Re: What is .dhpcd command and how to disable it?












3















Nowadays, my laptop frequently uses high %CPU (300%). I noticed that .dhpcd is involved in high %CPU. I could kill the process without any issue. However, it turns on automatically in about every 30 minutes. Strangely, the user is test in top (See the attached). I am wondering what it is, I would like to know how to fix or disable it completely (if it is okay). I am using ubuntu 16.04.5



The image is a capture from top while .dhpcd was on.
screenshot of top










share|improve this question




















  • 2





    Did you install a dhcp server?

    – George Udosen
    Dec 12 '18 at 21:48






  • 1





    Hi donghoon. What ist the output of : sudo su test and then whicht .dhpcd ?

    – Boba Fit
    Dec 12 '18 at 21:58











  • Some sites seems to list that as a bad guy process.

    – Doug Smythies
    Dec 12 '18 at 21:59






  • 1





    Looks suspect - the name and resources are wrong. Could be a classic cryptominer (or other malware) masquerading as a system process. The REAL dhcp is a teeny little fellow that merely manages local IPV4 addresses. You can avoid malware like this by practicing safe computing habits. Removing it might be easy...or hard.

    – user535733
    Dec 12 '18 at 23:11








  • 1





    I searched on google with linux ".dhpcd". I think it is malware and it is very new.

    – Doug Smythies
    Dec 14 '18 at 15:31
















3















Nowadays, my laptop frequently uses high %CPU (300%). I noticed that .dhpcd is involved in high %CPU. I could kill the process without any issue. However, it turns on automatically in about every 30 minutes. Strangely, the user is test in top (See the attached). I am wondering what it is, I would like to know how to fix or disable it completely (if it is okay). I am using ubuntu 16.04.5



The image is a capture from top while .dhpcd was on.
screenshot of top










share|improve this question




















  • 2





    Did you install a dhcp server?

    – George Udosen
    Dec 12 '18 at 21:48






  • 1





    Hi donghoon. What ist the output of : sudo su test and then whicht .dhpcd ?

    – Boba Fit
    Dec 12 '18 at 21:58











  • Some sites seems to list that as a bad guy process.

    – Doug Smythies
    Dec 12 '18 at 21:59






  • 1





    Looks suspect - the name and resources are wrong. Could be a classic cryptominer (or other malware) masquerading as a system process. The REAL dhcp is a teeny little fellow that merely manages local IPV4 addresses. You can avoid malware like this by practicing safe computing habits. Removing it might be easy...or hard.

    – user535733
    Dec 12 '18 at 23:11








  • 1





    I searched on google with linux ".dhpcd". I think it is malware and it is very new.

    – Doug Smythies
    Dec 14 '18 at 15:31














3












3








3








Nowadays, my laptop frequently uses high %CPU (300%). I noticed that .dhpcd is involved in high %CPU. I could kill the process without any issue. However, it turns on automatically in about every 30 minutes. Strangely, the user is test in top (See the attached). I am wondering what it is, I would like to know how to fix or disable it completely (if it is okay). I am using ubuntu 16.04.5



The image is a capture from top while .dhpcd was on.
screenshot of top










share|improve this question
















Nowadays, my laptop frequently uses high %CPU (300%). I noticed that .dhpcd is involved in high %CPU. I could kill the process without any issue. However, it turns on automatically in about every 30 minutes. Strangely, the user is test in top (See the attached). I am wondering what it is, I would like to know how to fix or disable it completely (if it is okay). I am using ubuntu 16.04.5



The image is a capture from top while .dhpcd was on.
screenshot of top







cpu-load






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 12 '18 at 21:56









Boba Fit

484212




484212










asked Dec 12 '18 at 21:43









donghoondonghoon

183




183








  • 2





    Did you install a dhcp server?

    – George Udosen
    Dec 12 '18 at 21:48






  • 1





    Hi donghoon. What ist the output of : sudo su test and then whicht .dhpcd ?

