My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030413/c11127c2/attachment.bin
Hello Alexandru, Sunday, April 13, 2003, 5:53:00 PM, you wrote: AB> My machine got hacked a few days ago through the samba bug. I AB> reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM AB> but still... AB> Can anyone please advise ? AB> bash-2.05b# chkrootkit | grep INFECTED AB> Checking `chfn'... INFECTED AB> Checking `chsh'... INFECTED AB> Checking `date'... INFECTED AB> Checking `ls'... INFECTED AB> Checking `ps'... INFECTED This was mentioned on this list before. Is your system 5.x ? ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru