From owner-freebsd-questions  Tue Nov  6 19:23: 7 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-80.dsl.lsan03.pacbell.net [63.207.60.80])
	by hub.freebsd.org (Postfix) with ESMTP id 78EF137B41A
	for <freebsd-questions@FreeBSD.ORG>; Tue,  6 Nov 2001 19:23:03 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id C23AA66BD5; Tue,  6 Nov 2001 19:23:02 -0800 (PST)
Date: Tue, 6 Nov 2001 19:23:02 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Kelvin Ng Chee Hoong <nchee_hoong@pacific.net.sg>
Cc: Kris Kennaway <kris@obsecurity.org>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: Infected by virus
Message-ID: <20011106192302.A35555@xor.obsecurity.org>
References: <5.1.0.14.0.20011107092016.00a46320@po.pacific.net.sg> <5.1.0.14.0.20011107092016.00a46320@po.pacific.net.sg> <20011106190912.A35365@xor.obsecurity.org> <5.1.0.14.0.20011107111835.00a4a6e0@po.pacific.net.sg>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <5.1.0.14.0.20011107111835.00a4a6e0@po.pacific.net.sg>; from nchee_hoong@pacific.net.sg on Wed, Nov 07, 2001 at 11:22:09AM +0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 07, 2001 at 11:22:09AM +0800, Kelvin Ng Chee Hoong wrote:
> Well ;
>      This sound bad news to me . :-(
> I have installed a lot of application software the system . It consumed m=
e=20
> a lot of time to get these services up.
> I am going to cry if you ask me to wipe the disk and re-install .
>=20
> :-(

If you're very careful to only restore data (not binaries) which you
have verified to be unaffected, you can safely do so, but there could
be backdoors hidden in any of the binaries on the system, or in
configuraton files, etc.  Of course, what you do with your system is
up to you, but if you don't clean your system thoroughly then you
might have ongoing problems if your attackers have left a way to get
back in.

Kris

--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE76KkWWry0BWjoQKURAkhAAJ9I90sQuFKvfcH/U1dwmA/Tox51RwCfcmGS
94rGjCb3IOUCQEFPoxbJuBs=
=jaTH
-----END PGP SIGNATURE-----

--u3/rZRmxL6MmkK24--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message