[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to fix rootkit?

Am 08.02.12 18:46, schrieb Fernando Mercês:
> Reading memory after turning off? There are a easy way to it?
> When I said "your own binaries", I mean "get fresh copies of
> binaries and use in system with a USB stick or something like that.
> Do not use the compromised system binaries". That's it. ;-)

And who says, that the new binarys don't work in "compromized mode",
e.g. with a LD_PRELOAD? ;)

you can't trust a compromized system, not even when you running (or
think you are running) own binaries. Who knows, what the kernel does.

Kind Regards,

Reply to: