I have recenrly found a file in my folder
called wunderbar_emporium
its details is here
What is that , how it came here and what should i check to make sure what arong has been done to system
Asked
Active
Viewed 771 times
0
-
1Make a copy so you can analyse it later then nuke it from space and reinstall from a known good backup. [This](http://serverfault.com/questions/72986/how-to-prevent-wunderbar-emporium-rootkit) SF question and other related questions may be of help to you. – user9517 Oct 06 '10 at 07:10
1 Answers
3
You could try installing rkhunter and/or chkrootkit. But: it might be too late, who knows which files already were modified?
I know it sucks, but:
- Take the machine offline
- Try to find out what happened
- Reinstall machine and take countermeasures right at the start (file change detection programs like fcheck, aide etc)
weeheavy
- 4,039
- 1
- 27
- 41