Jim Cornette wrote: > The pegged file by chkrotkit was still present on my system even after > firefox was removed from the system. I had to remove the file manually > after erasing FireFox. Of course, the purpose of chkrootkit is to find indications that your system has been compromised. So, in addition to removing the file you of course did wipe out you system and reinstall from backups or did a full reinstall...right? Otherwise, what good did just removing the file do? > Windows already tried that tactic by labeling Linux as a virus. But the > tactic was not successful. Linux would not propagate within the Windows > environment as those familiar with viruses on Windows have experienced. You misunderstand. Labeling something bad isn't going to work as you pointed out. But, MS could create their version of chkrootkit being careful such that nobody could connect them with the creation. In the beginning it would function normally....then on version 1.3 it would do its real dirty work.... :-) Afterwards, there will probably be a movie about it starring Sandra Bullock. (Hey, it is Friday....and just about quitting time.) > I will most likely reinstall Firefox and run chkrootkit to see if it > installs the same file that was pegged the first run through chkrootkit. I shudder to think what the next step will be if the file returns.... -- Americans' greatest fear is that America will turn out to have been a phenomenon, not a civilization. -- Shirley Hazzard, "Transit of Venus"