Hi fellas
Main question thanks:
I had unexpected hard disc (HD) activity recently, shortly after I booted. I'm
concerned that it might be caused by malware. Is there a program I can run which
monitors disc accessing, and that will tell me which processes are accessing the
disc?
Will that program tell me which program/file on the filesystem the process was
started from? Then if it IS malware I'll know which file to delete/quarantine.
Thanks, John.
--------------------------------------------------------------------------------
Full Details:
1. I got some unexpected disc activity* about 2 minutes after booting completed. (*Blue
disc light flashed for a few seconds). Don't think I've seen this before. You
know how you become familiar with patterns of things happening/not happening on
the laptop. The disc activity makes me suspicious that I MIGHT have malware (but
not sure).
2. You see I spend a lot of time on the Internet and haven't got a firewall
installed or an anti-virus program constantly running in the background. So this
is also why I'm concerned that my Knoppix system might have got malware.
3. Done so far: I booted the laptop using my Knoppix live DVD, to avoid running
my real system and letting any malware run amok. Ran clamtk which showed 154
threats. I believe 141 of them are false positives, but I don't know what to
make of the remaining 13.
These 13 are all in the directory
/home/knoppix/.cache/chromium/Default/Cache/ ,
and all the filenames have the same general appearance as the following one
from those 13: /home/knoppix/.cache/chromium/Default/Cache/f_00a67f .
clamtk gives the following threat "Status" to the 13 files:
Code:
Status No. of files with this Status
PUA.Script.Packed-1: 3
PUA.Script.Packed-2: 1
PUA.Phishing.Bank: 1
PUA.JS.Obfus-2: 1
PUA.JS.Xored: 7
4. Got Knoppix live distro installed on hard disc, distro 7.0.2,
kernel release 3.3.7. Knoppix say that Knoppix installed on HD "basically
becomes Debian".
-- End of Full Details --