    – Boba Fit
    Dec 12 '18 at 21:58











  • Some sites seems to list that as a bad guy process.

    – Doug Smythies
    Dec 12 '18 at 21:59






  • 1





    Looks suspect - the name and resources are wrong. Could be a classic cryptominer (or other malware) masquerading as a system process. The REAL dhcp is a teeny little fellow that merely manages local IPV4 addresses. You can avoid malware like this by practicing safe computing habits. Removing it might be easy...or hard.

    – user535733
    Dec 12 '18 at 23:11








  • 1





    I searched on google with linux ".dhpcd". I think it is malware and it is very new.

    – Doug Smythies
    Dec 14 '18 at 15:31














  • 2





    Did you install a dhcp server?

    – George Udosen
    Dec 12 '18 at 21:48






  • 1





    Hi donghoon. What ist the output of : sudo su test and then whicht .dhpcd ?

    – Boba Fit
    Dec 12 '18 at 21:58











  • Some sites seems to list that as a bad guy process.

    – Doug Smythies
    Dec 12 '18 at 21:59






  • 1





    Looks suspect - the name and resources are wrong. Could be a classic cryptominer (or other malware) masquerading as a system process. The REAL dhcp is a teeny little fellow that merely manages local IPV4 addresses. You can avoid malware like this by practicing safe computing habits. Removing it might be easy...or hard.

    – user535733
    Dec 12 '18 at 23:11








  • 1





    I searched on google with linux ".dhpcd". I think it is malware and it is very new.

    – Doug Smythies
    Dec 14 '18 at 15:31








2




2





Did you install a dhcp server?

– George Udosen
Dec 12 '18 at 21:48





Did you install a dhcp server?

– George Udosen
Dec 12 '18 at 21:48




1




1





Hi donghoon. What ist the output of : sudo su test and then whicht .dhpcd ?

– Boba Fit
Dec 12 '18 at 21:58





Hi donghoon. What ist the output of : sudo su test and then whicht .dhpcd ?

– Boba Fit
Dec 12 '18 at 21:58













Some sites seems to list that as a bad guy process.

– Doug Smythies
Dec 12 '18 at 21:59





Some sites seems to list that as a bad guy process.

– Doug Smythies
Dec 12 '18 at 21:59




1




1





Looks suspect - the name and resources are wrong. Could be a classic cryptominer (or other malware) masquerading as a system process. The REAL dhcp is a teeny little fellow that merely manages local IPV4 addresses. You can avoid malware like this by practicing safe computing habits. Removing it might be easy...or hard.

– user535733
Dec 12 '18 at 23:11







Looks suspect - the name and resources are wrong. Could be a classic cryptominer (or other malware) masquerading as a system process. The REAL dhcp is a teeny little fellow that merely manages local IPV4 addresses. You can avoid malware like this by practicing safe computing habits. Removing it might be easy...or hard.

– user535733
Dec 12 '18 at 23:11






1




1





I searched on google with linux ".dhpcd". I think it is malware and it is very new.

– Doug Smythies
Dec 14 '18 at 15:31





I searched on google with linux ".dhpcd". I think it is malware and it is very new.

– Doug Smythies
Dec 14 '18 at 15:31










3 Answers
3






active

oldest

votes


















0














I am going to suggesting several things:




  1. Unplug your system from the internet and see if that process is still seen in the top window. If gone then perhpas some one or process installed by some one is using your CPU perhaps for data minning. Then which ever try the steps below.



  2. Search for it in:





    • cronjobs





      • sudo crontab -l: look for strange cronjobs



    • systemd services


      • sudo find / -iname "*dhpc*"






  3. Use top and ps:





    • top:




      1. Start top


      2. press f and use the arrow keys to move and select all the fields that have to do with user and/or userid or id in general. See screen shot below.



        enter image description here




      3. Use the spacebar to select the fields and the press q to quit.



        enter image description here








Now see what PPID, SUSER, RUSER, SUID says about that process. To trace the culprit.






share|improve this answer





















  • 1





    Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

    – Doug Smythies
    Dec 14 '18 at 15:30











  • Yea your right let me update that!

    – George Udosen
    Dec 14 '18 at 15:38











  • @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

    – donghoon
    Dec 14 '18 at 16:48











  • @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

    – donghoon
    Dec 14 '18 at 17:06











  • You created user test?

    – George Udosen
    Dec 14 '18 at 17:10





















0














sudo crontab -l showed no crontab for root.



From sudo find / -iname "*dhpc*" , I found this: /home/test/.dhpcd



Also, the attached picture is capture from top.
enter image description here



This is the result of `'ls -al':
enter image description here



Quite a while ago, I created git page just for practice. Something fish is going on here..






share|improve this answer
























  • What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

    – vidarlo
    Dec 14 '18 at 17:34











  • @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

    – donghoon
    Dec 14 '18 at 17:50











  • While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

    – donghoon
    Dec 14 '18 at 18:21











  • Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

    – vidarlo
    Dec 14 '18 at 18:24











  • You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

    – Doug Smythies
    Dec 14 '18 at 18:58





















0














Thank you all for your help, especially, George Udosen and Doug Smythies.



Some of the most practical commands were:



top : To figure out which command was taking all my CPU; I found .dhpcd was using all my CPU. Note that it is different from dhcpcd.



Googling with linux ".dhpcd": To learn what it is...



sudo find / -iname "*dhpc*" : To figure out which directory contained .dhpcd.



sudo userdel -r test : To get rid of a user test. This was because .dhpcd was executed by a suspicious user called test.



sudo deluser --system --remove-all-files test : To remove all files created by a user test.



Finally I rebooted my laptop, and the issue has gone.



Note that I didn't remember if I had created the user test. Since I don't use the account, I deleted everything related to it. I do now know if the issue would have been resolved by deleting only .dhpcd.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1100467%2fre-what-is-dhpcd-command-and-how-to-disable-it%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I am going to suggesting several things:




    1. Unplug your system from the internet and see if that process is still seen in the top window. If gone then perhpas some one or process installed by some one is using your CPU perhaps for data minning. Then which ever try the steps below.



    2. Search for it in:





      • cronjobs





        • sudo crontab -l: look for strange cronjobs



      • systemd services


        • sudo find / -iname "*dhpc*"






    3. Use top and ps:





      • top:




        1. Start top


        2. press f and use the arrow keys to move and select all the fields that have to do with user and/or userid or id in general. See screen shot below.



          enter image description here




        3. Use the spacebar to select the fields and the press q to quit.



          enter image description here








    Now see what PPID, SUSER, RUSER, SUID says about that process. To trace the culprit.






    share|improve this answer





















    • 1





      Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

      – Doug Smythies
      Dec 14 '18 at 15:30











    • Yea your right let me update that!

      – George Udosen
      Dec 14 '18 at 15:38











    • @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

      – donghoon
      Dec 14 '18 at 16:48











    • @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

      – donghoon
      Dec 14 '18 at 17:06











    • You created user test?

      – George Udosen
      Dec 14 '18 at 17:10


















    0














    I am going to suggesting several things:




    1. Unplug your system from the internet and see if that process is still seen in the top window. If gone then perhpas some one or process installed by some one is using your CPU perhaps for data minning. Then which ever try the steps below.



    2. Search for it in:





      • cronjobs





        • sudo crontab -l: look for strange cronjobs



      • systemd services


        • sudo find / -iname "*dhpc*"






    3. Use top and ps:





      • top:




        1. Start top


        2. press f and use the arrow keys to move and select all the fields that have to do with user and/or userid or id in general. See screen shot below.



          enter image description here




        3. Use the spacebar to select the fields and the press q to quit.



          enter image description here








    Now see what PPID, SUSER, RUSER, SUID says about that process. To trace the culprit.






    share|improve this answer





















    • 1





      Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

      – Doug Smythies
      Dec 14 '18 at 15:30











    • Yea your right let me update that!

