Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree

[Scott Edwards <supadupa@gmail.com>]

>> I agree, this is a root exploit, and once you have root you can pretty
>> much hide anything you want.

>>>
>>> No question, reinstall.

Depending on your scope,
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html still
has some value.  It sounds as though you'll probably be fine with a
reinstall (nuke from orbit, of trusted media).

If you use anything from backups, be cautious of any content after any
trusted time. Eg, when you know it wasn't an issue, not just think it
wasn't an issue. You don't want to introduce a weakness the attacker
left some place else (like a database password, misc settings, etc).

Good luck :)

Scott.