hunting trojans: does vmail user need its own crond??
iceblink at seti.nl
Tue Jun 9 08:11:36 UTC 2015
On 2015-06-09 09:27, robert wrote:
> On 09.06.2015 08:36, Brandon Vincent (Student) wrote:
>> That should be: pstree -H 3336
>> Brandon Vincent
> the path is:
> and the output from pstree:
> |-/usr/sbin/spamd---2*[spamd child]
> and I looked into that /home/vmail/.cache/ directory.
> This is for sure a trojan ..
> Now what do I do?
> is it enough to just remove it?
> It seems to be rather old (shame on me) ..
> Since 2012 (the date shown in the files in /home/vmail/.cache) I added
> tons of updates..
Removing it is probably enough to stop your machine acting as a spam
However there may be more malware or backdoors on your machine that you
are not aware of.
To make sure that all of these are gone, you need to fully re-install
That would be my recommendation.
If you feel it would be too much work to reinstall everything, and you
like to gamble, you can take a chance and only remove the malware you
More information about the ubuntu-users