[vox-tech] Possible rootkit
Richard Harke
paleopenguin at gmail.com
Mon Sep 23 10:27:43 PDT 2013
I emailed vox-tech too soon and googled too slow. It appears all is normal.
Richard
On Mon, Sep 23, 2013 at 5:45 AM, Rod Roark <rod at sunsetsystems.com> wrote:
> rtkit-daemon is a normal process:
>
> http://packages.ubuntu.com/lucid/rtkit
>
> Rod
>
> On Mon, 23 Sep 2013 06:52:01 -0400
> Ken Bloom <kbloom at gmail.com> wrote:
>
> > Do a clean reinstall. In your new installation, change your passwords and
> > make sure you have the latest security updates.
> > On Sep 23, 2013 1:49 AM, "Richard Harke" <paleopenguin at gmail.com> wrote:
> >
> > > I may have screwed up. I opened a GIF that I received in an email using
> > > ImageMagick. The image didn't have a close button so I used ps -A to
> find
> > > the
> > > task. I didn't find any called ImageMagick but there was one named
> > > display.im6
> > > and when I killed it, the icon on the task bar went away. But I also
> found
> > > a task
> > > called rtkit-daemon which I killed. But now I also find a whole new
> > > directory
> > > named /run which seems to have a lot of executables in it. All time
> stamped
> > > about the time this happened. Whoops, I forgot 24 hour clock. The time
> > > stamps
> > > are this morning so maybe it doesn't have to do with the GIF. In any
> case
> > > I assume everything in /run is trojaned.
> > >
> > > I am open for advice.
> > >
> > > Richard
> > >
> > >
> > > _______________________________________________
> > > vox-tech mailing list
> > > vox-tech at lists.lugod.org
> > > http://lists.lugod.org/mailman/listinfo/vox-tech
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox-tech/attachments/20130923/da404fdf/attachment.htm
More information about the vox-tech
mailing list