 | View Full Version : Redhat question BootsSiR 03-14-2004, 01:36 PM /bin/ls: unrecognized prefix: do /bin/ls: unparsable value for LS_COLORS environment variable I get this everytime I do an ls The directory still lists, but that preceeds it. Any idea what causes this? It just started the other day :confused: Steven 03-14-2004, 01:45 PM You are infected with the t0rn rootkit. I suggest hiring someone good with security that knows how to remove it or get a os reinstall. The os reinstall would be better BootsSiR 03-14-2004, 01:59 PM ewwwww really? Anywhere I can find info on this? Steven 03-14-2004, 02:04 PM http://www.webhostingtalk.com/showthread.php?s=&threadid=247248 http://www.webhostingtalk.com/showthread.php?s=&threadid=247298 but be warned if you dont know what you are doing you might not get it all BootsSiR 03-14-2004, 02:35 PM thanks for the info :) BootsSiR 03-14-2004, 03:35 PM Checking `login'... INFECTED Checking `pstree'... INFECTED chkrootkit seems to come up clean except for these two files I've followed the instructions in the other posts and removed all the crap. Any suggestions? BootsSiR 03-14-2004, 03:59 PM as well, my syslog seems to be giving me grief syslogd dead but pid file exists klogd (pid 7839 6202 5986 3845 3145) is running... BootsSiR 03-14-2004, 04:18 PM I can have my OS reloaded... what can I do to prevent this from happening again?? BootsSiR 03-14-2004, 05:03 PM one last question while I'm at it ;) Is it safe to say that users home directories are safe to backup and restore when my os reload is complete? I don't want to carry over any of this crap! |