I ran chkrootkit, scan came beck infected.

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

I ran chkrootkit, scan came beck infected.

Postby farnorthcharlie on Fri Dec 20, 2013 11:35 pm

I am totaly newbe. Plz teach me how to remove this.
I am on an Acer 32 bit OS is Mint 15 mate
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/debug/.build-id /usr/lib/jvm/.java-1.7.0-openjdk-i386.jinfo /usr/lib/pymodules/python2.7/.path
/usr/lib/debug/.build-id
Warning: /sbin/init INFECTED
eth0: PACKET SNIFFER(/sbin/dhclient[2720])
user cc deleted or never logged from lastlog!
I have ran clamtk but it did'nt find this.
farnorthcharlie
Level 1
Level 1
 
Posts: 1
Joined: Fri Dec 20, 2013 11:21 pm

Linux Mint is funded by ads and donations.
 

Re: I ran chkrootkit, scan came beck infected.

Postby eanfrid on Sat Dec 21, 2013 5:08 am

If you are a newbie, do not use chkrootkit because it issues too often non-sensical false positives. clamav/clamtk main purpose is to check for Windows virusses and various Internet scams and traps.
No, Linux is not a Windows clone for free - Before asking any question here...
"Never attribute to malice that which is adequately explained by stupidity." (Hanlon's razor)

Debian GNU/Linux Wheezy 64bit w/custom 3.12 kernel - MATE 1.8
User avatar
eanfrid
Level 6
Level 6
 
Posts: 1211
Joined: Mon Apr 30, 2012 2:49 am
Location: France

Re: I ran chkrootkit, scan came beck infected.

Postby chilliechompar on Mon Jan 06, 2014 5:17 pm

you only ghet viruse by downloading pirated software usually **** whilst linux isnt 100% virus free i suggest you bear this in mind or face the possibility of a infected machine :lol:
chilliechompar
Level 1
Level 1
 
Posts: 15
Joined: Sun Jan 05, 2014 5:35 pm

Re: I ran chkrootkit, scan came beck infected.

Postby Orbmiser on Mon Jan 06, 2014 6:34 pm

eanfrid wrote:If you are a newbie, do not use chkrootkit because it issues too often non-sensical false positives. clamav/clamtk main purpose is to check for Windows virusses and various Internet scams and traps.


Agree way to many have unfounded fears and little in understanding using these tools. Which makes for more trouble then they are worth. I do not run any antivirus on my desktop. As not running any servers or on a network with window machines. And only then for windows users benefit of not helping in propagating windows viruses. Which in linux is a non-issue. And no real world linux threats at the present time find a need for antivirus protection. As that is a Windows thing. May change down the road where specific anti-virus protection is needed. But presently the in place protections of linux being more secured and locked down by default makes for a worry free experience for me. As worked computer field tech for 20+ years and half my income was generated by uneducated window users.


chilliechompar wrote:you only ghet viruse by downloading pirated software usually **** whilst linux isnt 100% virus free i suggest you bear this in mind or face the possibility of a infected machine :lol:


Untrue the majority of infections for Windows machines usually comes from emails and unsafe browsing habits or compromised web sites. Such as phishing sites that trick people into downloading infected programs. Or a payload delivery system (Web site,another machine,etc) or a already infected compromised system out there looking for unsecured machines to deliver their payloads to.

Pirate programs do make a significant contribution to infected machines. But wouldn't go so far as a "Only pirated software" thing.
As there is a multitude of Attack vectors out there for delivering a virius,trojan,malware,etc...
.
User avatar
Orbmiser
Level 7
Level 7
 
Posts: 1513
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon

Re: I ran chkrootkit, scan came beck infected.

Postby Habitual on Mon Jan 06, 2014 6:54 pm

Release Date: Thu Jul 30 2009

use rkhunter
My DorkBlog
Cirrhus9.com - Managed HA VDSs and Scalable grid solutions.
User avatar
Habitual
Level 7
Level 7
 
Posts: 1927
Joined: Sun Nov 21, 2010 8:31 pm
Location: Under the hood

Re: I ran chkrootkit, scan came beck infected.

Postby eanfrid on Tue Jan 07, 2014 4:58 am

Agreed. rkhunter is a very good tool but will only be good for you if you take time to configure it. Out-of-the-box, rkhunter checks with defaults are generic and then rather superficial.
No, Linux is not a Windows clone for free - Before asking any question here...
"Never attribute to malice that which is adequately explained by stupidity." (Hanlon's razor)

Debian GNU/Linux Wheezy 64bit w/custom 3.12 kernel - MATE 1.8
User avatar
eanfrid
Level 6
Level 6
 
Posts: 1211
Joined: Mon Apr 30, 2012 2:49 am
Location: France

Re: I ran chkrootkit, scan came beck infected.

Postby powerhouse on Tue Jan 07, 2014 9:31 am

If you are new to Linux, forget about anti-virus or root-kit scanners. The danger of malware infection is much much smaller than with Windows, for a variety of reasons. chkrootkit and the like are professional tools that are deployed on servers to identify malware. If you don't run servers, you probably won't ever need it.

The greatest danger for newcomers is "bad" advice, with "bad" meaning either incorrect or malicious. Be very cautious of scripts or commands published on the net that help "solve" whatever problem, especially when running the command/script with "sudo" (root) permission. If you see for example sudo rm -r ..., be wary! If you are not familiar with a command, check it first! For example:
Code: Select all
rm --help

will give you a short explanation on what this command does and the syntax on how the command is used. The -r option makes the command recursive, going into all subdirectories. With little effort one can create a command that wipes your whole disk clean. Other powerful commands are "dd" or "fdisk". There are plenty more.
When taking advise, make sure it comes from a respectable source. Crosscheck if in doubt. This is of course also true for Windows users.

With Linux, the malware dangers you are exposed to depend largely on the following factors:
1. Is your PC behind a router? Most notebook users will have to answer no. Likewise, your desktop PC should be connected to a router, if not, get one!
2. How many people have access to the PC?
3. Are you installing software only via the official repositories?
4. Have you disabled remote desktop?
5. Have you disabled remote root access (for example via ssh)?

You can check which ports are accessible from the outside by running an online port scanner: https://pentest-tools.com/discovery-probing/tcp-port-scanner-online-nmap.

If you see that ports are open (not "filtered"), or if you are using a notebook, you may want to use the firewall - see https://help.ubuntu.com/community/UFW

A comprehensive network configuration guide (perhaps a bit too much for a newcomer) can be found here: http://community.linuxmint.com/tutorial/view/814
This is for information only, if you want to dig into it a little deeper.

Unlike with Microsoft Windows where you never know how and where it can hit you (it's closed source so everything remains a guess), Linux vulnerabilities are usually well known. In most cases they are either based on network attacks, by getting users to run dangerous scripts or applications with root (sudo) privileges, or by gaining root access (for example remote access via ssh or remote desktop). In Linux it takes little effort to prevent malware or unauthorized access, and all the tools are already in place.

Here is a take on Linux malware: http://www.linuxinsider.com/story/78748.html and http://www.zdnet.com/linux-desktop-trojan-hand-of-thief-steals-in-7000019175/.
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 576
Joined: Thu May 03, 2012 3:54 am

Linux Mint is funded by ads and donations.
 

Return to Other topics

Who is online

Users browsing this forum: No registered users and 8 guests