-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bjorn,
Any chance of attaching its disk to another machine for inspection? Or booting your webserver using Knoppix? You could, then, mount the hard disk(s) read-only and run things like ClamAV[1] (fully-updated, of course), chkrootkit[2], and rkhunter[3] on it. You'd also be able to run simple checks like 'find /tmp | less' to look for hidden files without worrying that your copy of 'find' had been compromised. Speak up if you have questions about anything I've mentioned. Cheers, - -sth [1] http://www.clamav.net [2] http://www.chkrootkit.org [3] http://www.rootkit.nl sam hooker|[EMAIL PROTECTED]|http://www.noiseplant.com Yes, my television runs Linux, too. Yes, really. http://mythtv.org Bjorn Behrendt wrote: | Please help, I don't know how to clean a virus from a linux webserver. | My webserver keeps flooding our network untill everything crashes, and | when I did a manual backup the other day my antivirus poped up with an | infection, see attached. | | Bjorn Behrendt | Proctor School District | [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiA69AACgkQX8KByLv3aQ129wCg4GOsGSblnyUAHWvhUyyYl2cC b1cAoImv66FHShNGW6BxOfNeIK8OeaUg =Fvyj -----END PGP SIGNATURE-----
