What is happening in Ubuntu?

Just look at the following spawned processes:


     \_ init --user
         \_ dbus-daemon --fork --session --address=unix:abstract=/tmp/dbus-QUZeqof8X5
         \_ upstart-event-bridge
         \_ /usr/lib/x86_64-linux-gnu/hud/window-stack-bridge
         \_ /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
         \_ upstart-dbus-bridge --daemon --session --user --bus-name session
         \_ upstart-file-bridge --daemon --user
         \_ upstart-dbus-bridge --daemon --system --user --bus-name system
         \_ /usr/lib/at-spi2-core/at-spi-bus-launcher
         |   \_ /bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
         \_ /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
         \_ /usr/lib/gvfs/gvfsd
         \_ /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
         \_ /usr/bin/ibus-daemon --daemonize --xim
         |   \_ /usr/lib/ibus/ibus-dconf
         |   \_ /usr/lib/ibus/ibus-ui-gtk3
         |   \_ /usr/lib/ibus/ibus-engine-simple
         \_ /usr/lib/unity-settings-daemon/unity-settings-daemon
         \_ /usr/lib/ibus/ibus-x11 --kill-daemon
         \_ /usr/lib/x86_64-linux-gnu/hud/hud-service
         \_ gnome-session --session=ubuntu
         |   \_ compiz
         |   \_ /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
         |   \_ nautilus -n
         |   \_ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
         |   \_ nm-applet
         |   \_ /opt/google/chrome/chrome --type=service
         |   \_ telepathy-indicator
         |   \_ zeitgeist-datahub
         |   \_ update-notifier
         \_ /usr/lib/unity/unity-panel-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-keyboard-service --use-gtk
         \_ /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-bluetooth/indicator-bluetooth-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
         \_ /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
         \_ /usr/lib/evolution/evolution-source-registry
         \_ /usr/lib/x86_64-linux-gnu/notify-osd
         \_ /usr/lib/evolution/evolution-calendar-factory
         \_ /usr/lib/dconf/dconf-service
         \_ /usr/lib/gvfs/gvfs-udisks2-volume-monitor
         \_ /usr/lib/x86_64-linux-gnu/gconf/gconfd-2
         \_ /usr/lib/gvfs/gvfs-mtp-volume-monitor
         \_ /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
         \_ /usr/lib/gvfs/gvfs-afc-volume-monitor
         \_ /usr/lib/gvfs/gvfsd-trash --spawner :1.9 /org/gtk/gvfs/exec_spaw/0
         \_ /usr/lib/gvfs/gvfsd-burn --spawner :1.9 /org/gtk/gvfs/exec_spaw/1
         \_ /usr/lib/gvfs/gvfsd-metadata
         \_ /usr/lib/telepathy/mission-control-5
         \_ /usr/bin/zeitgeist-daemon
         \_ /usr/lib/x86_64-linux-gnu/zeitgeist-fts
         |   \_ /bin/cat
         \_ gnome-terminal
             \_ gnome-pty-helper
             \_ bash
                 \_ ps auxwf

These processes are created simply just by logging in passed the Gnome session authentication prompt. No applications other than the gnome-terminal is started yet.

Yet, applications like Chrome can already start by itself.

Frankly this is getting really bloated, and sounds more like trojans than ever.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: