FWIW, if you suspect your machine has been compromised, the binaries for common tools like ps and top shouldn’t be relied upon since those probably were tampered with to hide the malicious program from the output. At that point, you’d probably want to check each running process manually under /proc/.
FWIW, if you suspect your machine has been compromised, the binaries for common tools like
psandtopshouldn’t be relied upon since those probably were tampered with to hide the malicious program from the output. At that point, you’d probably want to check each running process manually under/proc/.