如何删除SHV4 / SHV5 rootkit？

Question

我已经看到我的系统有两种rootkits: SHV4 / SHV5。(我要在这里添加一个日志)我试图删除它，但我做不到。

有人能推荐我怎么做吗？

[ Rootkit Hunter version 1.3.8 ]
Checking system commands...
/usr/bin/md5sum                                          [ Warning ]
/usr/bin/pstree                                          [ Warning ]
/usr/bin/top                                             [ Warning ]
/usr/bin/unhide.rb                                       [ Warning ]
/sbin/ifconfig                                           [ Warning ]
/bin/ls                                                  [ Warning ]
/bin/ps                                                  [ Warning ]
/bin/netstat                                             [ Warning ]

Checking for rootkits...

cb Rootkit                                               [ Warning ]
SHV4 Rootkit                                             [ Warning ]
SHV5 Rootkit                                             [ Warning ]
Checking for possible rootkit strings                    [ Warning ]

Checking the local host...

Checking for root equivalent (UID 0) accounts            [ Warning ]
Checking for passwd file changes                         [ Warning ]
Checking for group file changes                          [ Warning ]
Checking if SSH root access is allowed                   [ Warning ]
Checking for running syslog daemon                       [ Warning ]

Checking the local host...

Checking for root equivalent (UID 0) accounts            [ Warning ]
Checking for passwd file changes                         [ Warning ]
Checking for group file changes                          [ Warning ]
Checking if SSH root access is allowed                   [ Warning ]
Checking for running syslog daemon                       [ Warning ]

您需要其他类型的日志文件吗？

提前感谢

Answer 1

你的系统现在被破坏了。将其从轨道上核武器化，并从可信状态(备份)恢复。

如果您的系统被破坏，除了恢复最后一个已知的好备份和修补攻击者最初利用该漏洞进入您系统的漏洞之外，没有安全的方法来删除rootkit。