Re: how to fix rootkit?

To: "volk@lab127.karelia.ru" <volk@lab127.karelia.ru>
Cc: debian-security@lists.debian.org
Subject: Re: how to fix rootkit?
From: Alexander Schreiber <als@thangorodrim.de>
Date: Wed, 8 Feb 2012 13:51:04 +0100
Message-id: <20120208125104.GA18436@thangorodrim.de>
In-reply-to: <4F3237FA.1050206@lab127.karelia.ru>
References: <4F3237FA.1050206@lab127.karelia.ru>

On Wed, Feb 08, 2012 at 11:53:14AM +0300, volk@lab127.karelia.ru wrote:
> Today I found next things at squeeze. Please help to fix, I've no
> experience in such tasks.
> 
> # chkrootkit
> ROOTDIR is `/'
> Checking `ifconfig'...                                      INFECTED
> Checking `netstat'...                                       INFECTED

Don't even try to fix, with the system rooted you cannot trust it.
The only safe course of action is to wipe the system and reinstall it.

If you need the data on the machine and have no current backups, boot
from a rescue CD (giving you a _clean_ environment) and copy the data
off, then wipe & reinstall.

Kind regards,
           Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

Reply to:

Follow-Ups:
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>

References:
- how to fix rootkit?
  - From: "volk@lab127.karelia.ru" <volk@lab127.karelia.ru>

Prev by Date: Re: how to fix rootkit?
Next by Date: Re: how to fix rootkit?
Previous by thread: Re: how to fix rootkit?
Next by thread: Re: how to fix rootkit?
Index(es):
- Date
- Thread