known good' check...Info: Check skipped - no hashes available."

Are they normal? My system is OK?

----------

## di1bert

What does chkrootkit say about your system ? 

I generally run both rkhunter and chkrootkit just to be sure...

-em

----------

## skynetstreet

chkrootkit said this:

ROOTDIR is `/'

Checking `amd'... not found

Checking `basename'... not infected

Checking `biff'... not found

Checking `chfn'... not infected

Checking `chsh'... not infected

Checking `cron'... not infected

Checking `crontab'... not infected

Checking `date'... not infected

Checking `du'... not infected

Checking `dirname'... not infected

Checking `echo'... not infected

Checking `egrep'... not infected

Checking `env'... not infected

Checking `find'... not infected

Checking `fingerd'... not found

Checking `gpm'... not infected

Checking `grep'... not infected

Checking `hdparm'... not infected

Checking `su'... not infected

Checking `ifconfig'... not infected

Checking `inetd'... not tested

Checking `inetdconf'... not found

Checking `identd'... not found

Checking `init'... not infected

Checking `killall'... not infected

Checking `ldsopreload'... not infected

Checking `login'... not infected

Checking `ls'... not infected

Checking `lsof'... not infected

Checking `mail'... not found

Checking `mingetty'... not found

Checking `netstat'... not infected

Checking `named'... not infected

Checking `passwd'... not infected

Checking `pidof'... not infected

Checking `pop2'... not found

Checking `pop3'... not found

Checking `ps'... not infected

Checking `pstree'... not infected

Checking `rpcinfo'... not infected

Checking `rlogind'... not infected

Checking `rshd'... not infected

Checking `slogin'... not infected

Checking `sendmail'... not infected

Checking `sshd'... not infected

Checking `syslogd'... not tested

Checking `tar'... not infected

Checking `tcpd'... not infected

Checking `tcpdump'... not infected

Checking `top'... not infected

Checking `telnetd'... not infected

Checking `timed'... not found

Checking `traceroute'... not infected

Checking `vdir'... not infected

Checking `w'... not infected

Checking `write'... not infected

Checking `aliens'... no suspect files

Searching for sniffer's logs, it may take a while... nothing found

Searching for HiDrootkit's default dir... nothing found

Searching for t0rn's default files and dirs... nothing found

Searching for t0rn's v8 defaults... nothing found

Searching for Lion Worm default files and dirs... nothing found

Searching for RSHA's default files and dir... nothing found

Searching for RH-Sharpe's default files... nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothing found

Searching for suspicious files and dirs, it may take a while... 

