Re: Another thread about a non-killable process

To: debian-user@lists.debian.org
Subject: Re: Another thread about a non-killable process
From: heba <mat.r.gl@gmail.com>
Date: Tue, 11 Jul 2006 22:33:31 +0200
Message-id: <[🔎] b07a9ae00607111333v1ea4197au17481fd99d9e7a50@mail.gmail.com>
In-reply-to: <[🔎] 200607111209.03545.joshua@eeinternet.com>
References: <[🔎] 200607111117.56485.joshua@eeinternet.com> <[🔎] b07a9ae00607111256n2132c94bwc45a1a2c6533623a@mail.gmail.com> <[🔎] 200607111209.03545.joshua@eeinternet.com>

2006/7/11, Joshua J. Kugler <joshua@eeinternet.com>:

Win32?  Huh?  This is a Debian system.  Proftpd is locked (won't accept
connections, even though it shows listening on *:ftp.


yes...^^...also this is a debian system is not exempt by trojan and virus...^_^

This is what top shows:

  899 ftp       39  19  4164 2216 3460 R 98.4  0.2  27190:02 proftpd

Output of lsof|grep proftpd

proftpd     899      ftp  cwd       DIR        9,1     4096          2 /
proftpd     899      ftp  rtd       DIR        9,1     4096          2 /
proftpd     899      ftp  txt       REG        9,1   568812
501112 /usr/sbin/proftpd
proftpd     899      ftp  mem       REG        9,1    90248
646521 /lib/ld-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    18876
646565 /lib/tls/libcrypt-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    11024
646488 /lib/libcap.so.1.10
proftpd     899      ftp  mem       REG        9,1    28880
646421 /lib/libwrap.so.0.7.6
proftpd     899      ftp  mem       REG        9,1    73304
646569 /lib/tls/libnsl-2.3.2.so
proftpd     899      ftp  mem       REG        9,1   198576
486306 /usr/lib/i686/cmov/libssl.so.0.9.7
proftpd     899      ftp  mem       REG        9,1  1029672
486305 /usr/lib/i686/cmov/libcrypto.so.0.9.7
proftpd     899      ftp  mem       REG        9,1    30360
646516 /lib/libpam.so.0.76
proftpd     899      ftp  mem       REG        9,1  1254468
646564 /lib/tls/libc-2.3.2.so
proftpd     899      ftp  mem       REG        9,1     9872
646566 /lib/tls/libdl-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    34748
646572 /lib/tls/libnss_files-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    28616
646570 /lib/tls/libnss_compat-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    33440
646574 /lib/tls/libnss_nis-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    13976
646571 /lib/tls/libnss_dns-2.3.2.so
proftpd     899      ftp  mem       REG        9,1    64924
646578 /lib/tls/libresolv-2.3.2.so
proftpd     899      ftp    0u     IPv4       2776                 TCP *:ftp
(LISTEN)
proftpd     899      ftp    1uW     REG        9,2     1056
670463 /var/run/proftpd/proftpd.scoreboard
proftpd     899      ftp    4r      REG        9,1     1248
586047 /etc/group

So, if it's a back door, it's really good at opening all the right files to
look the the real thing.

j


I think, that, the demon of proftpd make a problem, like a loop or a
overflow...:S

other command to kill the process other that suggest by Michael Marsh

killall -9 899

good night and good luck. I close.

heba

Reply to:

References:
- Another thread about a non-killable process
  - From: "Joshua J. Kugler" <joshua@eeinternet.com>
- Re: Another thread about a non-killable process
  - From: heba <mat.r.gl@gmail.com>
- Re: Another thread about a non-killable process
  - From: "Joshua J. Kugler" <joshua@eeinternet.com>

Prev by Date: Re: Another thread about a non-killable process
Next by Date: Editing run level S (was encrypted filesystem that can be mounted remotely?)
Previous by thread: Re: Another thread about a non-killable process
Next by thread: encrypted filesystem that can be mounted remotely?
Index(es):
- Date
- Thread