5 Feb
2006
5 Feb
'06
10:01 a.m.
James Pifer wrote:
Find one of the processes that's still alive and do "ls -l /proc/<pid>". That will give you some info about it. The exe entry should be a link to the executable itself.
ok, I found it. Now what? You said run strings? I get: Multi-thread FTP scanner v0.2.5 by Inode inode@wayreth.eu.org
That looks like the ftp scanner which can be found at http://wayreth.eu.org/ - somebody is probably using your box to find insecure ftp servers for sharing files.
Can you do an "ls -lah /dev/shm/..\ /"?
Ralph
--
Ralph Angenendt......ra@br-online.de | .."Text processing has made it possible
Bayerischer Rundfunk...80300 München | ....to right-justify any idea, even one
Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any other
Multimedia.........Tl:089.5900.16023 | ..........grounds." -- J. Finnegan, USC