Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
Arthur Pemberton
dalive at flashmail.com
Sun Apr 3 12:21:47 UTC 2005
Tom Diehl wrote:
>On Sun, 3 Apr 2005, Arthur Pemberton wrote:
>
>
>
>>Arthur Pemberton wrote:
>>
>>
>>
>>>I can't reboot, shutdown, or init 3. And I keep gettign sgmentation
>>>fault errors
>>>
>>>On any of these attempts i get:
>>>
>>>/dev/null
>>>RK_Init: idt=0xc03a3000, FUCK: IDT table read failed (offset 0xc03a3000)
>>>
>>>I'm going to bring my server down now, please advise.
>>>
>>>
>>>
>>Looks like i've been root ktited :(
>>
>>My googling turned up this, which shows a case of my symptoms.
>>
>>:(
>>
>>How do I recover from this
>>
>>
>
>If you have been rooted, you need to reinstall. It is the only way to be sure
>you got rid of it. If there is stuff you need, I would suggest installing another
>disk and install to it. Then you could install the old drive and mount the
>partitions with your data on it and retreive it. You can also do some inspection
>to try to figure out what happened. Just be careful not to run anything from the
>old drive or you might be in trouble again.
>
>If what I just suggested makes no sense to you, you might be better off just
>reinstalling and move on with life. The problem is you will never know what you
>did wrong and you WILL lose everything on the old installation. If you decide
>to reinstall just be sure to format the partitions. Again keep im mind you will
>lose EVERYTHING!!
>
>
>
I'm assuming an install of FC3 will properly format the drive, so that's
what I'm going to do as soon as I download, burn, and use knoppix to get
my latest maildirs. I guess i should copy over /var/log too.
>HTH,
>
>Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
>
>
>
More information about the users
mailing list