I believe I have a stubborn virus on my system. As root, I find I cannot remove some old files from the system. I get permmision denied error message. Actually its file locked up in .mozilla folder, which will cause the system to crush if the user runs Internet. I can't the delete the problem file either. Here is what I get:

maths:/b/btatira # ls -l /b/btatira/.mozilla/direct/988aw6ks.slt/Cache.Trash/Trash/Cache/_CACHE_001_
/bin/ls: /b/btatira/.mozilla/direct/988aw6ks.slt/Cache.Trash/Trash/Cache/_CACHE_001_: Permission denied

maths:/b/btatira # rm -f /b/btatira/.mozilla/direct/988aw6ks.slt/Cache.Trash/Trash/Cache/_CACHE_001_
rm: cannot remove `/b/btatira/.mozilla/direct/988aw6ks.slt/Cache.Trash/Trash/Cache/_CACHE_001_': Permission denied

'maths' is the host name and 'btatira' was my user account that I deleted except for the file above. '/b' is the second hard-drive where user btatira is located.

My question is how could that be, when I know root can do everything. This us a virus of some sort, shouldn't I think so.

Try opening your trash folder and looking in the info directtory. I had this happen once. The file had created an info file that wasn't getting deleted.

Linux systems will let you delete files if they are in memory or not (unlike Windows). There's a few ways to prevent root from deleting a file. One of which is with the immutable or read only flags. Check the files with:
lsattr filename

This will tell you what files are tagged and with what options. You can remove/add options with -/+. For example, chattr -i filename will remove the immutable flag. The other issue can be using another permission system like SELinux (which comes by default with Red Hat Enterprise Linux). I doubt these are the issues though. Here's what you could try. First backup the .mozilla directory in your home directory.

cp -Rf ~/.mozilla ~/.mozilla_backup

Then delete the mozilla directory.

rm -Rf ~/.mozilla

Then start firefox. It will create a new .mozilla directory. You can reimport the bookmarks by going into .mozilla_backup/firefox and looking for a profile (these use random names). Search through it and find bookmarks.html and overwrite the new profile. This is just a guess though try it out. If you have problems you can always just move back the old folder.

The only cases I know where rm will fail are:

• Trying to delete a file from a filesystem which is mounted readonly. This may be because the filesystem type does not support writing (e.g. iso9660), because the fileysystem has been explicitly mounted readonly, or the OS was automatically remounted the filesystem readonly because errors were detected.
• Corrupted directory entries
• Permissions (check the owner and permissions of the parent directory)

Eliminate these before virus checking, although a virus check won't hurt, but you'll probably be wasting your time.

To check the filesystem, do this command:

The last column will show mount flag. If you see "ro" as one of the items in the comma separated list in brackets , it's mounted read-only ("ro" on it's own, not "remount-ro").

You should also see the error message when you try to delete the file as "read-only filesystem".

For corrupted filesystem entries, you tend to see junk in the file attributes. So if you do ls -l [parent-directory], you'll see some files with really messed up file-permissions and size, and owner etc.

Finally, make sure the parent directory of the file you want to delete is writable, readable and executable by the user who you want to do the delete as. Of course, root can do pretty much anything to any directory regardless of permissions, so I expect it's a corrupt filesystem.

follow the usual fsck procedures. Anyone have a good link for handling corrupt filesystems on Linux?