There has been a lot of traffic on a machine lately. Someone noticed a .mech/.stealth directory in /var/tmp/... which looks kind of like a virus. It does suspicious things. There is a file called cyc.pid which contains a process id. When I did a ps on the ID I found only "ps" was running. However, in that same directory I noticed an executable called "ps". The ps on ps showed it had been running for the last 4 or 5 days, and a regular linux ps runs no more than a few seconds. There is also an executable there called "pico" and several server files all pointing to undernet.org.
Has anyone else run into this? Is it a virus? Is like an IRC bot. What can be done? Tony
-- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