      – George Udosen
      Dec 14 '18 at 15:38











    • @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

      – donghoon
      Dec 14 '18 at 16:48











    • @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

      – donghoon
      Dec 14 '18 at 17:06











    • You created user test?

      – George Udosen
      Dec 14 '18 at 17:10
















    0












    0








    0







    I am going to suggesting several things:




    1. Unplug your system from the internet and see if that process is still seen in the top window. If gone then perhpas some one or process installed by some one is using your CPU perhaps for data minning. Then which ever try the steps below.



    2. Search for it in:





      • cronjobs





        • sudo crontab -l: look for strange cronjobs



      • systemd services


        • sudo find / -iname "*dhpc*"






    3. Use top and ps:





      • top:




        1. Start top


        2. press f and use the arrow keys to move and select all the fields that have to do with user and/or userid or id in general. See screen shot below.



          enter image description here




        3. Use the spacebar to select the fields and the press q to quit.



          enter image description here








    Now see what PPID, SUSER, RUSER, SUID says about that process. To trace the culprit.






    share|improve this answer















    I am going to suggesting several things:




    1. Unplug your system from the internet and see if that process is still seen in the top window. If gone then perhpas some one or process installed by some one is using your CPU perhaps for data minning. Then which ever try the steps below.



    2. Search for it in:





      • cronjobs





        • sudo crontab -l: look for strange cronjobs



      • systemd services


        • sudo find / -iname "*dhpc*"






    3. Use top and ps:





      • top:




        1. Start top


        2. press f and use the arrow keys to move and select all the fields that have to do with user and/or userid or id in general. See screen shot below.



          enter image description here




        3. Use the spacebar to select the fields and the press q to quit.



          enter image description here








    Now see what PPID, SUSER, RUSER, SUID says about that process. To trace the culprit.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Dec 14 '18 at 15:39

























    answered Dec 14 '18 at 10:00









    George UdosenGeorge Udosen

    20.5k94467




    20.5k94467








    • 1





      Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

      – Doug Smythies
      Dec 14 '18 at 15:30











    • Yea your right let me update that!

      – George Udosen
      Dec 14 '18 at 15:38











    • @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

      – donghoon
      Dec 14 '18 at 16:48











    • @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

      – donghoon
      Dec 14 '18 at 17:06











    • You created user test?

      – George Udosen
      Dec 14 '18 at 17:10
















    • 1





      Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

      – Doug Smythies
      Dec 14 '18 at 15:30











    • Yea your right let me update that!

      – George Udosen
      Dec 14 '18 at 15:38











    • @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

      – donghoon
      Dec 14 '18 at 16:48











    • @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

      – donghoon
      Dec 14 '18 at 17:06











    • You created user test?

      – George Udosen
      Dec 14 '18 at 17:10










    1




    1





    Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

    – Doug Smythies
    Dec 14 '18 at 15:30





    Shouldn't step 2 part 2 be *dhpc* instead of *dhcp*?

    – Doug Smythies
    Dec 14 '18 at 15:30













    Yea your right let me update that!

    – George Udosen
    Dec 14 '18 at 15:38





    Yea your right let me update that!

    – George Udosen
    Dec 14 '18 at 15:38













    @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

    – donghoon
    Dec 14 '18 at 16:48





    @Doug Smythies, @George Udosen : Yes, I changed to *dhpc*.

    – donghoon
    Dec 14 '18 at 16:48













    @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

    – donghoon
    Dec 14 '18 at 17:06





    @George Udosen, By the way, .dhpcd did not start offline. As soon as I turn online, the process started.

    – donghoon
    Dec 14 '18 at 17:06













    You created user test?

    – George Udosen
    Dec 14 '18 at 17:10







    You created user test?

    – George Udosen
    Dec 14 '18 at 17:10















    0














    sudo crontab -l showed no crontab for root.



