I have this on one of my machines too -- /tmp/orbit-<username> -- I ran the rpm --what requires command below and got:
no package requires ORBit-0.5.7-3 Anyone have any other ideas? Should I just uninstall the package? > From: Ward William E DLDN <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 27 Sep 2002 13:26:29 -0400 > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: RE: Is this a virus : "/tmp/orbit-<blabla>" > > Gordon, while you're right that it's PROBABLY > ORBit (an Open Source CORBA implementation), > it seems to me whenever someone asks that question > the answer can NEVER be "No". It's always got > to be "YES!", "Possibly" or "Probably not", since > most root kits are going to attempt to install > some service or device which masquerades as an > innocuous, or even required, program. Without > looking directly at the box, without (for > example) tripwire information, without.... well, > you get the point. Without all that stuff, > we can hazard a guess, but only Arthur can tell > for sure. > > In this case, though, this IS typical behavior > of ORBit; not everyone uses CORBA based programs, > so they don't necessarily have these files, but > once you start using CORBA based programs, ORBit > spits out lots of stuff like Arthur described. > He might be able to check RPM to see what he has > installed which required ORBit, and see if he's > using those programs. In this case, perhaps > he should do an > > rpm -q ORBit | xargs rpm -q --whatrequires > > to see what he might be running that is doing this? > > Bill Ward > >> -----Original Message----- >> From: Gordon Messmer [mailto:[EMAIL PROTECTED]] >> Sent: Friday, September 27, 2002 12:13 PM >> To: [EMAIL PROTECTED] >> Subject: Re: Is this a virus : "/tmp/orbit-<blabla>" >> >> >> On Fri, 2002-09-27 at 08:08, Arthur Chan wrote: >>> Hi All. >>> I have these strange sub-dirs in /tmp/orb-<username> >>> , and in these sub-dirs , hundreds of files names like this : >>> "srwxr-xr-x orb-29348673785". >>> In the /tmp directory itself, many hundreds of files with names >>> similar to this : "file-fdhfgv878r" >>> Never seen them before, propagate faster than rabbits >>> Is this a virus ? >> >> No. `rpm -qi ORBit` > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
