[CentOS] Load Average ~0.40 when idle

Sun Jul 20 04:56:45 UTC 2008
John R Pierce <pierce at hogranch.com>

Stephen John Smoogen wrote:
> On Sat, Jul 19, 2008 at 2:48 PM, listmail <listmail at entertech.com> wrote:
>   
>> I am running CentOS 5 on a dual-dual-core Intel machine, and I am seeing
>> a load average of between 0.35 and 0.50 while the machine is idle, i.e.
>> no processes appear to be running.
>>
>>     
>
> Download the livecd and boot using it. See if the load average still
> occurs. Check to see if you have any traffic occuring on the network
> from the system. [I had a box that was kernel trojaned that had a load
> average all the time when it was on the wire and did not when it
> didn't. The kernel trojan was looking for a particular bit of traffic
> that would open up its backdoor to.]
>
>
>
>   

its been ages since i've had to do this, but in years past, rkhunter was 
really good at finding rootkits like this.   worst case, you put it on 
alive CD and run it from there.

I believe this is the source home page, 
http://www.rootkit.nl/projects/rootkit_hunter.html