Hello,
I'm in search of advice here as I don't know where to start.
A server has been running backuppc nicely for several years.
And then a couple of months ago, it began to eat up the bandwidth of the
local network.
I don't have much information now as it's a remote location and I can't
get a connection when the problem occurs.
I may have a few hours to investigate though, after a reboot of the
server, but what am I looking for ?
All I could gather via phone call during the problem with a top and
netstat command on the server is that a "xddlvqhhrd" command is
consuming 25% of CPU and that a connection is established with a remote
IP by a program named "grep "A""
Sounds like a rootkit to me.
Some action/documentation to help to get rid of this ?
TIA
Rudu