LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   agent.1360 trojan? (https://www.linuxquestions.org/questions/linux-security-4/agent-1360-trojan-607418/)

addux 12-17-2007 02:33 PM
agent.1360 trojan?
 
I was looking through my /tmp folder and found a folder named ssh-eUdGis1360/. Inside was a file swr------ agent.1360. Just typing 'agent.1360' into google seems to show that this is a windows related trojan? Any information will be greatly appreciated. Thanks in advance

win32sux 12-17-2007 03:07 PM
Quote:
Originally Posted by addux (Post 2993767)
I was looking through my /tmp folder and found a folder named ssh-eUdGis1360/. Inside was a file swr------ agent.1360. Just typing 'agent.1360' into google seems to show that this is a windows related trojan? Any information will be greatly appreciated. Thanks in advance
It looks like a (normal) socket file, the type generated by ssh-agent. There should be a ssh-XXXXXXXXXX/ directory (with an agent file) in your /tmp for any active X11 users. Most likely the agent + PPID which you were given for this session simply coincided with the name for a Windows trojan. Do a:
Code:
ps aux | grep x-session-manager
You should see that your x-session-manager process has PID 1360.

Also, if you run lsof on the file (as root), you should see it was opened by ssh-agent:
Code:
lsof /tmp/ssh-eUdGis1360/agent.1360


All times are GMT -5. The time now is 10:33 AM.