chkrootkit: possible trojan

Paul paul at all-the-johnsons.co.uk
Sat Sep 11 13:48:45 UTC 2004


Hi,

> I haven't been able to lsmod, init 6, etc... which leads me to think
> that it's a true positive.

Do you still have root access? If so, you can fix things to make life
harder, but I would still not entirely trust the server

Really, if you've been r00ted, the only way to get rid of it is to trash
the drive, reinstall, secure, check, resecure and make live.

TTFN

Paul
-- 
"Our enemies are innovative and resourceful - and so are we,"
"They never stop thinking about new ways to harm our country and our
people - and neither do we." - George W. Bush, Aug 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040911/fe18d739/attachment-0002.bin 


More information about the users mailing list