cannot remove netstat
 

Hi,
recently a hacker has attacked my server and changed some files on my server , one of them is my netstat , I want to delete it , but I really wonder why I get permission denied error ! here is the attributes of this file :

[root@rome bin]# lsattr netstat
------------- netstat

[root@rome bin]# ls -l netstat
-rwxrwxrwx 1 root root 30640 Jul 15 2003 netstat

[root@rome bin]# rm -f netstat
rm: cannot remove `netstat': Permission denied

can anyone help me about this ?
Regards

Please read this carefully.
 

If you are certain that a cracker (the word "hacker" is misused in this context) has changed some files on your disk, then you don't really know how much he's changed. If he's skillful, he's designed his breakin so that you'll hope you can fix just the programs that seem wrong, but he's also designed his breakin to modify programs that you might not consider. Programs like these:

• ls
• lsattr
• rm
• cp
• cat

If your system's behavior is of any interest to you (and it had better be if that system is connected to the Internet, because there's a good chance the system has become a spambot, which makes the rest of us want to breathe down your neck), you'll boot an emergency CD, back up your user data, and reinstall from scratch.

This is very important.

the strange thing is that I rebooted my box with a rescue cd and tried to delete this file there too. but I was getting the same error.

Quoth SPEEDEX:
Not strange at all. They've not only replaced some of your programs (which the rescue CD will circumvent), but also messed up your data (which the rescue CD will not circumvent).

Time to back up your data (if you can) and completely reinstall Linux, after formatting your partitions. All of them.