Re: how to fix invected system
восстанови бинарники вручную, либо переустанови все затронутые пакеты
(используя apt-file можно узнать кто где живет).
2012/2/8 volk@lab127.karelia.ru <volk@lab127.karelia.ru>:
> Добрый день! Есть проблема (см. ниже) что делать? Опыта исправления
> инфицированной системы нет.
> Буду благодарен за помощь.
>
> squeeze
>
> # chkrootkit|grep INFE
> Checking `ifconfig'... INFECTED
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> Checking `netstat'... INFECTED
> Checking `pstree'... INFECTED
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> Checking `top'... INFECTED
> find: /proc/kcore: Value too large for defined data type
> Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
> ERROR: Obsolete k option not supported.
> ********* simple selection ********* ********* selection by list *********
> -A all processes -C by command name
> -N negate selection -G by real group ID (supports names)
> -a all w/ tty except session leaders -U by real user ID (supports names)
> -d all except session leaders -g by session leader OR by group name
> -e all processes -p by process ID
> T all processes on this terminal -s processes in the sessions given
> a all w/ tty, including other users -t by tty
> g all, even group leaders! -u by effective user ID (supports
> names)
> r only running processes U processes for specified users
> x processes w/o controlling ttys t by tty
> *********** output format ********** *********** long options ***********
> -o,o user-defined -f full --Group --User --pid --cols
> -j,j job control s signal --group --user --sid --rows
> -O,O preloaded -o v virtual memory --cumulative --format --deselect
> -l,l long u user-oriented --sort --tty --forest --version
> X registers --heading --no-heading
> ********* misc options *********
> -V,V show version L list format codes f ASCII art forest
> -m,m show threads S children in sum -y change -l format
> -n,N set namelist file c true command name n numeric WCHAN,UID
> -w,w wide output e show environment -H process heirarchy
>
>
>
> --
> Alexander Volkov
> Senior java developer/architect
>
> mob: +79215283540
> skype: v2003_2003@mail.ru
>
Reply to: