"Doug Laidlaw" <laidlaws DeleteThis @myaccess.com.au> wrote in message
news:s359u-lj3.ln1@dougshost.mydomain.org.au...
> >
> > ls, lsof, ifconfig, login, telnet, su, sudo, cron
> >
> > in the end I was able to locate them all and using the hd editing
software
> > (i can never remember the name - it took me a couple of weeks to find) I
> > ended up changing the flag value on the files inodes from $FF to $00
and
> > that then allowed me to delete the files normally.
> >
> > Mike.
>
> That has restored what you saw. What about the other things you haven't
> noticed? To repeat James: you have been cracked. The only way to get rid
> of all the damage is to do a fresh install from CD-ROMS, preferably after
a
> format of the drive. Keep a backup of ypur home directory to put back
> afterward.
Doug, I agree with you - those were the files that were wierd users and had
been patched so they didn't work at all, but once I had removed them I
copied over from another installation (on my laptop) Every file in the
master system dirs, /etc and below
/bin /sbin /usr/bin /usr/sbin /usr/local/bin /lib and recompile / install
the kernel and lilo, and I am currently installing afresh on a new machine
ready to swap the two over - while the system seems secure (and GRC also
agrees) I still don't trust it.
Mike
FAQ
Search
Profile
Private Messages
Log in
