Every once in a while I will see via TOP in unix 100% cpu used. It is coming from 2 processes owned by root. One is call SP and the other is called PSCAN2.

Any ideas what these are?

In general, if you see something that you don't think should be there, you should turn it off (assuming that this is your own server, of course).

I would suggest that you go back to top again, and while in it, press 'c', this will show you the command line, and you should be able to tell from what file those two programs started, and determine what they are.

Peter

http://www.phreak.org/archives/exploits/unix/network-scanners/pscan2.c

You've probably been hacked.

It appears you are right. If anyone was ideas on how to prevent this let me know

Thanks

It really depends on the situation. First of all, is this your own server? (or are you just a user running top?)

If it is, and you don't know why this program is running (maybe you have a co-owner running it?), then you should assume that your machine has been compromise. First do "kill <pid>" where the pid is the process id of the two processes, and then arrange to reinstallyou server as soon as possible.

Peter