Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Possible virus? Process 'bioset'

  1. #11
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Possible virus? Process 'bioset'

    Quote Originally Posted by dshauld View Post
    Thanks for your help. That command returns nothing. Actually I get 'readlink: extra operand ‘ldd’' when I run that command but separately they return nothing.
    Yeah sorry, that was a formatting fsckup the commands should indeed be run separately.
    Quote Originally Posted by dshauld View Post
    What do you make of that post by the Guest I linked to on the forum?
    Which post do you mean?
    Quote Originally Posted by dshauld View Post
    When I was looking for information about this process it was sparse and that post got me thinking it may be a virus.
    The reflex should be to gather nfo. Now you've got some commands for next time.
    Quote Originally Posted by dshauld View Post
    Every other process I looked for I could find information on. How is it that a process doesn't have any explanation or documentation?
    Common kernel processes may be mentioned deep in the bowels of the kernel Documentation/ but simply don't have any manual or info pages. Like I said they'll usually be children (have a PPID) of the kthreadd.

  2. #12
    Join Date
    Jun 2014
    Beans
    7

    Re: Possible virus? Process 'bioset'

    Quote Originally Posted by unspawn View Post
    Yeah sorry, that was a formatting fsckup the commands should indeed be run separately. Which post do you mean? The reflex should be to gather nfo. Now you've got some commands for next time. Common kernel processes may be mentioned deep in the bowels of the kernel Documentation/ but simply don't have any manual or info pages. Like I said they'll usually be children (have a PPID) of the kthreadd.
    The post on the 'lunaticoutpost' forum. The guest poster says, 'Have a bunch of new processes. Bioset is one of them.' and links to linux.die.net. That's a strange post if it was intended for kernel developers. If it were for the kernel wouldn't I be able to find more information about it even with no man or info page?

    Also thank you for the information about it being a child process but doesn't that make it more suspicious with no info? Wouldn't a virus/rootkit try to get loaded/attached to a process near ring 0?

    Sorry if that doesn't make much sense, I am not a programmer or sysadmin. I just have an interest in security.

  3. #13
    Join Date
    Jun 2014
    Beans
    7

    Re: Possible virus? Process 'bioset'

    It appears to be related to Truecrypt

    Code:
    After restart, before starting truecrypt
    ps -A | grep bioset
       67 ?        00:00:00 bioset
      355 ?        00:00:00 bioset
      359 ?        00:00:00 bioset
      383 ?        00:00:00 bioset
      386 ?        00:00:00 bioset
    
    After starting truecrypt
    ps -A | grep bioset
       67 ?        00:00:00 bioset
      355 ?        00:00:00 bioset
      359 ?        00:00:00 bioset
      383 ?        00:00:00 bioset
      386 ?        00:00:00 bioset
     2506 ?        00:00:00 bioset
     2509 ?        00:00:00 bioset
     2523 ?        00:00:00 bioset
     2526 ?        00:00:00 bioset
     2568 ?        00:00:00 bioset
     2573 ?        00:00:00 bioset
     2632 ?        00:00:00 bioset
     2635 ?        00:00:00 bioset
     2647 ?        00:00:00 bioset
     2650 ?        00:00:00 bioset
     2694 ?        00:00:00 bioset
     2697 ?        00:00:00 bioset
     2715 ?        00:00:00 bioset
     2718 ?        00:00:00 bioset
     2764 ?        00:00:00 bioset
     2767 ?        00:00:00 bioset
     2785 ?        00:00:00 bioset
     2789 ?        00:00:00 bioset
     2836 ?        00:00:00 bioset
     2839 ?        00:00:00 bioset
     2857 ?        00:00:00 bioset
     2860 ?        00:00:00 bioset
     2911 ?        00:00:00 bioset
     2914 ?        00:00:00 bioset
     2932 ?        00:00:00 bioset
     2935 ?        00:00:00 bioset

  4. #14
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Possible virus? Process 'bioset'

    Quote Originally Posted by dshauld View Post
    It appears to be related to Truecrypt
    Ha! Thanks for the clue. See: http://lxr.free-electrons.com/ident?i=bio_set ("bio" as in "block I/O").

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •