On Sun, 2005-12-11 at 00:44 -0500, Scot L. Harris wrote: > On Sun, 2005-12-11 at 00:31, Gene Heskett wrote: > > A friend of mine just reported he has been rooted, and his machine was > > spewing spam in the name of the colonial bank. > > > FWIW, chkrootkit didn't find it! > > > > Did you try rkhunter? Would be interesting to know if it could see it. > > > Whats the general removal procedure for this, and better yet, how did > > they get in? > > Once a system has been rooted the only action to take is to rebuild the > system from scratch, format the drives and install clean. Be very > careful of anything backed up on the system since the root kit was > installed. > I think I know in a general kind of way. But, what is a rootkit? Regards Bill
