Quote:
Originally Posted by addux
I was looking through my /tmp folder and found a folder named ssh-eUdGis1360/. Inside was a file swr------ agent.1360. Just typing 'agent.1360' into google seems to show that this is a windows related trojan? Any information will be greatly appreciated. Thanks in advance
|
It looks like a (normal) socket file, the type generated by
ssh-agent. There should be a
ssh-XXXXXXXXXX/ directory (with an agent file) in your
/tmp for any active X11 users. Most likely the agent + PPID which you were given for this session simply coincided with the name for a Windows trojan. Do a:
Code:
ps aux | grep x-session-manager
You should see that your
x-session-manager process has PID 1360.
Also, if you run
lsof on the file (as root), you should see it was opened by
ssh-agent:
Code:
lsof /tmp/ssh-eUdGis1360/agent.1360