after being infected by suckit rootkit now i am facing SHV4, SHV5.
and all is under /lib and /usr/lib/ directory how to remove and uninstall
#rm -Rf directory_hacked (is enough ?)
Printable View
after being infected by suckit rootkit now i am facing SHV4, SHV5.
and all is under /lib and /usr/lib/ directory how to remove and uninstall
#rm -Rf directory_hacked (is enough ?)
If you've been infected by a rootkit, the only way to be SURE that you are safe is to follow the three Rs: repartition, reformat, reinstall. There is no good way to know everything that the attacker did to your system while they had access, and there could be just about anything lurking in your system.
Rootkit Hunter removes both SHV4 & SHV5
http://www.rootkit.nl/
Rootkit hunter is an excellent program. I was the Slackware maintainer for it. But I agree with Flatline. After a system was infected with a rootkit, you'll never know what they did to your system so reinstalll..
And next time, keep your system up to date to prevent it from being infected again.
of course i'm using rkhunter and chkrootkit tools to diagnose that problems now my questions is
#rm -Rf infected_directory ---> is enough to do
when i infected by suckit rootkit i don't know how to resolved because the program is not running and it won't to unintall by script on infected directory. and then i have an idea to rename the directory and the infected directory is still there
and this happened again i got SHV4, SHV5 this rootkit doesn't provide uninstall script that's why i ask to all of you
and since then i never turn on SSH server (i turn it on when i needed -- maybe this the best way for me, you ?)
and is scanning is legal ? my /var/log/messages proof that (maybe 20 - 50 site scanning on my linux box everyday)