Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Dec 2001 11:06:18 -0500
From:      Bill Vermillion <bv@wjv.com>
To:        Blake Crosby <dev@samurai.com>
Cc:        isp-webhosting@isp-webhosting.com, freebsd-isp@FreeBSD.ORG
Subject:   Re: Weird file in /root
Message-ID:  <20011204110618.A34278@wjv.com>
In-Reply-To: <JAEEIJKIHAONENKPFCCPIEKFCBAA.dev@samurai.com>; from dev@samurai.com on Tue, Dec 04, 2001 at 10:47:08AM -0500
References:  <JAEEIJKIHAONENKPFCCPIEKFCBAA.dev@samurai.com>
index | next in thread | previous in thread | raw e-mail 

On Tue, Dec 04, 2001 at 10:47:08AM -0500, Blake Crosby thus spoke:
> I am somewhat concerned at this file I found:

> 7524 -rwsr-sr-t  1 root  wheel          0 Nov 30 16:41:10 2001
> /root/gA/1)OKR	iz
> )W*N8g?a^'%߾teu?*!!צXRms:|eK"G	


Any time I find weird files the first things I do is run strings on
them and file on it to see what may be in it and if it's
identifiable as any known types.  Then I move it somewhere if I
need to investiate more, or remove it depending on what I found
with the strings and file command.

The strings can sometimes point to other files that a virus may
have installed in hidden directories for example.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204110618.A34278>