trojan - removal problems
Sven Wagschal
s.wagschal at bengelhaus.de
Thu Jan 26 09:15:03 UTC 2006
Brian Walker schrieb:
> Yes - here is what I have
>
> 1. currently listening on 27665 is trojan trinoo_master. (UDP idle scan
> using nmap)
> 2. rebooting netstat -tlp shows udp ports open and listening on 8265,
> 8218 and 8419.
> 3. fuser shows that the directory /dev/.static/dev/ is NOT a directory,
> at least, it is not the directory I think it should be
>
> I will boot from Penguin sleuth and see more details, before deleting
> the /dev/.static/ directory, then (if I can reboot!) recheck as before.
>
> On googling for trinoo_master, I see very little about what to do, where
> the beast hides, and therefore not much can be done to remove it. Having
> done a clean install I still find traces of the beast. Therefore,
> tracking down the beast's lair and destroying is the way forward. So
> far, there is no report that I know of to say where we can likely find
> the lair.
>
> My supposition is that trinoo_master lurks in this seemingly correct
> directory, and is therefore an ongoing threat to my computer.
>
> Follow-up later!
>
> Brian
Maybe this links can provide a little help:
<http://www.f-secure.com/v-descs/trin00.shtml>
<http://securityresponse.symantec.com/avcenter/venc/data/tfn2k.html>
But even on these sites there seem to be no particular instructions for
remvoval.
Regards,
S. Wagschal
More information about the ubuntu-users
mailing list