Greetings,
On Tue, 31 Jul 2001, Net Llama wrote:
>
> --- Lee <[EMAIL PROTECTED]> wrote:
> > Running COL 2.2. In the last week my hard drive went from 75% used to
> > 99% used. Checked. The only thing I could find out of place is a
> > strange
> > file in /home/user called scywebMT.dll'. The file is totally
> > untouchable. Tried to remove it with rm and rm -f terminal window
> > locks
> > up. Tried to read the file with cat got the same result. Whatis same
> > result.This file wasn't there before my free space on the hard drive
> > started to disappear.
> >
> > Anyone know what scywebMT.dll' is? Is it possible that some creature
> > has
> > managed to plant a Linux virus?
>
> Why would you think it a virus? More likely is a root kit. A search on
> google references that file as perhaps related to a squid proxy. WHat
> does ls -l on that file show? Are you sure that the terminal is locking
> up when you attempt to delete it? Perhaps its just taking a while to
> delete, conidering how large it must be.
Take a look at 'man chattr'. You may find that the append-only bit is
set in the file attributes. A common trick by crackers to keep files from
being moved/renamed (mv) or removed (rm), even by root! But you should
be able to set the attributes back to normal with chattr and then be able
to delete the file :-)
Good luck and let us know how it goes...
--- Jay
+------------------------------------------------------------------------+
| Jay Nugent [EMAIL PROTECTED] (734)971-1076 (734)971-4529/Fax |
| Nugent Telecommunications [www.nuge.com] (734)649-0850/Cell |
| Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net] Registrar of the .linux TLD |
+------------------------------------------------------------------------+
1:00am up 25 days, 19:09, 8 users, load average: 0.08, 0.02, 0.17
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users