./cache.sh?

[Duane Whitty]

On 18-02-07 12:22 AM, Karl Auer wrote:
> An odd one today!
> 
> A client has a system that is running a process that shows up in the
> process list as "./cache.sh". There is no file named "cache.sh"
> anywhere on his system. This process is chewing up most of his CPU. If
> stopped, it starts again after a few minutes. It starts on boot, too.
> 
> I thnk it's malware, and since this system is showing a few other signs
> of compromise my immediate recommendation was to rebuild the system
> from scratch, and that's what we'll probably do.
> 
> But I'm curious - has anyone seen this before? Google was little help
> -there are a zillion "cache" things out there.
> 
> Regards, K.
> 
That's pretty interesting.  What's $> ps aux |grep cache.sh show?  If
you look in /var/proc/$PID maybe something interesting might be
revealed.  Lots of entries there that could be looked into.

Best Regards,
Duane

-- 
Duane Whitty
duane at nofroth.com