How can I use docker without sudo?

Question

Nanang Arema

Asked: 2020-06-28 03:51:21 +0800 CST2020-06-28 03:51:21 +0800 CST 2020-06-28 03:51:21 +0800 CST

High io "python3 /~.pid -x -b"

When I run iotop, I get information that python3 /~.pid -x -b is consuming high io.

What is that and how to fix this?

Thanks for your help.

user535733 · Answer 1 · 2020-06-28T05:55:17+08:00

Best Answer

user535733

A hidden Py3 script in an unexpected location, that is running as root, and that is generating lots of disk activity?

That's likely malware. Legitimate software doesn't hide itself in an unexpected location.
Running as root is particularly worrisome -- it could have installed backdoors, keyloggers, and all manner of nasties.
Looks like your system has been compromised. An attacker has gained root.

Wipe the compromised system, including all data, and clean-install Ubuntu again.

Even if you delete the offending file, the attacker had root access and may have installed other nefarious programs on your system.
Do not attempt to preserve your data. It may be contaminated. Restore data from uncontaminated backups. This is one reason you have backups. Alternately, you can quarantine those files, and run ClamAV on them after the new system is installed. ClamAV is not perfect, and may miss some malware. I suggest isolating and testing the quarantined files in a VM for a few weeks. (Backups are easier)