[vox-tech] Possible rootkit
Rod Roark
rod at sunsetsystems.com
Mon Sep 23 05:45:24 PDT 2013
rtkit-daemon is a normal process:
http://packages.ubuntu.com/lucid/rtkit
Rod
On Mon, 23 Sep 2013 06:52:01 -0400
Ken Bloom <kbloom at gmail.com> wrote:
> Do a clean reinstall. In your new installation, change your passwords and
> make sure you have the latest security updates.
> On Sep 23, 2013 1:49 AM, "Richard Harke" <paleopenguin at gmail.com> wrote:
>
> > I may have screwed up. I opened a GIF that I received in an email using
> > ImageMagick. The image didn't have a close button so I used ps -A to find
> > the
> > task. I didn't find any called ImageMagick but there was one named
> > display.im6
> > and when I killed it, the icon on the task bar went away. But I also found
> > a task
> > called rtkit-daemon which I killed. But now I also find a whole new
> > directory
> > named /run which seems to have a lot of executables in it. All time stamped
> > about the time this happened. Whoops, I forgot 24 hour clock. The time
> > stamps
> > are this morning so maybe it doesn't have to do with the GIF. In any case
> > I assume everything in /run is trojaned.
> >
> > I am open for advice.
> >
> > Richard
> >
> >
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech at lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
More information about the vox-tech
mailing list