Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-11-08, 01:27:02

Author Topic: Suspicious process running under user qmaild  (Read 1661 times)

0 Members and 1 Guest are viewing this topic.

Offline cmdman

  • Senior Member
  • *
  • Posts: 297
  • Karma: +0/-0
    • View Profile
Suspicious process running under user qmaild
« on: 2014-03-17, 07:37:18 »
iam get this error MR  is it some problem..

Quote
Time:    Mon Mar 17 02:54:12 2014 +0100
PID:     24632 (Parent PID:24631)
Account: qmaild
Uptime:  234 seconds


Executable:

/usr/bin/recordio


Command Line (often faked in exploits):

/usr/bin/recordio /usr/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true


Network connections by the process (if any):

tcp: 75.67.19.115:125 -> 140.123.29.236:59056
tcp: 75.67.19.115:125 -> 140.123.29.236:59056


Files open by the process (if any):



Memory maps by the process (if any):

00400000-00404000 r-xp 00000000 08:11 142616078                          /usr/bin/recordio
00603000-00604000 rw-p 00003000 08:11 142616078                          /usr/bin/recordio
00604000-00605000 rw-p 00000000 00:00 0
7f388b2b8000-7f388b443000 r-xp 00000000 08:11 132255786                  /lib64/libc-2.12.so
7f388b443000-7f388b642000 ---p 0018b000 08:11 132255786                  /lib64/libc-2.12.so
7f388b642000-7f388b646000 r--p 0018a000 08:11 132255786                  /lib64/libc-2.12.so
7f388b646000-7f388b647000 rw-p 0018e000 08:11 132255786                  /lib64/libc-2.12.so
7f388b647000-7f388b64c000 rw-p 00000000 00:00 0
7f388b64c000-7f388b66c000 r-xp 00000000 08:11 132255865                  /lib64/ld-2.12.so
7f388b85e000-7f388b861000 rw-p 00000000 00:00 0
7f388b86a000-7f388b86b000 rw-p 00000000 00:00 0
7f388b86b000-7f388b86c000 r--p 0001f000 08:11 132255865                  /lib64/ld-2.12.so
7f388b86c000-7f388b86d000 rw-p 00020000 08:11 132255865                  /lib64/ld-2.12.so
7f388b86d000-7f388b86e000 rw-p 00000000 00:00 0
7fff9023c000-7fff90251000 rw-p 00000000 00:00 0                          [stack]
7fff903ef000-7fff903f1000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]


Quote
Executable:

/usr/bin/spamdyke


Command Line (often faked in exploits):

/usr/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true


Network connections by the process (if any):

udp: 0.0.0.0:36350 -> 0.0.0.0:0


Files open by the process (if any):

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,944
  • Karma: +1/-0
    • View Profile
Re: Suspicious process running under user qmaild
« Reply #1 on: 2014-03-17, 13:48:09 »
This is normal...

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Suspicious process running under user qmaild
« Reply #2 on: 2014-03-17, 14:50:33 »
If you found this report from 'rootkit log', this is 'false positive'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.036 seconds with 17 queries.

web stats analysis
 
Mirror created by MasterkinG32.CoM