Hi Chris,
Chris Strzelczyk schrieb: > Yes, I did have a couple of PERL programs in /var/tmp. One was called > https and it is attached.
this is what my AV found:
Dateianlage Name des Virus durchgeführte Maßnahmen ---------------------------------------------------------------------- https Backdoor.Perl.Shellbot.a Removed
http://www.viruslist.com/en/viruses/encyclopedia?virusid=56186
I hope, the name of the bot can help you to trace the way your system got infected...
Stefan
