Reputation: 1390
Remove linux files. -rwsrwsrwt (probably rootkit)
I need to remove some linux file - may this file is virus or some rootkit.
I understand linux in general.
I already tried rm -Rf and some other linux general command. - but I get 'operation not permited
I can not delete the file when I actulay login to the OS and when I use live ubuntu and mount the /etc/ folder.
Ubuntu has auto mount and I CAN edit any other files - except this one.
The linux permission is unknown for google.
Please your help.
Upvotes: 1
Views: 3065
Answers (1)
Reputation: 42925
That most likely has nothing to do with the file, but with the permissions you mounted the file system with. Typically live systems mount external file systems with read-only permissions, you have to manually re-mount it. The path suggests that this file is part of a partition used as a systems root partition (/) in another system which most likely you want to clean.
Consult the man pages for details about mounting.
BTW: such file permissions may well exist in a "normal" system setup, that depends on the security level chosen. I do not know this file mentioned here. I assume you now what it is for? At least you should be able to ask your software management system what package it belongs to? If it does not belong to any registered package, then indeed you should be concerned about it.
If really that file shall re deleted and you do have mounted the file system with correct (write) permissions, then there is always a "last resort" for such cases:
sudo chattr -i /<path>/sfewfesfs*
sudo rm -rf /<path>/sfewfesfs*
That should do the trick... However a general warning: If you really have a file in that file system that does not belong there according to your software management, then deleting a single file might well not be sufficient to remove a potential thread. If you come to the conclusion that this system has indeed been hacked or targted by a root kit, then you cannot trust it any more, since obviously the attacker had full administrative rights over the system. You just have to wipe and completely setup the system again from scratch. There is no alternative to that if you came to that conclusion.
Upvotes: 2
Related Questions
- Linux find and remove
- Windows is hacked - All file's extension have changed
- (deleted) file creating issue on Linux
- How to remove file with invalid name (Ubuntu)?
- how can i find suspicious files in linux
- Delete file from Unix system
- How do I remove a file in my root directory?
- Cannot delete Linux made files in Windows 7
- How remove files with confirmation in Ubuntu 12.04
- why can't delete the file?