Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Machine compromised

Status
Not open for further replies.
deltamail

deltamail

Technical User
Oct 2, 2006
1
IN
Hello,
My machine is compromised. Can anyone guide me how to fix it.
I ran rootcheck it gives me

[FAILED]: Process '8921' hidden from ps. Possible trojaned version installed.
[FAILED]: Excessive number of hidden processes. It maybe a false-positive or something really bad is going on.

How can I unhide the process?

When I start the Iptables it blocks all the ports and I can't even SSH to server.
I tried installing the apf but i get following error

iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

Please suggest.
Thanks.
 
Sort by date Sort by votes
The 'I'm rooted three step'.

Remove this machine from any network.
Boot from knoppix or some purpose built forensics
bootable.
Do forensics analysis and follow up.

HTH
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

inforeqd
  • Locked
  • Question
Multiple Physical NICs on Redhat KVM Virtual Machine
Replies
0
Views
50
inforeqd
inforeqd
abrooks3640
  • Locked
  • Question
Two Servers on One Machine - iframe question
Replies
0
Views
64
abrooks3640
abrooks3640
maccarone
  • Locked
  • Question
Using iptables for internal nattined Virtual machine
Replies
0
Views
74
maccarone
maccarone
davidchardonnet
  • Locked
  • Question
Setup 3 virtual machines running each 1 web application
Replies
2
Views
82
davidchardonnet
davidchardonnet
spicymango
  • Locked
  • Question
.wmv file throwing all machine language text
Replies
4
Views
30
spicymango
spicymango

Part and Inventory Search

Sponsor

Back
Top