On Sunday 13 March 2005 18:54, Carlos E. R. wrote:
The Sunday 2005-03-13 at 17:47 -0500, Allen wrote:
Umm OK, good, but don't turn the machine iff if you plan on trying to save any data gtom it for analysis. The other guy who replied said to get it off , and I agree, pull the network cable, but DON'T turn it off, reboots can often lead to rm -rf / which is added in so if the machine is powered down it can.
What about killing every process (kill -9), then pulling the cord?
Only if you don't boot the machine again. If rm -rf has been put into the init sequence (perhaps /etc/boot) then by starting the machine again the rogue code will be started and do it's damage. You can boot with knoppix and then mount your partitions and examine them for damage. Did you install tripwire? -- Collector of vintage computers http://www.ncf.ca/~ba600 Machines to trade http://www.ncf.ca/~ba600/trade.html Open Source Weekend http://www.osw.ca