[vox-tech] Possible rootkit
Matthew Van Gundy
matt-lugod at shekinahstudios.com
Mon Sep 23 05:44:33 PDT 2013
Richard,
Are you sure that you aren't making too much of this? Does /run
actually have executables? Or are they just directories that are
usually found in /var/run:
http://www.h-online.com/open/news/item/Linux-distributions-to-include-run-directory-1219006.html
?
As for rtkit-daemon, my first assumption would be that it would be the
daemon process for rtkit (Realtime Policy and Watchdog Daemon)?
Matt
On Sun, Sep 22, 2013 at 10:22:27PM -0700, Richard Harke wrote:
> I may have screwed up. I opened a GIF that I received in an email using
> ImageMagick. The image didn't have a close button so I used ps -A to find
> the
> task. I didn't find any called ImageMagick but there was one named
> display.im6
> and when I killed it, the icon on the task bar went away. But I also found
> a task
> called rtkit-daemon which I killed. But now I also find a whole new
> directory
> named /run which seems to have a lot of executables in it. All time stamped
> about the time this happened. Whoops, I forgot 24 hour clock. The time
> stamps
> are this morning so maybe it doesn't have to do with the GIF. In any case I
> assume everything in /run is trojaned.
>
> I am open for advice.
>
> Richard
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
More information about the vox-tech
mailing list