Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Apr 2002

    Unhappy problems with a virus that does network scanning (LINUX)

    I think I have a zombie process running on my LINUX box which wakes up approximately 2 or 3 times a day and sends out about 64,000 packets scanning different ports and ip addresses.
    Does anyone know how to tell if I have a zombie process running on my LINUX box or how to stop it?

    thank you

  2. #2
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    I'm not sure if "zombie is the word you're looking for.
    A zombie is a process that has died or exited, but somehow
    still appears to be there.

    What you're describing is a "daemon", and it could be a legit
    process in the OS, or an intruder.
    I came in to the world with nothing. I still have most of it.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    What's the process name/path? (ps -aux)

    Credit travels up, blame travels down -- The Boss

  4. #4
    Junior Member
    Join Date
    Jan 2002

    Using PS

    Hey buddy, I recommend you do a little "man ps" and "man top" for yourself. In ps, there should be an option that shows the program and its related sockets. What you can do is type "ps -p" (or whatever the extension is to see the programs), and see what's making those sockets get opened. From there, you can weed out that little bugger

    "top" lists the processes that take up the most processor time on your computer, I.E., the apps that are hogging all your speed. When those packets start flying, you can type "top," and see which programs are taking the most processor time. Hopefully, this virus will show up high on top's list.

    Hope this helps, you can always email me if you have any other questions!

    Stretch your MIND

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts