barbut process using 100% cpu and connecting

Giganews Newsgroups
Subject: barbut process using 100% cpu and connecting
Posted by:  krzysiek (k.gebcz…@gmail.com)
Date: Mon, 16 Jul 2007

Hello all!
i've already tried to find answer by searching usenet, but no results.
my problem is: I have my debian 3.1 sarge linux as 24/7 router/server
etc.
some day i found some strange activity.
there was a process called "barbut" (2 of them) using 49,2% CPU time
each :O
meanwhile netstat showed established connections to 195.73.177.146:666
+ several waiting.
I have no idea where did this process come from. Any clues?
this is whay ps -A printed
serwer:~# ps -A
  PID TTY          TIME CMD
    1 ?        00:00:02 init
    2 ?        00:00:00 keventd
    3 ?        00:00:00 ksoftirqd_CPU0
    4 ?        00:00:00 kswapd
    5 ?        00:00:00 bdflush
    6 ?        00:00:00 kupdated
  99 ?        00:00:01 kjournald
  295 ?        00:00:00 kcopyd
  297 ?        00:00:00 kmirrord
  498 ?        00:00:00 khubd
1267 ?        00:00:04 dhclient
1801 ?        00:00:01 syslogd
1807 ?        00:00:00 klogd
1851 ?        00:00:00 postmaster
1856 ?        00:00:00 postmaster
1857 ?        00:00:00 postmaster
1883 ?        00:00:00 courierlogger
1884 ?        00:00:00 authdaemond
1898 ?        00:00:00 authdaemond
1899 ?        00:00:00 authdaemond
1900 ?        00:00:00 authdaemond
1901 ?        00:00:00 authdaemond
1902 ?        00:00:00 authdaemond
1906 ?        00:00:00 cupsd
1916 ?        00:00:00 dhcpd
1948 ?        00:00:00 mysqld_safe
1985 ?        00:00:00 mysqld
1986 ?        00:00:00 logger
1987 ?        00:00:00 mysqld
1988 ?        00:00:00 mysqld
1989 ?        00:00:00 mysqld
1990 ?        00:00:00 mysqld
1991 ?        00:00:00 mysqld
2002 ?        00:00:00 mysqld
2003 ?        00:00:00 mysqld
2004 ?        00:00:00 mysqld
2005 ?        00:00:00 mysqld
2008 ?        00:00:00 mysqld
2046 ?        00:00:00 inetd
2112 ?        00:00:00 master
2121 ?        00:00:00 qmgr
2122 ?        00:00:02 nmbd
2123 ?        00:00:00 nmbd
2125 ?        00:00:00 smbd
2138 ?        00:00:00 smbd
2141 ?        00:00:00 sshd
2209 ?        00:00:00 ntpd
2228 ?        00:00:00 atd
2235 ?        00:00:00 cron
2256 ?        00:00:00 apache-ssl
2312 tty1    00:00:00 getty
2313 tty2    00:00:00 getty
2314 tty3    00:00:00 getty
2315 tty4    00:00:00 getty
2316 tty5    00:00:00 getty
2317 tty6    00:00:00 getty
14285 ?        00:00:00 gcache
14289 ?        00:00:00 apache-ssl
14290 ?        00:00:00 apache-ssl
14291 ?        00:00:00 apache-ssl
14292 ?        00:00:00 apache-ssl
14293 ?        00:00:00 apache-ssl
14302 ?        00:00:02 apache2
14327 ?        00:00:00 apache2
14328 ?        00:00:00 apache2
14329 ?        00:00:00 apache2
14330 ?        00:00:00 apache2
14331 ?        00:00:00 apache2
14798 ?        00:00:00 apache2
16306 ?        00:00:00 apache2
16381 ?        00:00:00 apache2
16382 ?        00:00:00 apache2
16383 ?        00:00:00 apache2
21869 ?        00:00:00 pickup
22055 ?        00:00:00 sshd
22059 pts/0    00:00:00 bash
22259 ?        00:00:00 sshd
22263 ?        00:00:00 sshd
22272 ?        00:00:00 barbut
22276 pts/0    00:00:00 ps

any strange processes? or something i should look for?

Replies