Re: [URGENT] Need help deleting hacked files

Sun, 21 Jan 2001 20:45:03 -0800 

I beseech you to format your hard drive and reinstall. You're a danger to everyone 
until you do, because you have no way of know what all has been trojaned, or what 
extra files may have been installed as backdoors. 

Basically, until you reinstall, the cracker is in control of your box, not you. Please 
take that box offline until you're cleaned up.

And yes, if you must fiddle around for a while (off line!) use a one-floppy Linux 
distro like tomsrtbt. I must say, if you don't already have one of those, and you 
don't have another machine to make one on, you may not be able to build.

You can (maybe) check to see if user root still has the correct UIDs and stuff by 
looking in /etc/passwd.

Also, please do not use the same passwords in your new install. The cracker most 
likely had already obtained a copy of your /etc/passwd and set a something to 
decrypting it.

At 04:35 PM 1/21/2001 -0800, you wrote:
>All,
>
>The hacker who gained access to our system has me
>baffled.. I can't delete many files on the FS as root
>even using a clean copy of rm.  At first I thought
>perhaps chattr.. but a clean copy of lsattr shows
>they're not locked.  Yet I still can't delete their
>hacked versions of /bin/login, etc. Is there anything
>else I can do to delete these files?  I need to
>reinstall some key RPM's to cleanse the system for
>now... and RPM dies 'cause it can't delete the files
>either.  This is becoming more than a major problem
>for us :-(
>
>TIA,
>
>Adrian
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Auctions - Buy the things you want at great prices. 
>http://auctions.yahoo.com/
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list 

----------------------------------------------------
Jonathan Wilson
System Administrator

Cedar Creek Software
http://www.cedarcreeksoftware.com

Central Texas IT
http://www.centraltexasit.com



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to