Is this some type of malware?

0

I ran chkrootkit on my Linux Mint system, and it complained about several processes like this one:

scott 31745 0.0 0.3 1206060 120352 ? Sl Oct03 0:15 /usr/share/atom/atom --type=renderer --enable-experimental-web-platform-features --no-sandbox --service-pipe-token=2CF17518423016539EFC7319BDF1BA74 --lang=en-US --app-path=/usr/share/atom/resources/app.asar --node-integration=true --webview-tag=true --no-sandbox --context-id=2 --enable-pinch --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=2CF17518423016539EFC7319BDF1BA74 --renderer-client-id=5 --shared-files=v8_natives_data:100,v8_snapshot_data:101 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=2CF17518423016539EFC7319BDF1BA74 --renderer-client-id=5 --shared-files=v8_natives_data:100,v8_snapshot_data:101

Is that shellcode or something ominous I should be concerned about? The reason I ask is that I've found chkrootkit to not be 100% accurate on other occasions. For example, it tells me that my tcpd is infected, and I don't even have that installed.

scott8035

Posted 2018-10-27T17:51:08.930

Reputation: 141

Answers

3

This is the Atom text editor. It's built on the Electron framework, and Electron itself uses a variant of the Chrome browser as its frontend; the very long command-line you're seeing is typical for Chrome's multiprocess architecture.

If chkrootkit doesn't tell you why exactly it found the program unusual, and if you indeed use the Atom editor, then just ignore the warning.

On the other hand, if you do not use Atom, better figure out what process it is – check /proc/31745/exe, /proc/31745/fd/, and so on.

user1686

Posted 2018-10-27T17:51:08.930

Reputation: 283 655

Asked: 2018-10-27T17:51:08.930

Viewed: 106 times

Active: 2018-10-27T19:51:46.197