[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: TOP show httpd as exe

Franco wrote:
> Hi, i have an old redhat 9.0 update to the last release of RH,
> in some cases in the TOP i see httpd show as exe.
> I have read the it can be a virus or trojan but how i can do
> to now this and if so how can i delete it.
> I start chkrootkit and rkhunter on the server and seams that
> chkrootkit sometime tell me that i have hidden processes but
> not even, and rkhunter tell that is all ok.

That's a good start.

To be honest, although your general English is perfectly understandable,
I'm having difficulty understanding your technical English.

Are you simply saying that if you run top httpd is listed?

Firstly, you aren't running a web server, are you? If you don't want
httpd to run, check if it's set as a service (try using ntsysv). If it
is set as a service, turn it off. (If it's not set to run as a service,
yet is running anyway, some further investigation will be needed to see
why it's running in the first place).

As for why it turns up in top: how much processor time is it taking up?
Most daemons run a few "housekeeping" chores occasionally, even if
they're not being used. This should take under 2% of CPU time, and
shouldn't be there all the time. But if you don't have many active
processes, occasionally you will see some that you might have thought
effectively inactive listed because the 0.05% of processor time they
took is higher than the 0.01% another daemon took.

Hope this helps,

E-mail address: james | In poker you have to show your hand eventually if
@westexe.demon.co.uk  | called. So far SCO have with great reluctance shown
                      | only one card, which turned out to be "Mr Bun, The
                      | Baker".  -- Electric Dragon on groklaw.net

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]