Linux Advocate wrote: > DID THIS GUY ACTUALLY SAVE A FILE ON MY HARD DISK??? > AAAAAAHHHHHHHHHHHHHHHHHHHH??????????????? > > Was this why rkhunter popped out with this warning? > > * Filesystem checks > Checking /dev for suspicious files... [ OK ] > Scanning for hidden files... [ Warning! ] > --------------- > /etc/.pwd.lock /usr/share/man/man1/..1.gz /dev/.udev > --------------- > Please inspect: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory) > > Should i delete these files? are the man files nromally .gz or .bz2 ? > > There is also a similar entry, where another file called unix2.tgz was downloaded.... > > But i cant find these files on the HDisk? > guys i am out of my league here. All assistance is deeply appreciated. > I *hope* this machine is disconnected from the internet and running a liveCD to investigate this yes, it appears you've been hacked, and have stealth files (any file with . in front oft he name is hidden and would only show with ls -a and if you *are* rootkitted, there's a strong possibility your ls and other command tools have been replaced.. and, it appears it came in via an exploit in that horde framework (I know nothing about horde)