Re: how to fix rootkit?

On Wed, Feb 08, 2012 at 11:53:14AM +0300, volk@lab127.karelia.ru wrote:
> Today I found next things at squeeze. Please help to fix, I've no
> experience in such tasks.
>
> # chkrootkit
> ROOTDIR is `/'
> Checking `ifconfig'... INFECTED
> Checking `netstat'... INFECTED

Don't even try to fix, with the system rooted you cannot trust it.
The only safe course of action is to wipe the system and reinstall it.

If you need the data on the machine and have no current backups, boot
from a rescue CD (giving you a _clean_ environment) and copy the data
off, then wipe & reinstall.

Kind regards,
           Alex.
-- "Opportunity is missed by most people because it is dressed in overalls and looks like work." -- Thomas A. Edison -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20120208125104.GA18436@thangorodrim.de

• This message: [ Message body ]
• Next message: Fernando Mercês: "Re: how to fix rootkit?"
• Previous message: Laurentiu Pancescu: "Re: how to fix rootkit?"
• In reply to: volk_at_nospam: "how to fix rootkit?"
• Next in thread: Fernando Mercês: "Re: how to fix rootkit?"
• Reply: Fernando Mercês: "Re: how to fix rootkit?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]