If you want, you can send me that virus file and I'll take a look at it. I work on the malcode team for iDefense. If you do end up emailing it to me, zip it up and password protect the zip file with the password "infected".
-Josh On 7/18/08, Keith Deterling <[EMAIL PROTECTED]> wrote: > I also like SystemRescue CD for a bootable live distro. > > http://www.sysresccd.org/Main_Page > > Or a Fedora 9 Live CD. > > However, I've found that the Redora 9 CD sometimes doesn't recoginize SATA > laptop drives. > > > Keith Deterling > [EMAIL PROTECTED] > > Advisory IT Specialist > Unix & Intel Server Services - IBM Account > IBM Global Services - Americas Service Delivery – Server Systems Operation > Team > > Essex, Junction, VT 05242 – Bldg. 967 – 1C2009 > Tie-Line 8-446-3535 or (802) 769-3535 > Fax: (802)-769-4253 (T/L: 8-446-4253) > > > > sth > <[EMAIL PROTECTED] > OM> To > Sent by: Vermont [email protected] > Area Group of cc > Unix Enthusiasts > <[EMAIL PROTECTED] Subject > DU> Re: virus found on web server > > > 07/18/2008 03:22 > PM > > > Please respond to > Vermont Area > Group of Unix > Enthusiasts > <[EMAIL PROTECTED] > DU> > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > sth wrote: > | Any chance of attaching its disk to another machine for inspection? Or > | booting your webserver using Knoppix? You could, then, mount the hard > > I neglected to mention that I would opt for the Knoppix route, so that > the running OS would be ephemeral. In the (unlikely?) event that your > virus (or rootkit) is able to activate itself while the HD is mounted, > you won't be exposing another important system: Knoppix can always be > "refreshed from media" with a reboot. :-) > > > Cheers, > > - -sth > > sam hooker|[EMAIL PROTECTED]|http://www.noiseplant.com > > Yes, my television runs Linux, too. Yes, really. > http://mythtv.org > > | Bjorn Behrendt wrote: > | | Please help, I don't know how to clean a virus from a linux webserver. > | | My webserver keeps flooding our network untill everything crashes, and > | | when I did a manual backup the other day my antivirus poped up with an > | | infection, see attached. > | | > | | Bjorn Behrendt > | | Proctor School District > | | [EMAIL PROTECTED] > | > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkiA7V0ACgkQX8KByLv3aQ06SQCdEzU6/3PIf1FcOQP/P+YNVdnq > rXYAn3blR+eSAYb7CE13PQ2ybhqTllM6 > =VDOu > -----END PGP SIGNATURE----- >
