When I start my pc, (Nobara 43) Memory is up to 70% usage. I dual boot, but use Windows like 5% of the time. I have a Swap partition (64gb), but it shows 0b usage. Is it safe to kill the windows process? Can anyone shed some light into whats going on? I was starting to think this is sketchy lol
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Thanks, this is useful info. It doesnt appear to be restarting itself after I killed the process. Is this a good sign?
This doesn't really say much; this could be legitimate software thinking it crashed, or it could be malware trying to hide itself.
Try seeing if
sudo find / -type f -name windowstells you anything about where it's installed. This command searches through/(all files) to find a file (-type f) that is namedwindows(the same as the process name).findwill catch more if you wildcard the name with"*windows*", but that's a moot point: we don't have enough info to jump to "malware" conclusions here.Looking for malware by hunting for the name in a procid list won't usually get far, you'd be better to
netstatto see what various processes are listening or phoning home to confirm suspicions of malware.weird
Heavily leaning towards malware; normal software tends to name itself the same on disk and in ram, this seems to be it trying to hide itself.
Since there's now nothing to go off of for how this got on your system, the best course of action is to back up your documents and reinstall your system fresh. To avoid malware in the future, stick to the built-in app store and system repositories where possible.
See my top-level comment, but WinBoat does seem to set the process name for its Windows VM to "windows".
Now if WinBoat is not used here, I agree this might be malware.
it'll probably be back running once you reboot. better find out where on your storage it is, why is it starting and where did it come from.
Its not showing after reboot. I wanted to trace it back but theres no trace, hmm
as root? see where it nests?