Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: searching for Showtee docu

From: Joachim Schipper <j.schipper () math uu nl>
Date: Sun, 20 Nov 2005 12:20:15 +0100
On Sun, Nov 20, 2005 at 03:19:49AM +0100, Herr Zobel wrote:

Hello,

im searching for more information about Showtee rootkit.

I have a system commpromised by some LKM and Showtee rootkit according to
chkrootkit.

I got rid of libproc.a modifications but dont know where to begin
searching for Showtee information.

Can someone direct me to any links regarding Showtee?

Thanks in advance
Michel Zobel


There are two reasons for asking this. The first is that you have saved
the offending system's drives, and want to find out exactly what
happened after you rebuilt the system in a more secure way. In that
case, I am afraid I won't be much help, as I don't know that much about
rootkits.

The second case is that you seem to believe you can clean the box. That
is not the case. Wipe and rebuild, (more) securely this time.

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: