SHV4, SHV5 is such of rootkit ?

**kamtono** · 05-25-2005

after being infected by suckit rootkit now i am facing SHV4, SHV5.
and all is under /lib and /usr/lib/ directory how to remove and uninstall

#rm -Rf directory_hacked (is enough ?)

**Flatline** · 05-25-2005

If you've been infected by a rootkit, the only way to be SURE that you are safe is to follow the three Rs: repartition, reformat, reinstall. There is no good way to know everything that the attacker did to your system while they had access, and there could be just about anything lurking in your system.

**Salient** · 05-26-2005

Rootkit Hunter removes both SHV4 & SHV5
http://www.rootkit.nl/

**puntmuts** · 05-27-2005

Rootkit hunter is an excellent program. I was the Slackware maintainer for it. But I agree with Flatline. After a system was infected with a rootkit, you'll never know what they did to your system so reinstalll..

And next time, keep your system up to date to prevent it from being infected again.

**kamtono** · 05-28-2005

of course i'm using rkhunter and chkrootkit tools to diagnose that problems now my questions is

#rm -Rf infected_directory ---> is enough to do

when i infected by suckit rootkit i don't know how to resolved because the program is not running and it won't to unintall by script on infected directory. and then i have an idea to rename the directory and the infected directory is still there

and this happened again i got SHV4, SHV5 this rootkit doesn't provide uninstall script that's why i ask to all of you

and since then i never turn on SSH server (i turn it on when i needed -- maybe this the best way for me, you ?)

and is scanning is legal ? my /var/log/messages proof that (maybe 20 - 50 site scanning on my linux box everyday)

Thread Tools

Display

SHV4, SHV5 is such of rootkit ?

Posting Permissions