jeff on 17 Jan 2019 21:10:44 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] malware cont'd

took me a while to make sure I was firewalled correctly (logs show it keeps trying different ranges). They were all stopped at SYN. Back to finding the source, I checked PROC/pid and found a bizarre assortment of zero byte files, symlinks, and recursive dirs, not to mention a 29g mirror of my HOME dir. Could not find anything that called it into existence in these dirs. (Thanks, Michael)

pstree(?) showed the fake processes came directly from systemd - top level. Is there a way to tshoot from there? Can't find it in logs.

Tomorrow it's a new install and lighting a candle to the Flying Spaghetti Monster to make sure my data is clean.


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --