Re: how to fix rootkit?
Am 08.02.12 18:46, schrieb Fernando Mercês:
> Reading memory after turning off? There are a easy way to it?
> When I said "your own binaries", I mean "get fresh copies of
> binaries and use in system with a USB stick or something like that.
> Do not use the compromised system binaries". That's it. ;-)
And who says, that the new binarys don't work in "compromized mode",
e.g. with a LD_PRELOAD? ;)
you can't trust a compromized system, not even when you running (or
think you are running) own binaries. Who knows, what the kernel does.