LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Hunting for Rootkits

Hunting for Rootkits

Posted Mar 1, 2007 5:55 UTC (Thu) by drag (subscriber, #31333)
Parent article: Hunting for Rootkits

Not that I am a expert so take it for what it's worth...

It's also probably worth mentioning that these things are only usefull for _detecting_ rootkits.

Removing and disabling rootkits is another problem entirely.

In my opinion once you detect a rootkit, even if it's a stupid dinky one, that you should considure that paticular OS dead. It's not worth the time, effort, or uncertainty its going to take to clean that thing off.

Pull the plug on the computer (don't shutdown) take a image of the harddrive for safe keeping, format the drive and go on with your life.

(Log in to post comments)

Shutting down

Posted Mar 8, 2007 23:53 UTC (Thu) by blujay (guest, #39961) [Link]

Sometimes it might be a good idea to use the SysReq keys to remount partitions read-only, sync, and then shutdown or reboot. Since those commands go directly to the kernel, they would work unless the rootkit was on the kernel level, and might help prevent lost data.

They can also be helpful if X locks up your screen or keyboard.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds