Re: Corrupted or Virus in User Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 10/15/2010 07:48 AM, Jim wrote:
>    Fc13 - 14 / KDE
>
> I have three users on this box
>
> root
> jim
> jan
>
> 'Jim' user directory is corrupted or virus in it.
>
> You can be clicking on different windows, apps and the the screen
> freezes and no matter what you click on , nothing happens,
> in seconds or minutes it unfreezes and you can get back to work.
>
> But !! , the Mouse cursor  can be moved around the screen during freeze
> time.
>
> The problem is definitely in the Jim user directory.
>
> I can go into the root or jan home directories and work and the screen
> never freezes .
>
> I also deleted the ,kde directory to see if that was the problem , but
> it did not help, it still freezes .
>
> I ran 'top' and could not see anything hindering the CPU .
>
> I replaced FC 13 with 14 to see if that would make any difference,  and
> had the same effect.
>
> I guess I will have to Save the Users files and make a new Home for Jim.
When Jim logs in,  and the screen freezes,
login as root on the console, and do a ps -wwef | grep jim > /tmp/ps.jim

Next, do the same for Jan.

Compare the ps outputs to see just exactly what processes
jim is running that jan is not.
One or more of those processes might be the culprit(s).
If you do find these processes, check Jim's shell rc files
like
.bash_logout
.bash_profile
.bashrc

see if he might be invoking the errant process from these files.

If nothing found in the rc files, you have to suspect that one
or more app he is running may be infected, and should be replaced.

top will not should what is causing the freeze, only who is using
most cpu and who is using most ram ....etc.

Another thing to try is, when jim logs in, disable the network.
if it no longer freezes, he is running a program that is also
dependent on the network - without the network, the program
is crippled.  Find out which program.


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux