Re: Fedora 15 INFECTED [Suckit rootkit & Trojan] Help Please!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2011/6/9 Michael Schwendt <mschwendt@xxxxxxxxx>
On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote:

> This only leave 3 doubts... What about the Trojan mentioned
> in line 111 of chkrootkit's output?

Run this:

Â/usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib

It if isn't silent, it believes something is wrong with the link count of
the directories and it concludes that there could be hidden directories.
This may be because you're using "btrfs" instead of ext4. Could be a bug
in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno.
Somebody might want to investigate it.

> and the "deletions" mentioned
> on line 117, what does that mean?

It's the result of running

Â/usr/lib64/chkrootkit-0.49/chkwtmp

and it may be necessary to examine whether the chkwtmp tool still does
what it's supposed to do (check for deletions). Perhaps it's just broken
on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in
the past, their C code isn't pretty, and not all bug-fixes have been
applied in upstream chkrootkit yet either.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

@Michael: Thanks for all the info and the tips, I'm moreÂ
paceful now...

Did some performance Tweaks in the machine and Everything
works just fine, discovered that the issue with the VM was fault
of Virtualbox 4.0.8 and had to downgrade to 4.0.6, Now I can work
as fast as always... (I reported the issue in Vbox Forums)

is good to have a community to talk to.

Thanks to everyone!!

Have a nice day.

--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick@xxxxxxxxxxxxxx
@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664Â 3E22 88C8 DFC9 4D7C 1B35

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux