Some idiot hacked my system using either the chunked-encoding bug in Apache or the OpenSSL vulnerability to gain access. He ised a rootkit called tc6. The file is called tc6b.tgz this kit will send out all your passwords used on the system hacked.
There is a hidden directory /usr/bin/util that it creates and stores all the programs. There is a file named voodoo that has all the passwords in it. Check your /etc/initab file and look for a line that contains initcheck. that is the bad boy. this kit setup sshd on whatever port they want and whatever passwd. mine was port 54321 with a passwd of oo7oo7 You may want to do a lsmod and look for libldb.so.1 and libldb.so.2 Do not rmmod these puppies as this will crash your system. symply comment out the line in your inittab file and reboot. this will allow you to remove everything and all the hiden files and diretories can be safely removed.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com