On 10/17/07, Jacques B. <jjrboucher@xxxxxxxxx> wrote: > On 10/17/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > > Jacques B. wrote: > > > > > > You can't honestly suggest that there should be a tool that can check > > > your entire system for any evidence of intrusion and fix it? > > > > Well yes... Since there isn't a handier one, I usually do it by > > restoring a backup from a time when I trusted the machine into a > > subdirectory of some other machine, then running rsync -avn against the > > live one to see what has changed. > > > > -- > > Les Mikesell > > lesmikesell@xxxxxxxxx > > Well if that's the approach you take, I would suggest you use md5deep > instead and use hashing as a means of verifying files on your system > with those from a trusted backup. > And you would do this using a bootable CD and mount both your current system and the backup copy read-only. But this does not help the average home user such as our OP... > Jacques B. >