[G4] "Echo you got owned"
Giorgio Gomelsky
gio1 at rcn.com
Wed Nov 12 09:43:54 PST 2008
Richard Klein wrote:
> It sounds like you inadvertently left some kind of server running,
> maybe SSH or something, and someone took advantage of that to mount a
> volume on your desktop. It's not a virus, exactly, but someone
> executing commands on your computer. Check what's running on your
> computer.
>
On the G4 I run the QuickTimeStreamingServer (on its own IP#) for
serving videos,
embedded on a website served from a W2K (web) server thru a router (own
IP# too), using 2 different
ISPs connections Been working for years with no problems.
Checked Activity Monitor on G4 (without QTSS running) and noticed
following "servers",
1. SystemUIServer (Process ID229)/Parent Process: 'loginwindow ',
2 ATSServer (process ID89)/Parent Process: 'launchd ' which the
"sample" cannot examine "for unknown reasons
even though it appears to exist".
3 OSXvnc-server (ID137) Parent Process "sh(124)"
4 QTSS adds the "windowserver" (ID63) Parent Process: "launchd (01)"
The volume "echo you got owned" writes itself not on the main bootup
drive but on the second
internal drive which contains 2 more volumes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.themacintoshguy.com/pipermail/g4/attachments/20081112/c57e94d8/attachment.html
More information about the G4
mailing list