Hacktopia

Here we see that we have a back slash created by mistake.

user:/var/www/core# ls -l
total 56
-rw-r–r– 1 root     root      213 2009-06-01 07:14 \
-rw-r–r– 1 user user 378 2009-05-21 09:14 ads.php

We try to delete it but it is not possible because the back slash is a special charter.

user:/var/www/core# rm \
>

So we have to go and list out the inode numbers.  Those are the inode numbers in the first collum.

user:/var/www/core# ls -li
total 56
458132 -rw-r–r– 1 root     root      213 2009-06-01 07:14 \
457759 -rw-r–r– 1 user user 378 2009-05-21 09:14 ads.php

So now we use find to delete the inode number which in turn deletes the file.

user:/var/www/core# find . -inum 458132 -exec rm -i {} \;
rm: remove regular file `./\\’? y
user:/var/www/core# ls -l
total 52
-rw-r–r– 1 user user 378 2009-05-21 09:14 ads.php

In order to start up snmp on solaris then you need to configure

/etc/snmp/conf/snmpd.conf

and start it up using smf

svcadm enable /application/management/sma

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

I found that handy little web site.  If all the timages do not load then you are infeced with the Conficker virusm.  The best course of action to take if you are infected with the conficker virus is to ask a friend to downlaod the software needed to clean the vrius off your compter.  You need to clean your computer this way because conficker will not allow you to visit any of the sites necessary to eliminate it.