On 29/9/14 12:55, Cristian Rodríguez wrote:
El 29/09/14 a las #4, Otto Rodusek escribió:
On 29/9/14 12:29, Cristian Rodríguez wrote:
El 29/09/14 a las #4, Otto Rodusek escribió:
Thanks for your feedback. Yes I do have VMware Workstation 10.0.3 running - BUT - it is a legit purchased version from VMware and properly licensed. Can you give me the link you found? I tried googling but couldn't find it.
It is in spanish:
http://bitacoraderedes.wordpress.com/2013/11/19/un-caso-real-un-linux-troyan...
describes exactly your problem, same ip address of the bot director, same executables poisoned.. The analysis is only partial so it might be slightly wrong.
Hi Cristian,
Thanks for the link - checking now. Thanks for your help. (Going to do a complete uninstall of vmware, download a fresh install from vmware, check md5sum and sha1sum, and do a re-install and see the results).
Nooope, that's not the way you have to do it.. the machine has been compromised and can no longer be trusted to perform any task. clean os install and restoring known clean backups comes next.
Hi Cristian, Ok, that sounds the best way to go. Thanks and best regards. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org