Find the answer to your Linux question:
Results 1 to 5 of 5
after being infected by suckit rootkit now i am facing SHV4, SHV5. and all is under /lib and /usr/lib/ directory how to remove and uninstall #rm -Rf directory_hacked (is enough ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2004
    Location
    Indonesia
    Posts
    84

    SHV4, SHV5 is such of rootkit ?


    after being infected by suckit rootkit now i am facing SHV4, SHV5.
    and all is under /lib and /usr/lib/ directory how to remove and uninstall

    #rm -Rf directory_hacked (is enough ?)

  2. #2
    Linux Guru Flatline's Avatar
    Join Date
    Feb 2005
    Posts
    2,204
    If you've been infected by a rootkit, the only way to be SURE that you are safe is to follow the three Rs: repartition, reformat, reinstall. There is no good way to know everything that the attacker did to your system while they had access, and there could be just about anything lurking in your system.
    There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence.

    - Jeremy S. Anderson

  3. #3
    Just Joined!
    Join Date
    May 2005
    Posts
    42
    Rootkit Hunter removes both SHV4 & SHV5
    http://www.rootkit.nl/

  4. #4
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    Rootkit hunter is an excellent program. I was the Slackware maintainer for it. But I agree with Flatline. After a system was infected with a rootkit, you'll never know what they did to your system so reinstalll..

    And next time, keep your system up to date to prevent it from being infected again.

  5. #5
    Just Joined!
    Join Date
    Feb 2004
    Location
    Indonesia
    Posts
    84
    of course i'm using rkhunter and chkrootkit tools to diagnose that problems now my questions is

    #rm -Rf infected_directory ---> is enough to do

    when i infected by suckit rootkit i don't know how to resolved because the program is not running and it won't to unintall by script on infected directory. and then i have an idea to rename the directory and the infected directory is still there

    and this happened again i got SHV4, SHV5 this rootkit doesn't provide uninstall script that's why i ask to all of you

    and since then i never turn on SSH server (i turn it on when i needed -- maybe this the best way for me, you ?)

    and is scanning is legal ? my /var/log/messages proof that (maybe 20 - 50 site scanning on my linux box everyday)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •