Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [linux-security] Re: Linux virus
From: flackman () PHC LIB UMN EDU (Flack Man)
Date: Tue, 4 Feb 1997 14:45:13 -0600


        Of course, having the binary for the virus makes things much
easier.  Try bliss --uninfect-files-please (or something very close to it,
been many months since I've looked at it).  You'll find all your binaries
intact.  Realize this isn't a real virus (yet).


-FM

On Tue, 4 Feb 1997, Aleph One wrote:

On Fri, 31 Jan 1997, Peter wrote:
                        -       [CHOP!!]        -

Disinfection of the test machine was pretty simple, because of the log of
infected files is available. Simply a case of 'cat'ing new copies of the
binaries into the infected ones, and then adding back any set[ug]id bits that
have been lost.

If you do get infected, remember
0) do not log any more sessions in.
1) disconnect the network card
2) kill all non-essential processes (killall5 if it's still OK)
3) replace all the binaries in /tmp/.bliss

You could probably script the last one, but it's probably a bit dangerous to
do so.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]