[NTLUG:Discuss] -:0

Fri Apr 22 23:09:28 CDT 2005

I would be very suspicious of this.  If you are running a proc filesystem
run more /proc/3555/cmdline  If it doesn't exist or the path looks weird
you can bet it is a Trojan. I would backup your important data and format
the system asap.  You can also do forensics on the drive if you want to
try and find out were it came from in which case I would get a new drive
reinstall to it then backup your data to the new drive and perform all of
your forensics without modifying the drive.

frostier said:
> in the process of trying to fix my printer i did a:
> ps -e -f
>
> and was looking thru the output when i saw:
> UID        PID  PPID  C STIME TTY          TIME CMD
> root      3555  1307  0 Apr21 ?        00:00:00 -:0
>
>
> i've never heard of a process called, -:0
> and it bothers the hell out of me that there is no path listed to bin.
>
> locate -:0 gives an invalid option.
>
> can this be anything good?
>
> --
> -----------------
> You can confuse some of the people all of the time.
> You can confuse all of the people some of the time.
> It's setting them straight that is a bitch.
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>