Gordon, while you're right that it's PROBABLY ORBit (an Open Source CORBA implementation), it seems to me whenever someone asks that question the answer can NEVER be "No". It's always got to be "YES!", "Possibly" or "Probably not", since most root kits are going to attempt to install some service or device which masquerades as an innocuous, or even required, program. Without looking directly at the box, without (for example) tripwire information, without.... well, you get the point. Without all that stuff, we can hazard a guess, but only Arthur can tell for sure.
In this case, though, this IS typical behavior of ORBit; not everyone uses CORBA based programs, so they don't necessarily have these files, but once you start using CORBA based programs, ORBit spits out lots of stuff like Arthur described. He might be able to check RPM to see what he has installed which required ORBit, and see if he's using those programs. In this case, perhaps he should do an rpm -q ORBit | xargs rpm -q --whatrequires to see what he might be running that is doing this? Bill Ward > -----Original Message----- > From: Gordon Messmer [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 27, 2002 12:13 PM > To: [EMAIL PROTECTED] > Subject: Re: Is this a virus : "/tmp/orbit-<blabla>" > > > On Fri, 2002-09-27 at 08:08, Arthur Chan wrote: > > Hi All. > > I have these strange sub-dirs in /tmp/orb-<username> > > , and in these sub-dirs , hundreds of files names like this : > > "srwxr-xr-x orb-29348673785". > > In the /tmp directory itself, many hundreds of files with names > > similar to this : "file-fdhfgv878r" > > Never seen them before, propagate faster than rabbits > > Is this a virus ? > > No. `rpm -qi ORBit` -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
