[CentOS] I've been hacked -- what should I do next?

Fri Dec 1 14:20:40 UTC 2006
hkclark at gmail.com <hkclark at gmail.com>

On 12/1/06, Ralph Angenendt <ra+centos at br-online.de> wrote:
> I'd opt for reinstallation also, as you normall never can really find
> out *what* has been changed, if there is/was an active rootkit on that
> machine.
> for package in $(rpm -qa); do echo -e "${package}"; rpm -V "${package}"; done

When I run this I get an error message similar to the following for a
bunch of the files:

prelink: /lib/tls/i486/libdb-4.2.so: at least one of file's
dependencies has changed since prelinking

I deleted /etc/prelink.cache and manually reran
/etc/cron.daily/prelink but I still get the same thing.  Anyone have
any ideas?  I'm pretty I didn't get this problem with rpm -V in the
past.  Also, this is a Centos4 box yummed up to the latest stuff.