You should probably re-install, but if it's at all possible, keep the
box around and try to figure out a number of things:

How the attacker got in.
What Rootkit was installed.
What did the rootkit do (transfer files, create a backdoor, etc..)
Who the attacker was.

Just putting the box back up from source media won't do any good if the
source media has a security hole in it.

Does anyone know of any processes which are hidden by design from ps,
but are not trojans/malware?

> What is the best strategy for dealing with an LKM kit? Reinstall
> linux from CD or try to remove it?
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]