From owner-freebsd-newbies  Sat Mar  2 19:47:35 2002
Delivered-To: freebsd-newbies@freebsd.org
Received: from diligence.com (diligence.com [216.166.138.131])
	by hub.freebsd.org (Postfix) with SMTP id 44C2137B402
	for <freebsd-newbies@freebsd.org>; Sat,  2 Mar 2002 19:47:33 -0800 (PST)
Received: (qmail 22863 invoked by uid 535); 2 Mar 2002 20:47:31 -0700
Received: from tim@diligence.com by pdc.diligence.com with qmail-scanner-0.94 (. Clean. Processed in 0.057661 secs); 03/02/2002 20:47:31
Received: from unknown (HELO tim2) (216.166.138.76)
  by pdc.diligence.com with SMTP; 2 Mar 2002 20:47:31 -0700
Message-Id: <4.2.0.58.20020302204519.00a4b2f8@mail.diligence.com>
X-Sender: tuckun@mail.diligence.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Sat, 02 Mar 2002 20:49:43 -0800
To: jmdupx@yahoo.com
From: Tim Uckun <tim@diligence.com>
Subject: Re: Have I been hacked?
Cc: freebsd-newbies@freebsd.org
In-Reply-To: <3C819788.16419.12FB4C84@localhost>
References: <4.2.0.58.20020302124131.00a4b3d0@mail.diligence.com>
 <20020302093251.A72890@lymond.lvcm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-newbies@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-newbies.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-newbies>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-newbies>
X-Loop: FreeBSD.org

At 03:24 AM 3/3/2002 +0000, jmdupx@yahoo.com wrote:
>looks  to me  like  perfect symptoms of a  dying  hard-drive, but  a
>virus  attack would  have much the same  visible  effect  usually


Well I went into single mode and tried to mount the drives. It said I 
needed to fsck which was odd because I had shut it down properly. I did an 
fsck and them mounted the dirves, I changed the root password and the 
regular users passwd. I ran wipw to make sure no weird accounts were there. 
I installed cehckrootkit (or something like that) and ran it, it found no 
root kits. I did an lsof and nothing weird is listening on any port.

I don't think I could have gotten a virus because I don't check mail on it 
except via mutt and I haven't installed anything on it that was not in 
ports. Is there anything else I need to check?
----------------------------------------------
              Tim Uckun
       Mobile Intelligence Unit.
----------------------------------------------
    "There are some who call me TIM?"
----------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message