On Tue, 11 May 2004 20:16:14 -0500, Shashank Khanvilkar wrote:


> I have a redHat 9 system that I had been using for the past few years.
> Yesterday, one of our system adnins filtered my machine saying that it
> is infected by a mass mailing worm that is sending spam.

Your machine has probably been broken into by a human or a worm, or you
have executed a trojan.

As a result you can no longer trust any of the files on the system to be
unmodified. Tools like ps and top may be fixed not to show the spammers
processes.

If you want to poke around and try to find out what has happened you'll
need to boot from something like a rescue CD/floppy or knoppix to be sure
you're running tools that are not tampered with.

> Has anyone ever faced such a problem and what steps did they take to
> eliminate it.

Plenty of people probably.

Erase and reinstall. Since even if your investigation turns out a rootkit
you can never be certain that there isn't one more modified program there
that will let the spammer right back in.

--
NPV

"the large print giveth, and the small print taketh away"
Tom Waits - Step right up