/usr/lib/rox/ROX-Filer/.DirIcon /usr/lib/.keep /usr/lib/perl5/5.8.8/i686-linux/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Git/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Image/Magick/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/IO/Zlib/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/IO/Compress/Base/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/IO/Compress/Zlib/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/IO/Socket/SSL/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/IO/String/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/DBD/SQLite/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/DBI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/LWP/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Net/SMTP/SSL/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Net/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Net/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/SVN/_Core/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/URI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Sys/Syslog/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/File/Which/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/List/Util/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Term/ReadLine/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Harness/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/YAML/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Authen/SASL/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Error/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Archive/Tar/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Archive/Zip/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Locale/gettext/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Module/Build/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Compress/Raw/Zlib/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/HTML-Tree/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Storable/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/ExtUtils/ParseXS/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/ExtUtils/CBuilder/.packlist /usr/lib/metasploit/t/.svn /usr/lib/metasploit/lib/Msf/Nop/.svn /usr/lib/metasploit/lib/Msf/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSD/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSD/ia32/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/OSX/ppc/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/OSX/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSDi/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSDi/ia32/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Linux/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Linux/ia32/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Windows/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Windows/ia32/.svn /usr/lib/metasploit/lib/Msf/Socket/.svn /usr/lib/metasploit/lib/Msf/Encoder/.svn /usr/lib/metasploit/lib/Pex/.svn /usr/lib/metasploit/lib/Pex/Nasm/.svn /usr/lib/metasploit/lib/Pex/Poly/.svn /usr/lib/metasploit/lib/Pex/Poly/BlockMaster/.svn /usr/lib/metasploit/lib/Pex/Encoding/.svn /usr/lib/metasploit/lib/Pex/Socket/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/Crypto/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/Extension/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/Extension/Client/.svn /usr/lib/metasploit/lib/.svn /usr/lib/metasploit/lib/Digest/.svn /usr/lib/metasploit/lib/Digest/Perl/.svn /usr/lib/metasploit/lib/NetPacket/.svn /usr/lib/metasploit/sdk/.svn /usr/lib/metasploit/sdk/docs/.svn /usr/lib/metasploit/src/shellcode/bsd/.svn /usr/lib/metasploit/src/shellcode/bsd/ia32/.svn /usr/lib/metasploit/src/shellcode/bsd/sparc/.svn /usr/lib/metasploit/src/shellcode/osx/ppc/.svn /usr/lib/metasploit/src/shellcode/osx/.svn /usr/lib/metasploit/src/shellcode/.svn /usr/lib/metasploit/src/shellcode/bsdi/.svn /usr/lib/metasploit/src/shellcode/bsdi/ia32/.svn /usr/lib/metasploit/src/shellcode/linux/.svn /usr/lib/metasploit/src/shellcode/linux/ia32/.svn /usr/lib/metasploit/src/shellcode/linux/ia32/.svn/props/.cvsignore.svn-work /usr/lib/metasploit/src/shellcode/linux/ia32/.svn/text-base/.cvsignore.svn-base /usr/lib/metasploit/src/shellcode/linux/ia32/.svn/prop-base/.cvsignore.svn-base /usr/lib/metasploit/src/shellcode/linux/ia32/.svn/wcprops/.cvsignore.svn-work /usr/lib/metasploit/src/shellcode/linux/ia32/.cvsignore /usr/lib/metasploit/src/shellcode/linux/sparc/.svn /usr/lib/metasploit/src/shellcode/win32/.svn /usr/lib/metasploit/src/shellcode/win32/standard/new/.svn /usr/lib/metasploit/src/shellcode/win32/standard/.svn /usr/lib/metasploit/src/shellcode/win32/standard/templates/inc/.svn /usr/lib/metasploit/src/shellcode/win32/standard/templates/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/rdr/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/rfb/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/zlib/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/Xregion/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/vnchooks/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/vncdll/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/winvnc/res/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/winvnc/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/omnithread/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/omnithread/omnithread/.svn /usr/lib/metasploit/src/shellcode/solaris/.svn /usr/lib/metasploit/src/shellcode/solaris/sparc/.svn /usr/lib/metasploit/src/shellcode/generic/.svn /usr/lib/metasploit/src/shellcode/generic/ia32/.svn /usr/lib/metasploit/src/shellcode/generic/sparc/.svn /usr/lib/metasploit/src/.svn /usr/lib/metasploit/src/passivex/.svn /usr/lib/metasploit/src/impurity/shelldemo/.svn /usr/lib/metasploit/src/impurity/.svn /usr/lib/metasploit/src/meterpreter/.svn /usr/lib/metasploit/src/meterpreter/workspace/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_net/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_sys/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_fs/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_net/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_sys/.svn /usr/lib/metasploit/src/meterpreter/workspace/common/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_process/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_fs/.svn /usr/lib/metasploit/src/meterpreter/workspace/metcli/.svn /usr/lib/metasploit/src/meterpreter/workspace/metsrv/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_process/.svn /usr/lib/metasploit/src/meterpreter/output/.svn /usr/lib/metasploit/src/meterpreter/output/client/.svn /usr/lib/metasploit/src/meterpreter/output/client/.svn/props/.cvskeep.svn-work /usr/lib/metasploit/src/meterpreter/output/client/.svn/text-base/.cvskeep.svn-base /usr/lib/metasploit/src/meterpreter/output/client/.svn/prop-base/.cvskeep.svn-base /usr/lib/metasploit/src/meterpreter/output/client/.svn/wcprops/.cvskeep.svn-work /usr/lib/metasploit/src/meterpreter/output/client/.cvskeep /usr/lib/metasploit/src/meterpreter/output/server/.svn /usr/lib/metasploit/src/meterpreter/output/server/.svn/props/.cvskeep.svn-work /usr/lib/metasploit/src/meterpreter/output/server/.svn/text-base/.cvskeep.svn-base /usr/lib/metasploit/src/meterpreter/output/server/.svn/prop-base/.cvskeep.svn-base /usr/lib/metasploit/src/meterpreter/output/server/.svn/wcprops/.cvskeep.svn-work /usr/lib/metasploit/src/meterpreter/output/server/.cvskeep /usr/lib/metasploit/src/meterpreter/output/extensions/.svn /usr/lib/metasploit/src/meterpreter/output/extensions/.svn/props/.cvskeep.svn-work /usr/lib/metasploit/src/meterpreter/output/extensions/.svn/text-base/.cvskeep.svn-base /usr/lib/metasploit/src/meterpreter/output/extensions/.svn/prop-base/.cvskeep.svn-base /usr/lib/metasploit/src/meterpreter/output/extensions/.svn/wcprops/.cvskeep.svn-work /usr/lib/metasploit/src/meterpreter/output/extensions/.cvskeep /usr/lib/metasploit/src/meterpreter/source/.svn /usr/lib/metasploit/src/meterpreter/source/client/.svn /usr/lib/metasploit/src/meterpreter/source/common/.svn /usr/lib/metasploit/src/meterpreter/source/common/crypto/.svn /usr/lib/metasploit/src/meterpreter/source/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/fs/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/fs/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/fs/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/common/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/sys/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/sys/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/sys/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/boiler/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/boiler/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/boiler/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/process/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/process/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/process/server/.svn /usr/lib/metasploit/.svn /usr/lib/metasploit/data/.svn /usr/lib/metasploit/data/msfpescan/.svn /usr/lib/metasploit/data/passivex/.svn /usr/lib/metasploit/data/msfweb/.svn /usr/lib/metasploit/data/msfweb/icons/.svn /usr/lib/metasploit/data/msfweb/themes/.svn /usr/lib/metasploit/data/msfweb/themes/default/.svn /usr/lib/metasploit/data/msfweb/themes/gblack/.svn /usr/lib/metasploit/data/msfweb/themes/gwhite/.svn /usr/lib/metasploit/data/msfpayload/.svn /usr/lib/metasploit/data/meterpreter/.svn /usr/lib/metasploit/docs/.svn /usr/lib/metasploit/nops/.svn /usr/lib/metasploit/exploits/.svn /usr/lib/metasploit/tools/.svn /usr/lib/metasploit/encoders/.svn /usr/lib/metasploit/payloads/.svn /usr/lib/metasploit/payloads/external/.svn /usr/lib/metasploit/extras/.svn /usr/lib/ccache/bin/.keep_dev-util_ccache-0 /usr/lib/locale/.keep_sys-libs_glibc-2.2 /usr/lib/nessus/plugins/.desc /lib/udev/devices/.keep_sys-fs_udev-0 /lib/udev/state/.keep_sys-fs_udev-0 /lib/rcscripts/sh/.keep /lib/rcscripts/awk/.keep /lib/rcscripts/net/.keep /lib/rcscripts/.keep

