HPE Community
Operating System - HP-UX
1834710 Members
2401 Online
110069 Solutions
New Discussion

top processes have no name

 
SOLVED
Go to solution
MarkSyder
Honored Contributor

‎03-08-2006 12:08 AM

‎03-08-2006 12:08 AM

top processes have no name

Hi everybody.

I was asked to look at a hung workstation this morning. As we had been having network problems I took a PC/network person along with me.

I managed to log in remotely and saw that there were two processes running that had no name alongside them - each process was taking up 49%+ of the processor, which is why the workstation was hung. Because the processes had no name alongside them, the PC/network person with me suggested it was a virus. My protestation that there are no unix viruses was greeted with laughter!

I have been asked to investigate if this was caused by a virus. I have checked the forums, the manual page for top, and Marty Poniatowski's System Admin book and cannot find any reference to processes in top not having process names alongside them. If someone can give me a good reason why this would happen I can put paid to the theory that the workstation has a virus.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
10 REPLIES 10
Pete Randall
Outstanding Contributor

‎03-08-2006 12:22 AM

‎03-08-2006 12:22 AM

Re: top processes have no name

Mark,

While this doesn't address your question about how processes can show in top without a name, I would like to point out that the statement that there are no viruses (viri??) in Unix is largely a matter of semantics. It really depends on how literally you define the term virus. While it is true that the chances of altering a running kernel are slim and none (a "true" virus), there are "exploits" (trojan horses, buffer overflows, etc.) in the Unix space.

Feel free to assign zero points to this, as it doesn't go anywhere near answering your question!


Pete

Pete
0 Kudos
Reply
MarkSyder
Honored Contributor

‎03-08-2006 12:30 AM

‎03-08-2006 12:30 AM

Re: top processes have no name

"Feel free to assign zero points to this, as it doesn't go anywhere near answering your question!"

No, but it's a valid point, and deserves 3 points.

Mark
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
Steve Steel
Honored Contributor

‎03-08-2006 12:33 AM

‎03-08-2006 12:33 AM

Solution

Re: top processes have no name

Hi


Sounds possibly malicious

Could also be refresh problems on the screen caused by the usage

1)Use top -f option to output to a file and then od -c the output to look for a name with unprintable characters

2)Use the unix95 options in ps to show it
as well so you are sure top is ok.


Do you have any record of the top output


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
Reply
Robert-Jan Goossens
Honored Contributor

‎03-08-2006 12:36 AM

‎03-08-2006 12:36 AM

Re: top processes have no name

Hi Mark,

Could you post your hpux version, and if it is 11.11 could you check if patch PHKL_29198 is installed?

Best regards,
Robert-Jan
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎03-08-2006 12:37 AM

‎03-08-2006 12:37 AM

Re: top processes have no name

uhh ho latest patch is PHKL_32603.

Sorry clicked the submit button.
0 Kudos
Reply
V. Nyga
Honored Contributor

‎03-08-2006 12:41 AM

‎03-08-2006 12:41 AM

Re: top processes have no name

Hi Mark,

do you have searched for the PID?
And then check the PPID ...

Very interesting case ...

Volkmar
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
V. Nyga
Honored Contributor

‎03-08-2006 12:43 AM

‎03-08-2006 12:43 AM

Re: top processes have no name

.. and what is the last 'top' patch installed?

V.
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎03-08-2006 12:50 AM

‎03-08-2006 12:50 AM

Re: top processes have no name

Hi Mark:

It is possbile to spawn a process and assign a name of your own choice to it, however, I'd first ask if you have used another tool, like 'glance' to validate your observation.

Regards!

...JRF...
Reply
Zeev Schultz
Honored Contributor

‎03-08-2006 01:03 AM

‎03-08-2006 01:03 AM

Re: top processes have no name

But you could see PID in the top output as well as other information (PPID,USER) etc?

There were bugs with top, and his author (William LeFebvre) patched some of them.Most probably HP patched as well.
So computers don't think yet. At least not chess computers. - Seymour Cray
Reply
MarkSyder
Honored Contributor

‎03-08-2006 01:11 AM

‎03-08-2006 01:11 AM

Re: top processes have no name

Yes Zeev, I could see a UID - it was that of the user who was logged in (I should have mentioned that). Bugs in top - I think I'll go with that! The workstation is working fine now, so I don't think it was a "unix virus".

Mark
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.