# Fixing "ls" command



## Spectator (Jan 7, 2011)

Hello,

I don't know much about linux. I am working on a machine with FreeBSD 7.2-RELEASE-p8 installed on it. The problem I am facing is that, my box was compromised and the hacker tried to install a rootkit called shv5 (I found out using rkhunter).

I have follow the steps mentioned here for removing the rootkit:
http://www.kentoyer.com/2009/12/21/removing-the-shv5-rootkit/

I have removed the file */bin/ls* but I don't know how to fix it back. Now "ls" command doesn't work. I need help with fixing it.

Thank you.


----------



## vand777 (Jan 7, 2011)

If your machine has been compromised, the only safe option is to rebuild it completely. From now you cannot trust anything, you might have more rootkits installed on your server and you just do not know about them.


----------



## SirDice (Jan 7, 2011)

Spectator said:
			
		

> I don't know much about linux.


That's good because you're not using Linux!


Standard procedure after getting your box hacked is to backup all your data, do a wipe and clean install of the entire system. Do NOT trust anything on that box.


----------



## Spectator (Jan 7, 2011)

Thank you very much for your replies and suggestions. I appreciate your valuable suggestions but could anyone please guide me how to solve out the ls command problem only?

Thank you.


----------



## SirDice (Jan 7, 2011)

This will probably fix it, but you do need the OS sources.


```
cd /usr/src/bin/ls
make install
```


----------



## UNIXgod (Jan 7, 2011)

misc/gnuls will give you gnu ls. if you just need a temp ls.

~


----------



## Spectator (Jan 7, 2011)

SirDice said:
			
		

> This will probably fix it, but you do need the OS sources.
> 
> 
> ```
> ...



Great. Thank you very much sir, it solved my problem.


----------

