Also please note the spelling of the first process. Appears your last grep was for "smartvd" when it is actually "smarvtd" — Sent from Mailbox On Fri, Oct 3, 2014 at 9:53 PM, null <jwyeth.arch@xxxxxxxxx> wrote: > A quick Google for "smarvtd" returns results for both the smarvtd and whitptabil and they appear to be potential malware. Does a PS faux | grep smarvtd return a full path to the file that is running? How about top -c? > — > Sent from Mailbox > On Fri, Oct 3, 2014 at 9:35 PM, Tim Dunphy <bluethundr@xxxxxxxxx> wrote: >> Hey all, >> I noticed that my puppet server running CentOS 6.5 was acting a little >> pokey. >> So I logged in and did what well just about anyone would've done. And ran >> the uptime command to have a look at the load. And it was astonishingly >> high! >> [root@puppet:~] #uptime >> 21:28:01 up 1:26, 3 users, load average: 107.37, 72.06, 75.52 >> So then I had a look at top and saw a LOT of processes by the name of >> smartvd. >> 7332 root 20 0 423m 1808 0 S 5.6 0.1 0:49.30 smarvtd >> 5469 root 20 0 423m 1804 0 S 4.6 0.1 0:49.55 smarvtd >> 2042 root 20 0 423m 1804 0 S 3.7 0.1 0:49.66 smarvtd >> 2421 root 20 0 423m 1808 0 S 3.7 0.1 0:47.62 smarvtd >> 3081 root 20 0 423m 1808 0 S 3.7 0.1 0:47.08 smarvtd >> 3366 root 20 0 423m 1804 0 S 3.7 0.1 0:47.87 smarvtd >> 3568 root 20 0 423m 1808 0 S 3.7 0.1 0:48.94 smarvtd >> 3971 root 20 0 423m 1812 0 S 3.7 0.1 0:49.18 smarvtd >> 4264 root 20 0 423m 1812 0 S 3.7 0.1 0:48.33 smarvtd >> 4585 root 20 0 423m 1812 0 S 3.7 0.1 0:48.44 smarvtd >> 5277 root 20 0 423m 1808 0 S 3.7 0.1 0:48.13 smarvtd >> 6160 root 20 0 423m 1812 0 S 3.7 0.1 0:49.33 smarvtd >> 6441 root 20 0 423m 1808 0 S 3.7 0.1 0:48.17 smarvtd >> 6746 root 20 0 423m 1804 0 S 3.7 0.1 0:49.60 smarvtd >> 7612 root 20 0 423m 1812 0 S 3.7 0.1 0:48.97 smarvtd >> 7919 root 20 0 423m 1808 0 S 3.7 0.1 0:47.33 smarvtd >> 8202 root 20 0 423m 1812 0 S 3.7 0.1 0:49.67 smarvtd >> 26526 root 20 0 423m 1812 0 S 3.7 0.1 1:22.17 whitptabil >> 2747 root 20 0 423m 1812 0 S 2.8 0.1 0:48.41 smarvtd >> 4952 root 20 0 423m 1812 0 S 2.8 0.1 0:48.43 smarvtd >> 5878 root 20 0 423m 1808 0 S 2.8 0.1 0:48.02 smarvtd >> 7048 root 20 0 423m 1808 0 S 2.8 0.1 0:48.51 smarvtd >> So my question to you is what the HELL is smartvd ? Seems like a virus to >> me. And of course how do I get rid of it? >> Also curious what whitptabil is and how to get rid of it. >> I tried doing a search for both: >> [root@puppet:~] #rpm -qa | grep smartvd >> [root@puppet:~] # >> [root@puppet:~] #find / -name smartvd >> [root@puppet:~] # >> [root@puppet:~] #rpm -qa | grep whitptabil >> [root@puppet:~] #find / -name whitptabil >> /etc/whitptabil >> [root@puppet:~] # >> At least I found a file associated with the latter. >> Really really curious here, guys. What do y'all think??? >> Thanks >> Tim >> -- >> GPG me!! >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >> _______________________________________________ >> CentOS mailing list >> CentOS@xxxxxxxxxx >> http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos