On Mon, April 18, 2005 09:35, Sigmund Straumsnes wrote: > Check /usr/bin/slocate with lsattr. > > rootkits may set attributes to prevent overwriting infected files, so you > could check for intrusion. Thanks, you are indeed correct that the attributes had been changed. I will start investigating now. Thijs