Jim Kinney <jim kinney gmail com
>I missed the part about these were dirs and not files.
>The dir names may have nonprinting characters so your work to change things
>is failing on wrong name.
>At this point you need to replace the drive or it's contents. Unless you
>can work at the inode level to wipe very specific bits, the level of effort
>exceeds realistic time frames. As long as those dirs exist, you're running
>a compromised system.
>On Mar 21, 2012 8:28 AM, "Barry Cisna" <cisna-barry wc235 k12 il us
>> Hello All,
>> I did try the dd if,,, of as suggested in a post to change file
>> size,,etc. After doing this routine i still get 'permission denied,,when
>> trying to delete each file after the convert.
>> SELinux is still disabled as before.
>> Nothing is ever shown in any logs ,either system or secure,,,when trying
>> to rm a file.
>> It seems the key in this is, when I try and create a blank text file and
>> save to either of the libsh(rootkit) dirs I get 'bad file descriptor',
>> very odd?
>> Not that it makes any diff,,but of course in searching the logs I did
>> find the ip address that dropped in this rootkit was from China,
>> Thanks again,
>> K12OSN mailing list
>> K12OSN redhat com
>> For more info see <http://www.k12os.org
>K12OSN mailing list
>K12OSN redhat com
>For more info see <http://www.k12os.org
K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org