Date: 13 Apr 2003 17:17:38 +0300 From: Alexandru Balan <Alexandru.Balan@iNES.RO> To: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> Cc: freebsd-security@freebsd.org Subject: Re: chfn, chsh, ls, ps - INFECTED Message-ID: <1050243458.869.0.camel@BSD.iNES.RO> In-Reply-To: <11418603780.20030413180746@internethelp.ru> References: <1050241980.32076.26.camel@BSD.iNES.RO> <11418603780.20030413180746@internethelp.ru>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Yes it is 5.x, I'm truly sorry if it was posted before but i just subscribe. I'll search in the archives. Thank you On Sun, 2003-04-13 at 17:07, Nickolay A. Kritsky wrote: > Hello Alexandru, > > Sunday, April 13, 2003, 5:53:00 PM, you wrote: > > AB> My machine got hacked a few days ago through the samba bug. I > AB> reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM > AB> but still... > AB> Can anyone please advise ? > > AB> bash-2.05b# chkrootkit | grep INFECTED > AB> Checking `chfn'... INFECTED > AB> Checking `chsh'... INFECTED > AB> Checking `date'... INFECTED > AB> Checking `ls'... INFECTED > AB> Checking `ps'... INFECTED > > This was mentioned on this list before. Is your system 5.x ? > > ;------------------------------------------- > ; NKritsky > ; mailto:nkritsky@internethelp.ru -- Jy [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+mXGCXj/84bdgpDIRAqdDAJ4kvFOaF8Z12wRDMWhWD0CpOXbCzACfSjcP zG0qLI++1We4XeDizAF7O1Y= =/TVq -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1050243458.869.0.camel>