Hi Guys,
Need some guidance. Looking through my server's shares, (SAMBA)
I noticed a number of rougue files (How to hack websites.exe etc..)
I've already moved these files to a temp directory for the time being.
I've informed the users of the server of the viruses and advised them to
perform a scan of their PCs.
I've disabled the account which was the source of infection
until further notice as well.
As I'm going through the system, I noticed that the virus has actually been
in the system for 2 days. Enough to populate to my "mirrordir" directory,
my snapshots as well as my rsync snapshots.
I've not removed these files from the backups.
(I'm thinking that - No one has access to these files
and it will recover itself by tomorrow (for my mirrordir)
and a couple of days for my snapshots to come full circle)
SO.. what are your comments?
Cheers,
Ow
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
