[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: TOP show httpd as exe



Franco -

You can try to find it in /proc. You can also use sockstat to check for unusual socket connections.

Once I locate the actual binary, I run 'strings' against it and look for anything unusual. Look for dirs named '...' and '....' in /var/tmp and /tmp, as this is more than often a "starting point".

Please respond and share your findings with the group.

Thanks!
-dant


Franco wrote:


Hi, i have an old redhat 9.0 update to the last release of RH,
in some cases in the TOP i see httpd show as exe.
I have read the it can be a virus or trojan but how i can do
to now this and if so how can i delete it.
I start chkrootkit and rkhunter on the server and seams that
chkrootkit sometime tell me that i have hidden processes but
not even, and rkhunter tell that is all ok.
Any suggest?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]