trojan - removal problems

Sven Wagschal s.wagschal at
Thu Jan 26 09:15:03 UTC 2006

Brian Walker schrieb:
> Yes - here is what I have
> 1. currently  listening on 27665 is trojan trinoo_master. (UDP idle scan 
> using nmap)
> 2. rebooting netstat -tlp shows udp ports open and listening on 8265, 
> 8218 and 8419.
> 3. fuser shows that the directory /dev/.static/dev/ is NOT a directory, 
> at least, it is not the directory I think it should be
> I will boot from Penguin sleuth and see more details, before deleting 
> the /dev/.static/ directory, then (if I can reboot!) recheck as before.
> On googling for trinoo_master, I see very little about what to do, where 
> the beast hides, and therefore not much can be done to remove it. Having 
> done a clean install I still find traces of the beast. Therefore, 
> tracking down the beast's lair and destroying is the way forward. So 
> far, there is no report that I know of to say where we can likely find 
> the lair.
> My supposition is that trinoo_master lurks in this seemingly correct 
> directory, and is therefore an ongoing threat to my computer.
> Follow-up later!
> Brian

Maybe this links can provide a little help:


But even on these sites there seem to be no particular instructions for 


S. Wagschal

More information about the ubuntu-users mailing list