When I start my pc, (Nobara 43) Memory is up to 70% usage. I dual boot, but use Windows like 5% of the time. I have a Swap partition (64gb), but it shows 0b usage. Is it safe to kill the windows process? Can anyone shed some light into whats going on? I was starting to think this is sketchy lol
UPDATE: It most likely was a Winboat process that started up every time :p
you dual boot, why would there be a ‘windows’ process running on linux side? this doesn’t make sense. unless there’s some program you use on linux that is named ‘windows’ i’m inclined to believe this is a malware of some sort, maybe a crypto miner if it uses that much resource.
Assuming this is malware, depending on the complexity it might be really hard to remove. The best course of action is much like on Windows; Backup your personal files, figure out how the malware got on your PC (so you can avoid it next time), then reinstall the operating system.
For backing up personal files, stick to documents, media, etc. Do not include executables (like installed games), and be very careful with config files (and system files), basically only back these up if you know what’s in them is legitimate.
You can find more about the process in the /proc/4212/ directory (this is the number on the left in top). By running ls -l, you should be able to see where the exe symlink points to, which tells you where the program is installed. This might give you a clue as to where it came from (or it might not, depending on how the malware is made). If you suspect it is not malware, due to information on your system, look it up online before trusting it. I have personally never seen a root-owned ““windows”” process, which is why I’m heavily leaning towards this being malware.
If you feel like you know where the malware came from, or you’re stuck and are struggling to find out more, you should reinstall your operating system to get rid of the malware. Malware can have different levels of complexity, what you’re seeing on the surface might be the whole thing, or it could have more complex systems to reinstall itself after removal. Which is why reinstalling your operating system is the safer option.
Do you use WinBoat? Because this is exactly how my WinBoat Windows VM presents using top. htop shows the qemu-system command, and btop shows both.
OP may have some confusion about what dual-boot means. WinBoat running in the background is the best plausible explanation for this, IMO.
I do use dual boot, but still have Winboat on the Linux side because some windows specific apps that aren’t demanding. The ones that are demanding in performance are the ones that I use on Windows natively.
If you want to confirm that, launch one or all of your WinBoat apps. While they are running, run pidof windows. If that gave some pids, run pstree -sp <pid>. That command shows the parent processes, with their pids, of the <pid> . WinBoat probably should be among the parents of the “windows” process.
to me it sounds like something trying to hide in a windows system (where a process like that wouldn’t stand out). but it running in your linux system probably means it sits in something other than your storage (like your boot sector or bios).
