Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]

[Trevor "TeC" Christian]

Tom Diehl wrote:

>On Sun, 3 Apr 2005, Arthur Pemberton wrote:
>
>  
>
>>Arthur Pemberton wrote:
>>
>>    
>>
>>>I can't reboot, shutdown, or init 3. And I keep gettign sgmentation 
>>>fault errors
>>>
>>>On any of these attempts i get:
>>>
>>>/dev/null
>>>RK_Init: idt=0xc03a3000, FUCK: IDT table read failed (offset 0xc03a3000)
>>>
>>>I'm going to bring my server down now, please advise.
>>>
>>>      
>>>
>>Looks like i've been root ktited :(
>>
>>My googling turned up this, which shows a case of my symptoms.
>>
>>:(
>>
>>How do I recover from this
>>    
>>
>
>If you have been rooted, you need to reinstall. It is the only way to be sure
>you got rid of it. If there is stuff you need, I would suggest installing another
>disk and install to it. Then you could install the old drive and mount the
>partitions with your data on it and retreive it. You can also do some inspection
>to try to figure out what happened. Just be careful not to run anything from the
>old drive or you might be in trouble again.
>
>If what I just suggested makes no sense to you, you might be better off just
>reinstalling and move on with life. The problem is you will never know what you
>did wrong and you WILL lose everything on the old installation. 
>
Does this mean there is little that can be done to either stop it from 
initially happening or prevent its reoccurence?

>If you decide
>to reinstall just be sure to format the partitions. Again keep im mind you will
>lose EVERYTHING!!
>
>HTH,
>
>Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com
>
>  
>


-- 
*Trevor "TeC" Christian*
Cell #: (767) 225 4472
IM
   MSN: trevorc98 at hotmail.com / trevor at bouyon.dalive.com
   YM : trevorc01
   AIM: DoubleOTeC
------------------------------------------------------------------------
Curriculum Vitae (PDF) <http://bouyon.dalive.com/cv/curriculum_vitae.pdf>
Curriculum Vitae (HTML) <http://bouyon.dalive.com/cv/curriculum_vitae.html>