On Fri, Jul 27, 2007 at 11:49:55PM +0200, Magnus Pedersen wrote: > Anson Gardner wrote: >> <SNIP> >>>> fix the problem. You may have malware running amok now. >>>> >>>> Doug. >>> I know, there is nothing suspect in top though, it seems that it is only >>> this one useraccount that is affected. There are no weird directories in >>> the other accounts or in otherplaces on the system. >>> >>> /Magnus >> While I'm not yet convinced that you've been rooted, the fact that top >> doesn't show anything suspect is a moot point. If you have in fact been >> compromised there's not a single binary on the system that you can trust, >> including top. >> Regards, >> Anson Gardner > I don't think I've been rooted, but there is definitely something fishy > going on with my useraccount. But you are of course right, everything could > have been patched if I have been rooted...
if you really need to get a handle on these things, without taking your box down, you could (using a known clean box) build statically linked copies of the appropriate utilities and then run them from some r-o media (cd or something). That would at least eliminate those utilities from suspicion. A
signature.asc
Description: Digital signature
