[vox-tech] Possible rootkit
Richard Harke
paleopenguin at gmail.com
Sun Sep 22 22:22:27 PDT 2013
I may have screwed up. I opened a GIF that I received in an email using
ImageMagick. The image didn't have a close button so I used ps -A to find
the
task. I didn't find any called ImageMagick but there was one named
display.im6
and when I killed it, the icon on the task bar went away. But I also found
a task
called rtkit-daemon which I killed. But now I also find a whole new
directory
named /run which seems to have a lot of executables in it. All time stamped
about the time this happened. Whoops, I forgot 24 hour clock. The time
stamps
are this morning so maybe it doesn't have to do with the GIF. In any case I
assume everything in /run is trojaned.
I am open for advice.
Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox-tech/attachments/20130922/25d79ac1/attachment.html
More information about the vox-tech
mailing list