/usr/lib/metasploit/t/.svn /usr/lib/metasploit/lib/Msf/Nop/.svn /usr/lib/metasploit/lib/Msf/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSD/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSD/ia32/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/OSX/ppc/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/OSX/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSDi/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/BSDi/ia32/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Linux/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Linux/ia32/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Windows/.svn /usr/lib/metasploit/lib/Msf/PayloadComponent/Windows/ia32/.svn /usr/lib/metasploit/lib/Msf/Socket/.svn /usr/lib/metasploit/lib/Msf/Encoder/.svn /usr/lib/metasploit/lib/Pex/.svn /usr/lib/metasploit/lib/Pex/Nasm/.svn /usr/lib/metasploit/lib/Pex/Poly/.svn /usr/lib/metasploit/lib/Pex/Poly/BlockMaster/.svn /usr/lib/metasploit/lib/Pex/Encoding/.svn /usr/lib/metasploit/lib/Pex/Socket/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/Crypto/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/Extension/.svn /usr/lib/metasploit/lib/Pex/Meterpreter/Extension/Client/.svn /usr/lib/metasploit/lib/.svn /usr/lib/metasploit/lib/Digest/.svn /usr/lib/metasploit/lib/Digest/Perl/.svn /usr/lib/metasploit/lib/NetPacket/.svn /usr/lib/metasploit/sdk/.svn /usr/lib/metasploit/sdk/docs/.svn /usr/lib/metasploit/src/shellcode/bsd/.svn /usr/lib/metasploit/src/shellcode/bsd/ia32/.svn /usr/lib/metasploit/src/shellcode/bsd/sparc/.svn /usr/lib/metasploit/src/shellcode/osx/ppc/.svn /usr/lib/metasploit/src/shellcode/osx/.svn /usr/lib/metasploit/src/shellcode/.svn /usr/lib/metasploit/src/shellcode/bsdi/.svn /usr/lib/metasploit/src/shellcode/bsdi/ia32/.svn /usr/lib/metasploit/src/shellcode/linux/.svn /usr/lib/metasploit/src/shellcode/linux/ia32/.svn /usr/lib/metasploit/src/shellcode/linux/sparc/.svn /usr/lib/metasploit/src/shellcode/win32/.svn /usr/lib/metasploit/src/shellcode/win32/standard/new/.svn /usr/lib/metasploit/src/shellcode/win32/standard/.svn /usr/lib/metasploit/src/shellcode/win32/standard/templates/inc/.svn /usr/lib/metasploit/src/shellcode/win32/standard/templates/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/rdr/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/rfb/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/zlib/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/Xregion/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/vnchooks/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/vncdll/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/winvnc/res/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/winvnc/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/omnithread/.svn /usr/lib/metasploit/src/shellcode/win32/dllinject/vncinject/vncdll/winvnc/omnithread/omnithread/.svn /usr/lib/metasploit/src/shellcode/solaris/.svn /usr/lib/metasploit/src/shellcode/solaris/sparc/.svn /usr/lib/metasploit/src/shellcode/generic/.svn /usr/lib/metasploit/src/shellcode/generic/ia32/.svn /usr/lib/metasploit/src/shellcode/generic/sparc/.svn /usr/lib/metasploit/src/.svn /usr/lib/metasploit/src/passivex/.svn /usr/lib/metasploit/src/impurity/shelldemo/.svn /usr/lib/metasploit/src/impurity/.svn /usr/lib/metasploit/src/meterpreter/.svn /usr/lib/metasploit/src/meterpreter/workspace/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_net/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_sys/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_fs/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_net/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_sys/.svn /usr/lib/metasploit/src/meterpreter/workspace/common/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_process/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_client_fs/.svn /usr/lib/metasploit/src/meterpreter/workspace/metcli/.svn /usr/lib/metasploit/src/meterpreter/workspace/metsrv/.svn /usr/lib/metasploit/src/meterpreter/workspace/ext_server_process/.svn /usr/lib/metasploit/src/meterpreter/output/.svn /usr/lib/metasploit/src/meterpreter/output/client/.svn /usr/lib/metasploit/src/meterpreter/output/server/.svn /usr/lib/metasploit/src/meterpreter/output/extensions/.svn /usr/lib/metasploit/src/meterpreter/source/.svn /usr/lib/metasploit/src/meterpreter/source/client/.svn /usr/lib/metasploit/src/meterpreter/source/common/.svn /usr/lib/metasploit/src/meterpreter/source/common/crypto/.svn /usr/lib/metasploit/src/meterpreter/source/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/fs/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/fs/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/fs/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/common/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/net/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/sys/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/sys/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/sys/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/boiler/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/boiler/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/boiler/server/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/process/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/process/client/.svn /usr/lib/metasploit/src/meterpreter/source/extensions/process/server/.svn /usr/lib/metasploit/.svn /usr/lib/metasploit/data/.svn /usr/lib/metasploit/data/msfpescan/.svn /usr/lib/metasploit/data/passivex/.svn /usr/lib/metasploit/data/msfweb/.svn /usr/lib/metasploit/data/msfweb/icons/.svn /usr/lib/metasploit/data/msfweb/themes/.svn /usr/lib/metasploit/data/msfweb/themes/default/.svn /usr/lib/metasploit/data/msfweb/themes/gblack/.svn /usr/lib/metasploit/data/msfweb/themes/gwhite/.svn /usr/lib/metasploit/data/msfpayload/.svn /usr/lib/metasploit/data/meterpreter/.svn /usr/lib/metasploit/docs/.svn /usr/lib/metasploit/nops/.svn /usr/lib/metasploit/exploits/.svn /usr/lib/metasploit/tools/.svn /usr/lib/metasploit/encoders/.svn /usr/lib/metasploit/payloads/.svn /usr/lib/metasploit/payloads/external/.svn /usr/lib/metasploit/extras/.svn /usr/lib/nessus/plugins/.desc

