Re: how to fix invected system

восстанови бинарники вручную, либо переустанови все затронутые пакеты
(используя apt-file можно узнать кто где живет).

2012/2/8 volk@lab127.karelia.ru <volk@lab127.karelia.ru>:
> Добрый день! Есть проблема (см. ниже) что делать? Опыта исправления
> инфицированной системы нет.
> Буду благодарен за помощь.
> squeeze
> # chkrootkit|grep INFE
> Checking `ifconfig'...                                      INFECTED
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> Checking `netstat'...                                       INFECTED
> Checking `pstree'...                                        INFECTED
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> Checking `top'...                                           INFECTED
> find: /proc/kcore: Value too large for defined data type
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> ERROR: Obsolete k option not supported.
> ********* simple selection *********  ********* selection by list *********
> -A all processes                      -C by command name
> -N negate selection                   -G by real group ID (supports names)
> -a all w/ tty except session leaders  -U by real user ID (supports names)
> -d all except session leaders         -g by session leader OR by group name
> -e all processes                      -p by process ID
> T  all processes on this terminal     -s processes in the sessions given
> a  all w/ tty, including other users  -t by tty
> g  all, even group leaders!           -u by effective user ID (supports
> names)
> r  only running processes             U  processes for specified users
> x  processes w/o controlling ttys     t  by tty
> *********** output format **********  *********** long options ***********
> -o,o user-defined  -f full            --Group --User --pid --cols
> -j,j job control   s  signal          --group --user --sid --rows
> -O,O preloaded -o  v  virtual memory  --cumulative --format --deselect
> -l,l long          u  user-oriented   --sort --tty --forest --version
>                    X  registers       --heading --no-heading
>                     ********* misc options *********
> -V,V show version       L  list format codes  f  ASCII art forest
> -m,m show threads       S  children in sum    -y change -l format
> -n,N set namelist file  c  true command name  n  numeric WCHAN,UID
> -w,w wide output        e  show environment   -H process heirarchy
> --
> Alexander Volkov
> Senior java developer/architect
> mob: +79215283540
> skype: v2003_2003@mail.ru

