[PLUG] time to reinstall

jeff on 16 Jan 2019 09:42:19 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] time to reinstall

From: jeff <jeffv@op.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] time to reinstall
Date: Wed, 16 Jan 2019 12:42:11 -0500
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1

Remember a while back I noticed certain processes eating up 60% of cpu?
After serious detective work, I found Interesting Stuff.

5 processes phone OVH hosting, with multiple address ranges
NetMgr seems fond of Virgin Media

When FF comes up, it visits some film festival in Canada (per netstat,but not viewed in FF).

I firewalled everything and am ready to reinstall, but what is this andwhere did it come from? No amount of searching turns up anything. Miner?


Nothing from any scanner or rkhunter.

A packet cap turned up a tiny amount of what looks like obfuscated code,featuring 'blobs'. I guess I have the Blobs.

"{"method":"login","params":{"login":"49WAk6Txxxxxxxxxxxxxxetc""jsonrpc":"2.0"

{"blob":"0909d49xxxxxxxxxxx, "job_idxxxxx'

Aside from that, everything's fine.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] time to reinstall
  - From: Michael Lazin <microlaser@gmail.com>

Prev by Date: Re: [PLUG] 3 MOnitor Video Hardware
Next by Date: Re: [PLUG] time to reinstall
Previous by thread: Re: [PLUG] 3 MOnitor Video Hardware
Next by thread: Re: [PLUG] time to reinstall
Index(es):
- Date
- Thread