I recommend you boot with some live CD system and make a dump of each partition, including swap, with dd. So you can analyze it after wipe your system.
This analysis will help you to discover how attacker have gained root access, protect your actual system and feed community with real case information. If you need help, please let me know. Best regards, Fernando Mercês Linux Registered User #432779 www.mentebinaria.com.br softwarelivre-rj.org @MenteBinaria ------------------------------------ II Hack'n Rio - 23 e 24/11 hacknrio.org ------------------------------------ On Wed, Feb 8, 2012 at 10:51 AM, Alexander Schreiber <[email protected]> wrote: > On Wed, Feb 08, 2012 at 11:53:14AM +0300, [email protected] wrote: >> Today I found next things at squeeze. Please help to fix, I've no >> experience in such tasks. >> >> # chkrootkit >> ROOTDIR is `/' >> Checking `ifconfig'... INFECTED >> Checking `netstat'... INFECTED > > Don't even try to fix, with the system rooted you cannot trust it. > The only safe course of action is to wipe the system and reinstall it. > > If you need the data on the machine and have no current backups, boot > from a rescue CD (giving you a _clean_ environment) and copy the data > off, then wipe & reinstall. > > Kind regards, > Alex. > -- > "Opportunity is missed by most people because it is dressed in overalls and > looks like work." -- Thomas A. Edison > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAM7p17PMimBO-Ouu4gRy7L7PXWdy�[email protected]
