LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-17-2007, 02:33 PM   #1
addux
Member
 
Registered: Dec 2006
Location: In the middle of the ocean.
Distribution: Ubuntu 12.04, Debian Squeeze, Windows 7
Posts: 67

Rep: Reputation: 16
agent.1360 trojan?


I was looking through my /tmp folder and found a folder named ssh-eUdGis1360/. Inside was a file swr------ agent.1360. Just typing 'agent.1360' into google seems to show that this is a windows related trojan? Any information will be greatly appreciated. Thanks in advance

Last edited by addux; 12-17-2007 at 02:43 PM.
 
Old 12-17-2007, 03:07 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by addux View Post
I was looking through my /tmp folder and found a folder named ssh-eUdGis1360/. Inside was a file swr------ agent.1360. Just typing 'agent.1360' into google seems to show that this is a windows related trojan? Any information will be greatly appreciated. Thanks in advance
It looks like a (normal) socket file, the type generated by ssh-agent. There should be a ssh-XXXXXXXXXX/ directory (with an agent file) in your /tmp for any active X11 users. Most likely the agent + PPID which you were given for this session simply coincided with the name for a Windows trojan. Do a:
Code:
ps aux | grep x-session-manager
You should see that your x-session-manager process has PID 1360.

Also, if you run lsof on the file (as root), you should see it was opened by ssh-agent:
Code:
lsof /tmp/ssh-eUdGis1360/agent.1360

Last edited by win32sux; 12-17-2007 at 04:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Error: Agent Configuration Agent (use Oracle with Linux) shipon_97 Linux - Enterprise 0 02-02-2007 12:11 AM
Software modem on Acer Aspire 1360 Panagiotis_IOA Linux - Laptop and Netbook 0 05-28-2006 11:23 AM
can't find ide.agent & block.agent for hotplug for 2.6 jg167 Linux - Newbie 1 06-23-2004 05:20 PM
Hotplug problems: RH 9, 2.6.6, PCMCIA-CS 3.2.7 (missing ide.agent & block.agent) jg167 Red Hat 1 06-23-2004 05:18 PM
Possible Trojan ! FreeFox Linux - General 4 08-03-2003 08:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration