Thanks for all the postings and the advice. I tarred up /etc /var/log/messages /lib/security/.config /proc/9325 and /proc/9335 /usr/bin/ssh2d
and the *.old and *.new for find, df, du, ps; where .old is with the corrupt rootkit and .new is with the reinstalled (pure) rpm versions. they total about 4mb and I don't want to inundate gaffle. Is there a better way to send it? Is there anything else you would want? the only stuff that isn't on there that looks like it showed up from the diff was /dev/sdq1-15. Hope this helps. btw, it's a 40gb HD. joshua _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
