[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: Virus in linux????????
Hi nick, thanks for the reply,
i did check up /etc/passwd and the shell for root is /bin/bash.
----- Original Message -----
From: "Nick Hill" <nikhilwiz@xxxxxxxxx>
Sent: Monday, January 15, 2001 6:32 PM
Subject: Re: [LIP] Virus in linux????????
> On Sat, Jan 13, 2001 at 01:23:42PM +0530, Rahul Jindal wrote:
> > IF THE PASSWORD IS THE SAME AS THE ADMIN HAD SET IT - THE SCREEN
> > SIMPLY CLEAR, WITHOUT GIVING ANY MESSAGE.
> u're shell is fscked, or someone put /bin/nologin as r00t's shell. check
> up /etc/passwd.
> > 2. IF WE TRY TO RESTART THE COMPUTER BY DOING THE FOLLOWING
> > A) PRESS CTRL-ALT-DELETE
> > B) reboot
> > C) SHUTDOWN -H 0
> > THE FOLLOWING MESSAGE APPEARS
> > "You don't exist anyway. Go away".
> this is a standard message for nonexistant users. maybe someone messed
> around with u're /etc/passwd, and got to delete r00t. since shutdown and
> co. run with r00t privileges, when there's a setuid to r00t, the process
> cannot get its owner's pid/gid, as there's nowhere to look; /etc/passwd
> being the standard place to look, now not withstanding.
> > What is this going on?
> aw... this is not a virus. someone just screwed u're system in a major
> way, when practicing commands. maybe someone just scrapped u're shell.
> maybe its overtime to keep in mind that Operating As R00T Is Evil (tm).
> atleast u dont get to change stuff u're not ought to.
> An alpha version of a web based tool to manage
> your subscription with this mailing list is at