From owner-freebsd-questions Sun Oct 13 16: 0:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BC9937B401 for ; Sun, 13 Oct 2002 16:00:46 -0700 (PDT) Received: from catflap.home.slightlystrange.org (pc1-cmbg1-4-cust43.cam.cable.ntl.com [62.253.133.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CE9943EA9 for ; Sun, 13 Oct 2002 16:00:45 -0700 (PDT) (envelope-from dan@slightlystrange.org) Received: from danielby by catflap.home.slightlystrange.org with local (Exim 3.36 #1) id 180riu-000Ddg-00 for freebsd-questions@FreeBSD.ORG; Mon, 14 Oct 2002 00:00:36 +0100 Date: Mon, 14 Oct 2002 00:00:36 +0100 From: Daniel Bye To: freebsd-questions@FreeBSD.ORG Subject: Re: Slightly OT: How to remove an odd file... Message-ID: <20021013230036.GB51228@catflap.home.slightlystrange.org> Reply-To: dan@slightlystrange.org Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <3DA99893.3000304@attbi.com> <005b01c272d2$c67fad30$1500a8c0@dogbert> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005b01c272d2$c67fad30$1500a8c0@dogbert> User-Agent: Mutt/1.4i X-Scanner: exiscan *180riu-000Ddg-00*5lkyKSEGMzo* (SlightlyStrange.org, Using NOD32 http://www.nod32.com) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 13, 2002 at 12:08:29PM -0400, Brian McCann wrote: > Yea...did it logged on directly as root. I think what happened is > someone hacked the box via anon. FTP and made this program as a back > door of some kind. :-/ I was able to 'chmod +w " " ' it, no errors > there...but it yells when I try to rm it. If you know the inode number (which I seem to recall you do, from the start of this thread), and if the version of find on RedHat supports the same sort of options as FreeBSD's find, you might try this: # find . -inum -ok rm -f {} \; You may need to tweak it, I haven't been near RedHat for well over two years, so don't remember the niceties of any of its tools. HTH, Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message