Hi there!

I've got some several problems with a linux installation.
When i hit the netstat -tap command, i see several connections like "IRC" Connections.

I'm afraid that im hit by a bot or some kind of virus.
What can i do? I runned Rootkithunter several times but it found nothing.

tcp 0 52 s1.xxx.com:52631 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -

These connections are incomming. And my bandwith is increasing to 1GB !
What can i do to stop this maddness? I'm Sorry for my bad english! :)

Hi there!

I've got some several problems with a linux installation.
When i hit the netstat -tap command, i see several connections like "IRC" Connections.

I'm afraid that im hit by a bot or some kind of virus.
What can i do? I runned Rootkithunter several times but it found nothing.

tcp 0 52 s1.xxx.com:52631 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -
tcp 0 68 s1.xxx.com:52733 punch.va.us.dal.net:ircd LAST_ACK -

These connections are incomming. And my bandwith is increasing to 1GB !
What can i do to stop this maddness? I'm Sorry for my bad english! :)


Looks to me that your system has been hacked, and used as a "zombie" system.
Did you update rootkithunter (rkhunter --update) when you did the scan?

Yes i updated it fully before scanning!

Is there a way to find out what it is and where the file or script is hiding?

Hmm i found some scripts (PERL)

psy.tar.gz
zoals socks.tgz,
tengkorakcrew.txt

and more :( just deleted it!