On Fri, 27 Jul 2007, Magnus Pedersen wrote:
Douglas Allan Tutty wrote:
On Fri, Jul 27, 2007 at 10:38:46PM +0200, Magnus Pedersen wrote:
>
What is the timestamp of the file? What were you doing then?
The file is from the 24th of this month, where the computer was off, so
that is no help, unfortunately :-/ And the new directory showed up today.
Yes, there is a user "magnus" thats me, the directory showed up in my
homedirectory, sorry I could have been a bit more clear about that.
I'm upgrading iceweasel to 2.0.0.5 right now, have been running the one
from testing (2.0.0.3) just in case it is a securityhole in the browser
(not at all sure it is).
The fact that a file got touched so that it appears to have been created
while it was off raises all kinds of red flags. If it was a security
hole in a browser, you have no guarantee that replacing the browser will
fix the problem. You may have malware running amok now.
Doug.
I know, there is nothing suspect in top though, it seems that it is only this
one useraccount that is affected. There are no weird directories in the other
accounts or in otherplaces on the system.
/Magnus
--
lsof might be of some help. but, if your system has been compromised, you
can't really trust any of your binaries to tell you the truth anyway.
-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
