My User ID wiped out???
 

I currently use Slackware 10.1 running Kernel 2.6.10...

Well last night I ran slapt-get to upgrade various packages... Using the --dist-upgrade option... It upgraded a few things, cant remembet exactly what... But these are the recent security advisories on the slack site, that slapt-get probably would have downloaded and installed:


2005-07-22 - [slackware-security] gxine format string vulnerability (SSA:2005-203-04)
2005-07-22 - [slackware-security] fetchmail (SSA:2005-203-05)
2005-07-22 - [slackware-security] zlib (SSA:2005-203-03)
2005-07-22 - [slackware-security] Mozilla/Firefox (SSA:2005-203-01)
2005-07-22 - [slackware-security] kdenetwork (SSA:2005-203-02)
2005-07-20 - [slackware-security] emacs movemail POP utility (SSA:2005-201-02)
2005-07-20 - [slackware-security] dnsmasq (SSA:2005-201-01)
2005-07-14 - [slackware-security] tcpdump DoS (SSA:2005-195-10)
2005-07-14 - [slackware-security] XV (SSA:2005-195-02)

Well it went thru that, installed them all with no errors, I logged off root (I was using su, not actually logged in as root), and the machine worked fine all last night... And when I went to bed I shut off the monitor like I always do, leaving the PC running as my normal account... I wake up this morning and use it as normal (browsing the web, checking forums and such) and it seemed fine... Until I went to hit play on my XMMS (which was loaded all night as well), the sound file played for a few seconds and stopped, and an error message came up saying something about arts... And this is where it all began... I logged out of my user ID and when I went to log back in, it wouldnt accept my password... Which I thought was weird...

So I logged in as root, checked the passwd and shadow files, somehow there were 3 files for both, 'shadow' (didnt have my user ID listed), 'shadow-'. & 'shadow.orig' (had my user ID listed), and for passwd there was 'passwd' (which didnt have my user id in it), 'passwd.bak', & 'passwd.orig' (had my user ID in it)... So I figured I would just rename the ones contaning my name to the original file names, passwd and shadow respectively... And rebooted... Well that didnt work I still couldnt log in... So I tried a few different things, manually changing my password from root, adding a new user, removing my old name and keeping my home dir, and then recreating the name... And now I can log into my old name, but on the command line my name shows up as 'I have no name!@home#~", and I get error messages saying something about "cannot find user name for ID 500" when I get into KDE (its 3.4.x)...

Root logs in fine, only now I dont have any internet at all on any name, and when this first started it did work...

I ran f-prot, didnt find anything... I also (before my internet went down) downloaded and ran chkrootkit... And it didnt find anything...

Oh I also checked the logs and found some weird entry in /var/log/messages there saying:

Who is 'somebody'? He isnt listed under passwd or shadow either...

So in short, did someone root my PC? Or did some program installed with slapt-get screw up my accounts? And is it fixable, or even worth fixing? :scratch:

Thanks in advance...

eddited