1 |
On 08/09/10 12:25, Paul Hartman wrote: |
2 |
[] |
3 |
> If anyone has advice on what I should look at forensically to |
4 |
> determine the cause of this, it is appreciated. I'll first dig into |
5 |
> the logs, bash history etc. and really hope that this very happened |
6 |
> recently. |
7 |
> |
8 |
> Thanks for any tips and wish me good luck. :) |
9 |
|
10 |
AntiVir (Avira) anti-malware scanner has hundreds of Linux rootkit/virus |
11 |
signatures; you might scan your box with that. It has an on-access, |
12 |
realtime monitor option as well, which I use it to monitor anything |
13 |
downloaded and or compiled on my box (in case the distribution screen |
14 |
gets hacked). |
15 |
|
16 |
<http://www.free-av.com/en/download/download_servers.php> |
17 |
|
18 |
Presuming you're rooted, you might first try their stand-alone, linux |
19 |
live-disk scanner so as to avoid borked kernel and/or core utilities: |
20 |
|
21 |
<http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html> |