Searching for LPD Worm files and dirs... nothing found

Searching for Ramen Worm files and dirs... nothing found

Searching for Maniac files and dirs... nothing found

Searching for RK17 files and dirs... nothing found

Searching for Ducoci rootkit... nothing found

Searching for Adore Worm... nothing found

Searching for ShitC Worm... nothing found

Searching for Omega Worm... nothing found

Searching for Sadmind/IIS Worm... nothing found

Searching for MonKit... nothing found

Searching for Showtee... nothing found

Searching for OpticKit... nothing found

Searching for T.R.K... nothing found

Searching for Mithra... nothing found

Searching for OBSD rk v1... nothing found

Searching for LOC rootkit... nothing found

Searching for Romanian rootkit... nothing found

Searching for Suckit rootkit... nothing found

Searching for Volc rootkit... nothing found

Searching for Gold2 rootkit... nothing found

Searching for TC2 Worm default files and dirs... nothing found

Searching for Anonoying rootkit default files and dirs... nothing found

Searching for ZK rootkit default files and dirs... nothing found

Searching for ShKit rootkit default files and dirs... nothing found

Searching for AjaKit rootkit default files and dirs... nothing found

Searching for zaRwT rootkit default files and dirs... nothing found

Searching for Madalin rootkit default files... nothing found

Searching for Fu rootkit default files... nothing found

Searching for ESRK rootkit default files... nothing found

Searching for rootedoor... nothing found

Searching for ENYELKM rootkit default files... nothing found

Searching for anomalies in shell history files... nothing found

Checking `asp'... not infected

Checking `bindshell'... not infected

Checking `lkm'... chkproc: nothing detected

Checking `rexedcs'... not found

Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets

Checking `w55808'... not infected

Checking `wted'... chkwtmp: nothing deleted

Checking `scalper'... not infected

Checking `slapper'... not infected

Checking `z2'... chklastlog: nothing deleted

Checking `chkutmp'...  The tty of the following user process(es) were not found

 in /var/run/utmp !

! RUID          PID TTY    CMD

! zero         1629 pts/1  /bin/bash /usr/libexec/mozilla-launcher

! zero         1638 pts/1  /usr/lib/mozilla-firefox/firefox-bin

! root         2496 pts/2  emacs chk

! zero         3322 tty7   X :0 -nolisten tcp -br -auth /home/zero/.serverauth.3305 -deferglyphs 16

! zero         3585 pts/1  bash

! zero         3961 pts/2  bash

! zero         4913 pts/0  bash

! zero        19207 pts/0  xfe

! zero        19228 pts/0  smplayer

! zero         8245 pts/0  /usr/bin/mplayer -noquiet -nofs -sub-fuzziness 1 -identify -slave -vo xv -ao alsa -zoom -nokeepaspect -framedrop -dr -input conf=/usr/share/smplayer/input.conf -stop-xscreensaver -wid 27262988 -monitorpixelaspect 1 -subfont-autoscale 1 -subfont-text-scale 5 ! root        19419 pts/2  su -

! root        19422 pts/2  -su

! root        20677 pts/2  /bin/sh /usr/sbin/chkrootkit

! root        21923 pts/2  /usr/sbin/chkutmp

! root        21924 pts/2  ps ax -o tty,pid,ruser,args

chkutmp: nothing deleted

Is this normal?

----------

## di1bert

Looks normal to me.

Is there anything happening that leads you to believe your system might have been compromised ?

-em

----------

## skynetstreet

Yeah, a couple days ago, all the sudden my system's power got lost, which had never happened before. 

That's weird.

When I ls the /proc, these hidden PIDs aren't shown, but I can still cd into these unseen PIDs.

For example, there is no /proc/3909, yet I can cd into it. It's so strange. And, cat cmline there shows /usr/sbin/named-unamed-n1, but ls -al /usr/sbin/named-unamed-n1 says "No such file." 

I have googled about named-unamed-n1. But, google doesn't give me back any info about it.

Is there anybody who knows why there are such hidden processes running?

----------

