[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] are these worm files?

Subject: Re: [cobalt-users] are these worm files?
From: flash22@xxxxxxx
Date: Fri Mar 23 09:42:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 24 Mar 2001, Loryan Strant wrote:
> I've just run Lionfind on my Cobalt RaQ4, and it says the following are
> suspicious files:
> 
> /usr/src/.puta/.1addr /usr/src/.puta/.1file /usr/src/.puta/.1proc
> /usr/src/.puta/.1logz /usr/src/.puta/ /usr/src/.puta/ /usr/info/.t0rn/
> 
> I find those a little odd too,

Yup...rootkit

 so I'm wondering if I can delete this whole
> directory.

I wouldn't do that as the first thing ;) some may be replacements for
network programs, deleting them may make the machine impossible to get
into, i'd be saving important things first....in preperation for
reinstalling the OS ;)

Certainly if at all possible isolate it from the internet...

Not to mention you would be destroying any usefull evidence of what
happened...

gsh

References:
- [cobalt-users] are these worm files?
  - From: Loryan Strant

Prev by Date: Re: [cobalt-users] are these worm files?
Next by Date: [cobalt-users] what version of pearl on the raq 4 we need 5.005
Previous by thread: Re: [cobalt-users] are these worm files?
Next by thread: [cobalt-users] [RAQ3] Temperatur Sensor

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index