I am sorry this the only screenshot i have, my laptop fan suddenly started up and wouldnt stop for like an hour so i opened sytem monitor and this was taking 25% cpu usage
deleted by creator
sorry i panicked and killed the process this is the only screenshot ihave, basically my laptop fan was revving high for 1 hour straight, i was doing some text editing and light usage so i didnt think much off it, but i left my system for a while and came back and saw the fan was still revving, thats when i found this process
deleted by creator
“more” allows you to view files. And agreed, if used incorrectly, might cause extra CPU. Generally mistakes like this just become memory hogs.
Thank you after reading the comments i am relieved: I had saved a 3 page fully worded .odt as as .fodt and opened it with a text editor; but then again all the files had been closed and i deleted the file in question a at least 30 mins before i noticed the process; regardless thank you
more is a legitimate program (it reads a file and writes it out one page at a time), if it is the real
more
. It is a memory hog in that (unlike the more advanced pagerless
) it reads the entire file into memory.I did an experiment to see if I could get the real
more
to show similar fds to you. I pipedyes "" | head -n10000 >/tmp/test
, then ranmore < /tmp/test 2>/dev/null
. Then I ranls -l /proc/`pidof more`/fd
.Results:
lr-x------ 1 andrew andrew 64 Nov 5 14:56 0 -> /tmp/test lrwx------ 1 andrew andrew 64 Nov 5 14:56 1 -> /dev/pts/2 l-wx------ 1 andrew andrew 64 Nov 5 14:56 2 -> /dev/null lrwx------ 1 andrew andrew 64 Nov 5 14:56 3 -> 'anon_inode:[signalfd]'
I think this suggests your open files are probably consistent with the real
more
when errors are piped to/dev/null
. Most likely, you were running something that called more to output something to you (or someone else logged in on a PTY) that had been written to/tmp/RG3tBlTNF8
. Next time, you could find the parent of the more process, or look up what else is attached to the samePTS
with thefuser
command.Thank you after reading the comments i am relieved: I had saved a 3 page fully worded .odt as as .fodt and opened it with a text editor; but then again all the files had been closed and i deleted the file in question a at least 30 mins before i noticed the process; regardless thank you
Uhm, so what’s the name of the binary? This is just a list of open files.I missed that it’s “more”…Dude thinks ‘more’ is a virus.
A process can change its name. If I wanted to make sneaky malware for Linux, I’d have it call itself
more
or something innocuous too.The correct answer is “this is not enough information”. Why should a real
more
process eat ¼ of a core for any substantial amount of time?is there like a competent antivirus i could use: the system is freshly installed and i havent used any shady software; everything from the repo and a hash checked tor browser(I didnt visit any shady site just clearnet browsing)
Then it’s probably just
more
. Again: your post did not contain enough information for anyone to provide an answer to your question.Antivirus doesn’t do what it promises. The only general solution for a compromised system is a clean reinstall. (This is true in Windows too.)
is there like a competent antivirus i could use: the system is freshly installed and i havent used any shady software;
There are several antivirus solutions for Linux, but you shouldn’t need them if you do not execute stuff you downloaded outside of your package manager. The maintainers of your distribution are supposed to check if their packages contain viruses.
Ooh, how’d I miss that…?
Sorry i was panickin and killed the process this the only screen shot i have
If it’s a virus presumably it will return. Keep an eye (or ear) on your fan, especially after a restart.
Id recommend you install “top” (I know nix funny names) and if run it, will show processes sortable by resource. But I think you are fine.
htop
and/orbtop
are more modern user friendly alternatives to the classictop
deleted by creator
no its about 11 years old
Yeah, next time don’t panic. Use
ps
andpstree
andfuser
(or the programs you like) to first find out the executable filename with full path and which program started it. Then you can kill it and you’ll have some info to start debugging things.Maybe? It could be numerous things. Are you using containers? Did an update or upgrade fail? Did you install and or patch something? Anything in sys logs giving off ERR or WARN? What’s your system and distro? What was the last few things you did before this popped?
Fedora 38. nothing installed
What about the other questions?