Suspicious file under /usr/bin in Ubuntu 20.04

Suresh Babu

6/13/24, 4:16 AM

I have seen one of the process consuming 40% of the CPU. Up on check there is a file /usr/bin/ujwjzppyff running with "grep -A" command.

file /usr/bin/ujwjzppyff
/usr/bin/ujwjzppyff: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped

Looks like this is /usr/bin/ujwjzppyff running suspicious. Any idea about this?

UID          PID    PPID  C STIME TTY          TIME CMD
root      320351       1 48 Jun02 ?        5-06:03:39 grep "A"
root     3397125 3343766  0 06:01 pts/0    00:00:00 grep --color=auto 320351

125

0 + 7

server

performance

cpu

Artur Meinild

6/13/24, 7:19 AM

I sounds like you have some malware going on. You should kill the process and remove this file ASAP.

kanehekili

6/13/24, 8:21 AM

Code should only be installed via the software manager or apt. If installed from somewhere else your system is vulnerable

popey

6/13/24, 10:04 AM

does `dpkg -S /usr/bin/ujwjzppyff` tell you which package the binary came from?

vidarlo

6/13/24, 10:07 AM

@kanehekili That's blatantly wrong.

kanehekili

6/13/24, 11:50 AM

@vidarlo - could you elaborate? I thought this is the basic idea of repositories. [Debian](https://wiki.debian.org/DebianSoftware#Footnotes)

vidarlo

6/13/24, 12:44 PM

Yes, it makes maintenance easier, and it ensures interoperability. But Installing from other locations doesn't make your system vulnerable. Installing vulnerable pieces of software makes your system vulnerable, no matter what the source is. So your claim that installing from other sources makes a system vulnerable is a blatant misunderstanding of what Debian says. Also, only using official repos does not mean you have a secure system. There's more than software needed for that.

FedKad

6/13/24, 1:08 PM

You can upload that file to https://www.virustotal.com/ to have its contents tested.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Suspicious file under /usr/bin in Ubuntu 20.04

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.