On Friday 12 September 2003 10:07, Mark M. Barrios wrote: > how is this a rootkit again?
well, > > I hope you can help me on this. This rootkit runs until such time it > > decides to write random garbage to my data and takes down the hard drive > > with a "missing operating system" message at bootup. on the other hand, michael: > > Here are others: > > Sep 11 11:39:30 desktop depmod: *** Unresolved symbols in > > /lib/modules/2.4.19-16mdk/kernel/arch/i386/mki-adapter/mki-adapter.o that's just the win4lin module. i've never had a problem with that so it's not likely that win4lin is the problem, unless you downloaded a trojaned win4lin RPM from somewhere. when you do a depmod -ae, what symbols does it say are missing? just curious. if it worked before and now it stops working, then, yeah, it does look like something modified your system enough that this module stops working. if you reinstall the win4lin kernel RPM (after first backing up the current vmlinuz that win4lin uses and the modules), and then compare them, do they differ? what files differ and how? if the rootkit did that, then the places where they differ and the differences might give you clues. next time you reinstall clean, use tripwire and write the signatures to a CD-R. that way, you have something to compare to when something changes. or you could compare the current system with a backup, if you've got one. tiger -- Gerald Timothy Quimpo gquimpo*hotmail.com tiger*sni*ph http://bopolissimus.sni.ph Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Lack of money is the root of all evil. George Bernard Shaw -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
