From owner-freebsd-questions@FreeBSD.ORG Wed Oct 17 20:15:35 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6ED0E16A41B for ; Wed, 17 Oct 2007 20:15:35 +0000 (UTC) (envelope-from josh.carroll@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.233]) by mx1.freebsd.org (Postfix) with ESMTP id 2960E13C47E for ; Wed, 17 Oct 2007 20:15:35 +0000 (UTC) (envelope-from josh.carroll@gmail.com) Received: by wr-out-0506.google.com with SMTP id 70so341961wra for ; Wed, 17 Oct 2007 13:15:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=8kUC09/1zquFh8dSzKGLZGX83idX+hy8cA5c7H4JqpA=; b=pQokROXM65zWiPM3g2ezuobYX+38k3ZCIEQERjXCXh4HFUmBs2qUuv4K2am+M7Td8uCR0B4J6eqwgD+/iMalQcrdYnckLILmjf9DMusC/3JWeG9PfXcWR3AXVppWd8UcCqZjI6AwxCWAhhreXclomsLsmE/YKlQOml/56boZNzc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nogHD4UzTHKdsrbXcEWHrG1A0So4BQk0xhjiduqy40c5j1QTY7cgnhj2aj7Lt9au7+AE+5j6gHJ+IK+rmmeXQTEElIn10Nj07/nvRnLoIXWUAMRK5bZIkyUN8ABoWwa9hYE06ah9o3kFOWJxla4Ux5xUig+pI28p9ZS++cMPvjg= Received: by 10.90.91.14 with SMTP id o14mr13290502agb.1192652127680; Wed, 17 Oct 2007 13:15:27 -0700 (PDT) Received: by 10.90.29.9 with HTTP; Wed, 17 Oct 2007 13:15:27 -0700 (PDT) Message-ID: <8cb6106e0710171315ue106605k55770e63d89294ea@mail.gmail.com> Date: Wed, 17 Oct 2007 16:15:27 -0400 From: "Josh Carroll" To: "Jack Raats" In-Reply-To: <002101c810f9$10379b80$0202fea9@jarasoft.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <005801c8107c$8b7b93a0$0202fea9@jarasoft.net> <20071017151607.GB51123@gizmo.acns.msu.edu> <002101c810f9$10379b80$0202fea9@jarasoft.net> Cc: Jerry McAllister , freebsd-questions@freebsd.org Subject: Re: Strange perl script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: josh.carroll@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Oct 2007 20:15:35 -0000 > The stangest thing is that I cann't find sploger on my system. After a > reboot sploger doesn't appear anymore, which makes it more stranger. So you have done a: find / -name sploger -type f And nothing comes up? If that's the case, it sounds like it was a perl script that was run, then subsequently removed from the file system. Which sounds rather nefarious to me. You might want to check for rootkits, etc. Josh