To make a proper investigation of a machine that may have been rooted you need to boot from clean media. One option is to physically move the system disk from the hacked machine to another machine and mount it as a slave. A simpler way is to boot the machine from a "live CD". Suitable CDs include:
There are many others.| ...previous | up (conts) | next... |