    From sudo find / -iname "*dhpc*" , I found this: /home/test/.dhpcd



    Also, the attached picture is capture from top.
    enter image description here



    This is the result of `'ls -al':
    enter image description here



    Quite a while ago, I created git page just for practice. Something fish is going on here..






    share|improve this answer
























    • What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

      – vidarlo
      Dec 14 '18 at 17:34











    • @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

      – donghoon
      Dec 14 '18 at 17:50











    • While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

      – donghoon
      Dec 14 '18 at 18:21











    • Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

      – vidarlo
      Dec 14 '18 at 18:24











    • You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

      – Doug Smythies
      Dec 14 '18 at 18:58


















    0














    sudo crontab -l showed no crontab for root.



    From sudo find / -iname "*dhpc*" , I found this: /home/test/.dhpcd



    Also, the attached picture is capture from top.
    enter image description here



    This is the result of `'ls -al':
    enter image description here



    Quite a while ago, I created git page just for practice. Something fish is going on here..






    share|improve this answer
























    • What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

      – vidarlo
      Dec 14 '18 at 17:34











    • @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

      – donghoon
      Dec 14 '18 at 17:50











    • While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

      – donghoon
      Dec 14 '18 at 18:21











    • Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

      – vidarlo
      Dec 14 '18 at 18:24











    • You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

      – Doug Smythies
      Dec 14 '18 at 18:58
















    0












    0








    0







    sudo crontab -l showed no crontab for root.



    From sudo find / -iname "*dhpc*" , I found this: /home/test/.dhpcd



    Also, the attached picture is capture from top.
    enter image description here



    This is the result of `'ls -al':
    enter image description here



    Quite a while ago, I created git page just for practice. Something fish is going on here..






    share|improve this answer













    sudo crontab -l showed no crontab for root.



    From sudo find / -iname "*dhpc*" , I found this: /home/test/.dhpcd



    Also, the attached picture is capture from top.
    enter image description here



    This is the result of `'ls -al':
    enter image description here



    Quite a while ago, I created git page just for practice. Something fish is going on here..







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Dec 14 '18 at 16:58









    donghoondonghoon

    183




    183













    • What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

      – vidarlo
      Dec 14 '18 at 17:34











    • @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

      – donghoon
      Dec 14 '18 at 17:50











    • While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

      – donghoon
      Dec 14 '18 at 18:21











    • Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

      – vidarlo
      Dec 14 '18 at 18:24











    • You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

      – Doug Smythies
      Dec 14 '18 at 18:58





















    • What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

      – vidarlo
      Dec 14 '18 at 17:34











    • @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

      – donghoon
      Dec 14 '18 at 17:50











    • While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

      – donghoon
      Dec 14 '18 at 18:21











    • Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

      – vidarlo
      Dec 14 '18 at 18:24











    • You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

      – Doug Smythies
      Dec 14 '18 at 18:58



















    What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

    – vidarlo
    Dec 14 '18 at 17:34





    What is the content of .dhcpd? What is the content of sudo crontab -l -u test? Something is triggering it...

    – vidarlo
    Dec 14 '18 at 17:34













    @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

    – donghoon
    Dec 14 '18 at 17:50





    @vidarlo I just ran your command WITHOUT .dhpcd running. The output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null. I will run your command again after .dhpcd starts.

    – donghoon
    Dec 14 '18 at 17:50













    While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

    – donghoon
    Dec 14 '18 at 18:21





    While .dhpcd is running, the output is 18 * * * * /home/test/.dhpcd -o ca.minexmr.com:4444 -t3 -B >/dev/null 2>/dev/null It is actually the same..haha.. @vidalo , Do you have any more suggestion? Otherwise, I will delete the user test as George Udosen suggested.

    – donghoon
    Dec 14 '18 at 18:21













    Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

    – vidarlo
    Dec 14 '18 at 18:24





    Best bet would be to remove the line from crontab (use crontab -e to edit), and verify other files such as .bashrc, and remove .dhcpd.

