On 02/03/2021 15.38, James Knott wrote:
On 2021-03-02 9:27 a.m., Josef Moellers wrote:
On 02.03.21 15:17, James Knott wrote:
Today, I noticed my computer performance was very poor. Top showed something called .dhcpd running under user test and using almost 400% of my CPU. In ~/test, I found an executable .dhcpd. I have not used the test account for a long time. That .dhcpd also survived a reboot, so I'll have to determine how it's starting. You can have a look at what it's actually doing with "strace": strace -f -p $(pidof .dhcpd)
Also, have a look if it has any suspicious strings (attached;-) ): strings .dhcpd
I have already removed the execute bits from it and allowed only root rw access. If someone wants to examine it, I can provide the file. It's about 3.5 MB, so I'll leave it on Google drive.
This could have only come from one of the updates that arrived yesterday, as I haven't installed any other software recently, other than OpenVPN 2.5.0, which came from https://download.opensuse.org/repositories/home:/stroeder:/network/openSUSE_... last week.
Try rpm -f /home/test/.dhcpd to find out if it came in an rpm. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)