Re: Re: Virus and file /proc/kcore
Thanks,
I have rebooted the system. It still comes up with this file being HUGE and when I do a 'df' it shows that partition to be 100% full. I know that it is only about 45% full the other day. If the file is not real, should the memory be unavailable? Perhaps, I have something else going on. When I run f-prot again with -auto -delete it doesn't find any virus. If I do it with -noheur it finds the W32. I have to read a bit more to understand the ins and outs of this.
Thank you for your help.
Another thing. I have a seperate /usr partition. Can I wipe the / partition and reinstall it without changing the other partition?
Michael
>
> From: Edward Guldemond <thedebategod@yifan.net>
> Date: 2002/08/10 Sat AM 09:17:32 EDT
> To: Debian User Mailing List <debian-user@lists.debian.org>
> Subject: Re: Virus and file /proc/kcore
>
> Micheal,
>
> The /proc partiton is a "window" into your running system. The kmem
> file is the kernel memory, so when you look at that file, you are
> looking at the memory of the kernel. This file is set to read-only by
> root because not even root should be fooling around with the raw
> contents of kernel memory. In short, this file does not take up any
> real disk space, and is just generated by the kernel on access. Having
> said that, you cannot change this file, and the only way to "clean" the
> virus is to restart so kernel memory is cleared. If F-Prot says that
> the data in /proc/kcore is a Windows virus, we can only hope so. ;-)
>
> --
> ------------------------------------------
> Edward Guldemond
>
> Key fingerprint: 29FF 2969 A04E F934 3F03
> 4329 BC56 3AA7 2F57 6735
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Michael Ward Cole, DO
1216 Cedar Point Drive
Virginia Beach, Virginia 23451
Reply to: