I'm not familiar with chkrootkit. It sounds like the Microsoftian antivirus mindset of looking for known compromises, which is a mindset I avoid. My own methodology would be to examine the script in question, and poke around at other files. If the system looks compromised, I'd do a fresh clean install (on a new hard drive, for convenience), move my data files over, make sure the new system is working properly, and wipe the compromised drive. The thing is, once your machine has been compromised, it's hard to know if you've removed every trace. And then focus on prevention, an ounce of which is worth pounds of "cure".
According to BTP, > I did as you mention by booting from a knoppix cd and try to check the hard > drive partitions with chkrootkit. Chkrootkit however did not run in the same > typical manner as it does when I invoke it from my Debian console: it > complained about not being able to do everything it's supposed to, I can't > remember the details. > > Also I gave a quick try to install some virus scanner from the Knoppix > software install menu, but I lost my interest into figuring all that out and > did not perform a virus scan. > > I did not find any specific instructions on google for dealing with > compromised systems using knoppix, other than what I tried to do. > > Does anyone have any links or specific hints regarding this?? > > Bart > > > > > > I'd not run anything else from a hard drive I suspect is > > compromised. Reboot with a liveCD and examine it from > > there. > > > > Tony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
