[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIP] Virus in linux????????

To: linux-india-general@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LIP] Virus in linux????????
From: Sreeji K Das <bksys@xxxxxxxx>
Date: Sat, 13 Jan 2001 14:36:30 +0530 (IST)
Cc: Sandeep Rikhi <srikhi@xxxxxxxxx>, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
In-reply-to: <003001c07d35$f6ba0a20$eaf60b3d@rahul>
Reply-to: sreeji_k@xxxxxxxxx

On Sat, 13 Jan 2001, Rahul Jindal wrote:

> 
> Hello all,
> something really strange happened today, strong enough to shake me, so don't
> mind the crooked language below.
> 
> we have linux 6.2 installed on the computers in our lab. the admin logged
> onto a computer 8:30 in the morning and left the login in the root user a/c.
> after sometime we discovered that the system won't just let us perform the
> admin tasks. we could still login with other a/c names and work on the
> computer as normally as ever. we even started the X. only the admin
> functions wouldn't work.
> 
> if we try su, it says the user root does not exist. the files such as
> /etc/shadow and /etc/password /etc/issue are apparently as always.
> 
> THE MOST STRANGE PART IS THIS:
> 
> 1. IF WE TRY TO LOGIN AS ROOT THE FOLLOWING HAPPEN
> 
>     IF THE PASSWORD IS THE SAME AS THE ADMIN HAD SET IT - THE SCREEN WOULD
> SIMPLY CLEAR, WITHOUT GIVING ANY MESSAGE.
>     IF WE ENTER A WRONG PASSWORD, THE EXPECTED login incorrect APPEARS.
> 
>     apparently the "virus" scans for the actual password.
> 
> 2. IF WE TRY TO RESTART THE COMPUTER BY DOING THE FOLLOWING
>         A) PRESS CTRL-ALT-DELETE
>         B) reboot
>         C) SHUTDOWN -H 0
> THE FOLLOWING MESSAGE APPEARS
> 
> "You don't exist anyway. Go away".
> 
> What is this going on?
> The whole system has gone read-only. I call it a "virus" because there was
> no person who cud do this, those who were are the beginners in linux
> practising commands such as ls.
> 
> Any clue or remedy is desparately awaited.
> 

Don't worry, there is no virus in your system. Most likely some of the
libraries have corrupted or got deleted. That's one occassion when you get
the message "You don't exist anyway. Go away".
appears. I've seen this many times while I was preparing a Linux bootable
menu-driven installation floppy & finally tracked down to some missing
libraries. I basically used 'strace' for this. Another reason is that your
rc files are tampered. 

When you restart the system, what is happening ? Are you getting any error
messages ?

* Are you able to login as non-root & work properly ?
* What exactly is the error message (if any) that u get while booting the
  system ?
* Read-Only ?? Does this happen everytime you restart ? In which case you
can remount as mount /dev/hda? / -o remount,rw

Sreeji

References:
- Virus in linux????????
  - From: Rahul Jindal

Prev by Subject: Re: [LIP] Permissions. Warning !!!
Next by Subject: [OT] Re: REQUIRE EXPERT LINUX SUPPORTERS AT MUMBAI-THANE-PUNE (fwd)
Previous by thread: Re: [LIH] Virus in linux????????
Next by thread: Make
Index(es):
- Subject
- Thread