trojan - removal problems
Brian Walker
bfwalker at gmail.com
Fri Jan 27 08:31:31 UTC 2006
To complete the topic - and many thanks for the advice so far:
1. /dev/.static/dev/ was perceived as a threat (rkhunter)
2. I umounted /dev/.static/dev and rm -R that directory, cd back to .static
and was able to rm -R that directory too.
3. nmap previously showed trinoo and a whole host of nasties listening, but
I suspect they were less able to "perform" due to Bastille being fairly well
configured, but ...
4. rebooting showed .static has reappeared, and with it the trinoo scenario.
(Also showed that removing that directory was not a problem with booting,
and I suspect even more than ever that infestation with trinoo will lead to
a seemingly innoucuous directory being created, If you do see the signs, do
rkhunter -c and check the hidden files. It will NOT show up as a named
threat on the scan)
I have already performed 2 clean installs, and the trojan persists. I can
clear it, and scanning shows it to be under control, but I need to wipe it
off the face of my disk.
Question: if a clean install fails to do it, what else can I do?
(Off for a four day break - I would appreciate your replies, but do not feel
me discourteous if I do not reply immediately)
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060127/f0b95a6c/attachment.html>
More information about the ubuntu-users
mailing list