Re: Strange file

Tue, 31 Jul 2001 22:33:14 -0700 

Greetings,

On Tue, 31 Jul 2001, Net Llama wrote:

> 
> --- Lee <[EMAIL PROTECTED]> wrote:
> > Running COL 2.2. In the last week my hard drive went from 75% used to
> > 99% used. Checked. The only thing I could find out of place is a
> > strange
> > file in /home/user called scywebMT.dll'. The file is totally
> > untouchable. Tried to remove it with rm and rm -f terminal window
> > locks
> > up. Tried to read the file with cat got the same result. Whatis same
> > result.This file wasn't there before my free space on the hard drive
> > started to disappear.
> > 
> > Anyone know what scywebMT.dll' is? Is it possible that some creature
> > has
> > managed to plant a Linux virus?
> 
> Why would you think it a virus?  More likely is a root kit. A search on
> google references that file as perhaps related to a squid proxy.  WHat
> does ls -l on that file show? Are you sure that the terminal is locking
> up when you attempt to delete it?  Perhaps its just taking a while to
> delete, conidering how large it must be.

   Take a look at 'man chattr'.  You may find that the append-only bit is
set in the file attributes.  A common trick by crackers to keep files from
being  moved/renamed (mv) or removed (rm), even by root!  But you should
be able to set the attributes back to normal with chattr and then be able
to delete the file :-)

   Good luck and let us know how it goes... 

      --- Jay
             
+------------------------------------------------------------------------+
| Jay Nugent   [EMAIL PROTECTED]    (734)971-1076    (734)971-4529/Fax        |
| Nugent Telecommunications  [www.nuge.com]     (734)649-0850/Cell       |
|   Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus    [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net]   Registrar of the .linux TLD        |
+------------------------------------------------------------------------+
  1:00am  up 25 days, 19:09,  8 users,  load average: 0.08, 0.02, 0.17

_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc 
->http://linux.nf/mailman/listinfo/linux-users

Reply via email to