    – vidarlo
    Dec 14 '18 at 18:24













    You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

    – Doug Smythies
    Dec 14 '18 at 18:58







    You have been compromised, and your computer is being used to mine crypto currency. Myself, I would delete the test user and all its files: sudo deluser --system --remove-all-files test. However, your system will still be suspect.

    – Doug Smythies
    Dec 14 '18 at 18:58













    0














    Thank you all for your help, especially, George Udosen and Doug Smythies.



    Some of the most practical commands were:



    top : To figure out which command was taking all my CPU; I found .dhpcd was using all my CPU. Note that it is different from dhcpcd.



    Googling with linux ".dhpcd": To learn what it is...



    sudo find / -iname "*dhpc*" : To figure out which directory contained .dhpcd.



    sudo userdel -r test : To get rid of a user test. This was because .dhpcd was executed by a suspicious user called test.



    sudo deluser --system --remove-all-files test : To remove all files created by a user test.



    Finally I rebooted my laptop, and the issue has gone.



    Note that I didn't remember if I had created the user test. Since I don't use the account, I deleted everything related to it. I do now know if the issue would have been resolved by deleting only .dhpcd.






    share|improve this answer




























      0














      Thank you all for your help, especially, George Udosen and Doug Smythies.



      Some of the most practical commands were:



      top : To figure out which command was taking all my CPU; I found .dhpcd was using all my CPU. Note that it is different from dhcpcd.



      Googling with linux ".dhpcd": To learn what it is...



      sudo find / -iname "*dhpc*" : To figure out which directory contained .dhpcd.



      sudo userdel -r test : To get rid of a user test. This was because .dhpcd was executed by a suspicious user called test.



      sudo deluser --system --remove-all-files test : To remove all files created by a user test.



      Finally I rebooted my laptop, and the issue has gone.



      Note that I didn't remember if I had created the user test. Since I don't use the account, I deleted everything related to it. I do now know if the issue would have been resolved by deleting only .dhpcd.






      share|improve this answer


























        0












        0








        0







        Thank you all for your help, especially, George Udosen and Doug Smythies.



        Some of the most practical commands were:



        top : To figure out which command was taking all my CPU; I found .dhpcd was using all my CPU. Note that it is different from dhcpcd.



        Googling with linux ".dhpcd": To learn what it is...



        sudo find / -iname "*dhpc*" : To figure out which directory contained .dhpcd.



        sudo userdel -r test : To get rid of a user test. This was because .dhpcd was executed by a suspicious user called test.



        sudo deluser --system --remove-all-files test : To remove all files created by a user test.



        Finally I rebooted my laptop, and the issue has gone.



        Note that I didn't remember if I had created the user test. Since I don't use the account, I deleted everything related to it. I do now know if the issue would have been resolved by deleting only .dhpcd.






        share|improve this answer













        Thank you all for your help, especially, George Udosen and Doug Smythies.



        Some of the most practical commands were:



        top : To figure out which command was taking all my CPU; I found .dhpcd was using all my CPU. Note that it is different from dhcpcd.



        Googling with linux ".dhpcd": To learn what it is...



        sudo find / -iname "*dhpc*" : To figure out which directory contained .dhpcd.



        sudo userdel -r test : To get rid of a user test. This was because .dhpcd was executed by a suspicious user called test.



        sudo deluser --system --remove-all-files test : To remove all files created by a user test.



        Finally I rebooted my laptop, and the issue has gone.



        Note that I didn't remember if I had created the user test. Since I don't use the account, I deleted everything related to it. I do now know if the issue would have been resolved by deleting only .dhpcd.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 15 '18 at 21:53









        donghoondonghoon

        183




        183






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1100467%2fre-what-is-dhpcd-command-and-how-to-disable-it%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to change which sound is reproduced for terminal bell?

            Can I use Tabulator js library in my java Spring + Thymeleaf project?

            Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents