On Mon, Aug 9, 2010 at 1:59 PM, 7v5w7go9ub0o <7v5w7go9u...@gmail.com> wrote: > On 08/09/10 12:25, Paul Hartman wrote: > [] >> If anyone has advice on what I should look at forensically to >> determine the cause of this, it is appreciated. I'll first dig into >> the logs, bash history etc. and really hope that this very happened >> recently. >> >> Thanks for any tips and wish me good luck. :) > > AntiVir (Avira) anti-malware scanner has hundreds of Linux rootkit/virus > signatures; you might scan your box with that. It has an on-access, > realtime monitor option as well, which I use it to monitor anything > downloaded and or compiled on my box (in case the distribution screen > gets hacked). > > <http://www.free-av.com/en/download/download_servers.php> > > Presuming you're rooted, you might first try their stand-alone, linux > live-disk scanner so as to avoid borked kernel and/or core utilities: > > <http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html>
Was not aware of that one, I'll give it a try. Thanks.
