I suspect being the victim of a hacking attack. What steps should I take to ensure that no rat software is running on my computer?
I checked the autostart by executing initctl list
but im not sure if this is alright:
indicator-application start/running, process 2557
unicast-local-avahi stop/waiting
update-notifier-crash stop/waiting
upstart-udev-bridge start/running, process 2304
update-notifier-hp-firmware stop/waiting
xsession-init stop/waiting
dbus start/running, process 2315
no-pinentry-gnome3 stop/waiting
update-notifier-cds stop/waiting
gnome-keyring-ssh stop/waiting
gnome-session (Unity) start/running, process 2502
ssh-agent stop/waiting
unity7 start/running, process 2702
upstart-dbus-session-bridge start/running, process 2435
gpg-agent start/running
indicator-messages start/running, process 2535
logrotate stop/waiting
indicator-bluetooth start/running, process 2536
unity-panel-service start/running, process 2520
hud start/running, process 2491
im-config start/running
unity-gtk-module stop/waiting
session-migration stop/waiting
upstart-dbus-system-bridge start/running, process 2432
at-spi2-registryd start/running, process 2501
indicator-power start/running, process 2537
update-notifier-release stop/waiting
indicator-datetime start/running, process 2540
indicator-keyboard start/running, process 2543
unity-settings-daemon start/running, process 2493
indicator-sound start/running, process 2544
upstart-file-bridge start/running, process 2438
bamfdaemon start/running, process 2423
gnome-keyring stop/waiting
window-stack-bridge start/running, process 2327
indicator-printers start/running, process 2546
re-exec stop/waiting
upstart-event-bridge stop/waiting
unity-panel-service-lockscreen stop/waiting
indicator-session start/running, process 2547
Especially im wondering about ssh-agent stop/waiting
and session-migration stop/waiting
What else can I check to ensure there is no one connected to my machine?
Here is the full output of netstat -ap
: http://pasteall.org/468969
Snippet:
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:microsoft-ds *:* LISTEN 1556/smbd
tcp 0 0 localhost:6942 *:* LISTEN 3587/java
tcp 0 0 *:902 *:* LISTEN 1454/vmware-authdla
tcp 0 0 *:netbios-ssn *:* LISTEN 1556/smbd
tcp 0 0 localhost:63342 *:* LISTEN 3587/java
tcp 104 0 172.25.20.1:49752 172.25.255:microsoft-ds VERBUNDEN 13165/gvfsd-smb
tcp6 0 0 [::]:https [::]:* LISTEN 3296/httpd
tcp6 0 0 [::]:4444 [::]:* LISTEN 3480/java
tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 1556/smbd
tcp6 0 0 [::]:902 [::]:* LISTEN 1454/vmware-authdla
tcp6 0 0 [::]:mysql [::]:* LISTEN 3280/mysqld
tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 1556/smbd
tcp6 0 0 [::]:http [::]:* LISTEN 3296/httpd
udp 0 0 *:ipp *:* 3893/cups-browsed
udp 0 0 *:8976 *:* 3587/java
udp 0 0 *:54067 *:* 1113/avahi-daemon:
udp 0 0 *:mdns *:* 1113/avahi-daemon:
udp 0 0 *:36345 *:* 3587/java
udp 0 0 172.25.255.2:netbios-ns *:* 1538/nmbd
udp 0 0 172.25.20.1:netbios-ns *:* 1538/nmbd
udp 0 0 *:netbios-ns *:* 1538/nmbd
udp 0 0 172.25.255.:netbios-dgm *:* 1538/nmbd
udp 0 0 172.25.20.1:netbios-dgm *:* 1538/nmbd
udp 0 0 *:netbios-dgm *:* 1538/nmbd
udp6 0 0 [::]:53859 [::]:* 1113/avahi-daemon:
udp6 0 0 [::]:mdns [::]:* 1113/avahi-daemon: