Possible Duplicate:
My server’s been hacked EMERGENCY
Which package does the file /lib/libsh.so belong to?
I need to replace it since it was infected. Same for /etc/sh.conf.
For now I have moved it to /temp/libsh.so.infected. Can I just delete it?
Edit 1:
I just found out that libsh.so isn't a file but a directory with following files: bash shdcf shhk shhk.pub shrs
Those aren't files I've ever heard of. Googling for libsh.so brings up results related to the SHV4/5 rootkit. Here's a blog post detailing symptoms and removal
What distribution do you have ? Matching file to package totally depends on package manager -> {and thus to distribution}.
In any case, for rpms (Fedora, Redhat, Centos ...) you can do it with rpm -qf /lib/libsh.so
