Re: Another thread about a non-killable process

Tue, 11 Jul 2006 13:54:55 -0700 

2006/7/11, Joshua J. Kugler <[EMAIL PROTECTED]>:


Win32?  Huh?  This is a Debian system.  Proftpd is locked (won't accept
connections, even though it shows listening on *:ftp.



yes...^^...also this is a debian system is not exempt by trojan and virus...^_^





This is what top shows:

  899 ftp       39  19  4164 2216 3460 R 98.4  0.2  27190:02 proftpd

Output of lsof|grep proftpd

proftpd     899      ftp  cwd       DIR        9,1     4096          2 /
proftpd     899      ftp  rtd       DIR        9,1     4096          2 /
proftpd     899      ftp  txt       REG        9,1   568812
501112 /usr/sbin/proftpd
proftpd     899      ftp  mem       REG        9,1    90248
646521 /lib/ld-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    18876
646565 /lib/tls/libcrypt-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    11024
646488 /lib/libcap.so.1.10
proftpd     899      ftp  mem       REG        9,1    28880
646421 /lib/libwrap.so.0.7.6
proftpd     899      ftp  mem       REG        9,1    73304
646569 /lib/tls/libnsl-2.3.2.so
proftpd     899      ftp  mem       REG        9,1   198576
486306 /usr/lib/i686/cmov/libssl.so.0.9.7
proftpd     899      ftp  mem       REG        9,1  1029672
486305 /usr/lib/i686/cmov/libcrypto.so.0.9.7
proftpd     899      ftp  mem       REG        9,1    30360
646516 /lib/libpam.so.0.76
proftpd     899      ftp  mem       REG        9,1  1254468
646564 /lib/tls/libc-2.3.2.so
proftpd     899      ftp  mem       REG        9,1     9872
646566 /lib/tls/libdl-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    34748
646572 /lib/tls/libnss_files-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    28616
646570 /lib/tls/libnss_compat-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    33440
646574 /lib/tls/libnss_nis-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    13976
646571 /lib/tls/libnss_dns-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    64924
646578 /lib/tls/libresolv-2.3.2.so
proftpd     899      ftp    0u     IPv4       2776                 TCP *:ftp
(LISTEN)
proftpd     899      ftp    1uW     REG        9,2     1056
670463 /var/run/proftpd/proftpd.scoreboard
proftpd     899      ftp    4r      REG        9,1     1248
586047 /etc/group

So, if it's a back door, it's really good at opening all the right files to
look the the real thing.

j



I think, that, the demon of proftpd make a problem, like a loop or a
overflow...:S

other command to kill the process other that suggest by Michael Marsh

killall -9 899

good night and good luck. I close.

heba


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to