Sad to say one of my file servers was exploited and used to run a Phishing scam. Have identified subject virus amongst other things. It appears twice in a virus scan; /sbin/z (which I assume can just be deleted) and /sys/bus/serio/drivers/atkbd/description. The latter file is also present in identical uninfected machines. I have been unable to open the file, even with root privileges, although it appears to be a text file. Any suggestions on how to proceed appreciated. Guess I could delete it and copy over the file from an identical machine.
Thanks in advance,
B.J.
CentOS 5.0, Linux 2.6.18-8.1.15.el5 x86_64 16:26:48 up 10:46, 1 user, load average: 0.07, 0.08, 0.04
|
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos