Re: Changing binaries
- From: Steve Kemp <skx@xxxxxxxxxx>
- Date: Mon, 31 Jul 2006 22:40:01 +0100
On Mon, Jul 31, 2006 at 09:41:51PM +0100, Giles McGarry wrote:
I have a problem at the moment, strangely various binaries in the /bin
directory are changing size and becoming corrupt. When I restore the
original they work ok, and then at some time later they change size and
stop working. I've now restored all of the files (there's about a dozen)
into /bin2 which I can use when the ones in /bin get corrupt. The
original (and working file in /bin2 is as follows:
I'd strongly suggest that you consider the possability that you've
been rooted and have a virus modifying your binaries, or something
else similarly malicious.
Clearly "resetting" your corrupted binaries only to have them
be modified again isn't a workable solution.
If you have known-good backups I'd suggest archiving the system
and reinstalling.
If you have another system which is safe then I'd suggest
scanning a binary or two which has been enlarged/modified to
see if you can identify a virus of some kind. (Contrary to
popular belief Linux viruses do exist, and this would perfectly
explain the size gain and perhaps the segmentation faults.)
ClamAV should detect several viruses, failing that feel
free to bzip/compress a bad binary and place it online for
the curious to examine - cautiously.
Steve
--
Attachment:
signature.asc
Description: Digital signature
- References:
- Changing binaries
- From: Giles McGarry
- Changing binaries
- Prev by Date: Apache2 Manhattan Virtual Classroom
- Previous by thread: Re: Changing binaries
- Next by thread: Math packages for the testing branch
- Index(es):
Relevant Pages
|
