On Tue, May 28, 2002 at 11:46:15AM +0100, Barry O'Donovan mentioned:
> So it looks like someone added a file called "crond " (yes - there is
> a space in the name). The normal crond usually resides in /usr/sbin
> and seems to be unaltered. It also looks like someone replaced the ps
> command with another.
Nuke it from orbit. It's the only way to be sure.
Kate
--
_______________________________________
John Looney Chief Scientist
a n t e f a c t o t: +353 1 8586004
www.antefacto.com f: +353 1 8586014
Received: from mail.ddsi.ie (fw.ddsi.ie [195.7.50.146])
by lugh.tuatha.org (8.9.3/8.9.3) with ESMTP id MAA14488
for <ilug at linux.ie>; Tue, 28 May 2002 12:52:50 +0100
From: pacific/Ddsi at ddsi.ie
X-Authentication-Warning: lugh.tuatha.org: Host fw.ddsi.ie [195.7.50.146] claimed to be mail.ddsi.ie
X-Priority: 3 (Normal)
To: ilug at linux.ie
Message-ID: <OFA9BDF58A.D51ACC7E-ON80256BC7.00413714 at ddsi.ie>
X-MIMETrack: Serialize by Router on pacific/Ddsi(Release 5.0.10 |March 22, 2002) at 28/05/2002
12:52:51
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Subject: [ILUG] Report to Recipient(s)
Date: Tue May 28 12:53:21 2002
Incident Information:-
Originator: ilug-admin at linux.ie
Recipients: ilug at linux.ie
Subject: [ILUG] Undeliverable mail--"of Service"
WARNING: The file Uvwkg.pif you received was infected with the W32/Klez.h at MM
virus. The file attachment was not successfully cleaned.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
