Full Disclosure mailing list archives
Re: searching for Showtee docu
From: Joachim Schipper <j.schipper () math uu nl>
Date: Sun, 20 Nov 2005 12:20:15 +0100
On Sun, Nov 20, 2005 at 03:19:49AM +0100, Herr Zobel wrote:
Hello, im searching for more information about Showtee rootkit. I have a system commpromised by some LKM and Showtee rootkit according to chkrootkit. I got rid of libproc.a modifications but dont know where to begin searching for Showtee information. Can someone direct me to any links regarding Showtee? Thanks in advance Michel Zobel
There are two reasons for asking this. The first is that you have saved the offending system's drives, and want to find out exactly what happened after you rebuilt the system in a more secure way. In that case, I am afraid I won't be much help, as I don't know that much about rootkits. The second case is that you seem to believe you can clean the box. That is not the case. Wipe and rebuild, (more) securely this time. Joachim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- searching for Showtee docu Herr Zobel (Nov 19)
- Re: searching for Showtee docu Joachim Schipper (Nov 20)