From owner-freebsd-security@FreeBSD.ORG  Sun Jan 15 21:27:12 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DAA9316A41F
	for <freebsd-security@freebsd.org>;
	Sun, 15 Jan 2006 21:27:12 +0000 (GMT)
	(envelope-from gregorynou@altern.org)
Received: from esemetz.metz.supelec.fr (esemetz.metz.supelec.fr
	[193.48.224.212])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 19D1043D46
	for <freebsd-security@freebsd.org>;
	Sun, 15 Jan 2006 21:27:11 +0000 (GMT)
	(envelope-from gregorynou@altern.org)
Received: from smtp.metz.supelec.fr (smtp.metz.supelec.fr [193.48.224.205])
	by esemetz.metz.supelec.fr (8.11.6/8.9.3) with ESMTP id k0FLR8Y23542
	for <freebsd-security@freebsd.org>; Sun, 15 Jan 2006 22:27:08 +0100
Received: from [193.48.225.2] (nou.rez-metz.supelec.fr [193.48.225.2])
	by smtp.metz.supelec.fr (8.11.6/8.11.6) with ESMTP id k0FLHNB23747;
	Sun, 15 Jan 2006 22:17:24 +0100
Message-ID: <43CABE2A.7000700@altern.org>
Date: Sun, 15 Jan 2006 22:27:06 +0100
From: Gregory Nou <gregorynou@altern.org>
User-Agent: Thunderbird 1.5 (X11/20060113)
MIME-Version: 1.0
To: dev@unixdaemon.org
References: <1137359877.2822.53.camel@dracula.transylvania.net>
In-Reply-To: <1137359877.2822.53.camel@dracula.transylvania.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org
Subject: Re: Rogue Processes
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2006 21:27:13 -0000

Dev Tugnait wrote:
> I seem to notice these two processes running with top. 
> 
> Netstat hasn't been issued by me and cant be killed with the START
> state. Can someone enlighten me on these processes.
> 
> FreeBSD dracula.transylvania.net 6.0-RELEASE FreeBSD 6.0-RELEASE #4: Sun
> Dec  4 00:22:01 EST 2005
> root@dracula.transylvania.net:/usr/src/sys/i386/compile/BLEACH  i386
> 
> The box doesnt run ssh or telnet just postfix relaying to my external
> webhost. 
> 
> 
> 89290 dark          1  96    0     0K     0K START    0:06  0.00%
> awt_robot
> 
> 10208 dark          1  -8    0     0K     0K START    0:00  3.00%
> netstat
> 
> Thanks
> 

I would be tempted to say that awt_robot is the java thing.
http://java.sun.com/j2se/1.3/docs/api/java/awt/Robot.html
It's is a class to allow you to program a demo.
Do you have java installed on this machine ?