Date: Tue, 4 Dec 2001 11:06:18 -0500 From: Bill Vermillion <bv@wjv.com> To: Blake Crosby <dev@samurai.com> Cc: isp-webhosting@isp-webhosting.com, freebsd-isp@FreeBSD.ORG Subject: Re: Weird file in /root Message-ID: <20011204110618.A34278@wjv.com> In-Reply-To: <JAEEIJKIHAONENKPFCCPIEKFCBAA.dev@samurai.com>; from dev@samurai.com on Tue, Dec 04, 2001 at 10:47:08AM -0500 References: <JAEEIJKIHAONENKPFCCPIEKFCBAA.dev@samurai.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 04, 2001 at 10:47:08AM -0500, Blake Crosby thus spoke: > I am somewhat concerned at this file I found: > 7524 -rwsr-sr-t 1 root wheel 0 Nov 30 16:41:10 2001 > /root/gA=1C=A0/=82=F81=95=C1=CA=FD)=8F=ADOK=D7R=13=AE =17=E9iz > =1E)=C4W=1A*N=E5=D08g=DC?=96a^'=0C=B4=A2=15%=0E=DF=BE=B9=FA=9E=89=04=AF= =BEt=8D=F1eu=A8?*!=8A=87!=02=D7=A6X=A4=1DR=ACm=CE=DAs=FC:=F6=99|e=9F=BFK"= =05G =0F=C7=F2 Any time I find weird files the first things I do is run strings on them and file on it to see what may be in it and if it's identifiable as any known types. Then I move it somewhere if I need to investiate more, or remove it depending on what I found with the strings and file command. The strings can sometimes point to other files that a virus may have installed in hidden directories for example. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204110618.A34278>