It sounds to me like you've been rooted, and somebody installed a trojan. I'd do a full hunt for signs of a rootkit. When in doubt (especially if there are ony a few people on your system), I'd just load a new OS and migrate the user data over to it.
Now you've got me worried. What would signs of a rootkit be? I thought reinstalling shadow had put everything right, but there are still hiccups. For example, although I can now su again --that is, it now recognises the password-- if I give the wrong password I still get just 'sorry'. Lilo failed to load again and I have had to reinstall it. And I get a very strange message in my user .xsession-errors file. It says:
'stderr is not a tty - where are you?'
Do I assume the worst?
For what it's worth, GRC reports most ports as stealthed and 113 IDENT and 5000 UPnP as closed.
TIA,
Andrew
- To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs
