Ack! I've been rooted...
John Aldrich
john at chattanooga.net
Fri Feb 2 17:53:17 UTC 2007
On Friday 02 February 2007 12:33 pm, alan wrote:
>
> Most rootkits replace ls and cp in order to make the other peieces
> "invisible".
>
> Don't use rsync to try and fix the problem. That is just going to make a
> big mess and it will not remove the problem.
>
> If they have rooted your system, there is at least one backdoor installed.
> (Probably more.) You also have to look at all of the accounts installed,
> the kernel modules loaded, the processes running, etc. The current
> rootkits install crap all over the place. Unless you have a very small
> install and a LOT of time, you are not going to find them all.
>
> Wipe the disc and reinstall.
>
I think that was the plan... just the OP wanted to back up some data prior to
reinstalling.
More information about the fedora-list
mailing list