It's an LD_PRELOAD so it's likely either:
1. a environmental variable for the user, in which case you just need to clear their rc files.
2. In /etc for all users. In which case you'll just have to remove the file. To get around hiding you can use debugfs point to block device (/dev/sda1?). Navigate to find the offending file and mv it.
As someone else points out, all statically linked binaries are immune to this technique since they don't load preloads.
Another warning is don't muck around with /etc/ld.so.preload unless you know what you're doing. It's possible to get in a state that everything you executes segfaults.
As someone else points out, all statically linked binaries are immune to this technique since they don't load preloads.
Another warning is don't muck around with /etc/ld.so.preload unless you know what you're doing. It's possible to get in a state that everything you executes segfaults.