Locked Out!

Link to this post 24 Apr 12

AHarris's last comment was not far off the mark. If you think you may have been infected with a virus, what I do for my consulting clients in such a case is extract the drive from their system, plug it into a dock on my Linux system, and scan it with 3 different A/V scanners (there a a bunch for Linux systems that will catch Linux and Windows virus-infected files and discs). If it is a Linux system drive, then after scanning/cleaning it, I set the root password to an empty string (no password), put it back in their system with it set to boot into single user mode (no graphics), boot up, login to root, reset the root password and any affected user accounts (or all of them if necessary), and set all user accounts to require changing their password on next login.

Yes, this is a major PITA, but the alternatives are much less appealing! I have also done all this by booting into a live/recovery CD/DVD/USB drive, installing the A/V programs temporarily in the recovery systems (along with updating virus signature files), mounting and scanning the system partitions / discs as necessary, and doing the other cruft (single-user mode, no GUI, reset passwords, etc). I only do that if I can't get the system drive to my workstation/server, like when I need to do an onsite call, though then I take my laptop and docking bay with all my tools installed. Much cleaner!

Link to this post 24 Apr 12

Anyone have any thoughts on finding out exactly what happened with regard to losing all logins in the first place?


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Linux Training / Board