Linux Mint Forums

[dirk]

i got this 57 times in my pc today and it scared a lot

please help

[Fred]

dirk,

You haven't been running in root have you? If the answer is no then I suspect this is more bluff than anything else. You have probably picked up a malicious Java script routine in Firefox. Aggravating but not really dangerous.

Clear your FireFox catch and all the private data in options, preferences, or whatever it's called. Then close FireFox. Open it again and go to the add-ons page through the tools option and download and install the NoScript add-on.

This should solve that problem. If it doesn't post back.

Fred

[dirk]

hello fred
thx for your reply
downloaded and installed your tips and it's still in

i installed rkhunter too and this gave one warning further no probs

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]

[Press <ENTER> to continue]


Checking application versions...

Checking version of Exim MTA [ OK ]
Checking version of GnuPG [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of OpenSSH [ OK ]


System checks summary
=====================

File properties checks...
Files checked: 125
Suspect files: 0

Rootkit checks...
Rootkits checked : 110
Possible rootkits: 0

Applications checks...
Applications checked: 4
Suspect applications: 0

The system checks took: 1 minute and 7 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

[Fred]

dirk,

Are you saying you still are getting the pop-up screens? If so do you get them only when you have FireFox open or with other programs too?

Also, do you have windows or Wine installed on your computer? If you have Windows do you use any kind of Windows driver that enables you to read and write to your Linux files?

Also, type in the url window of your browser /var/log/rkhunter.log and post the results here. Let's see what is in that file.

Fred

[dirk]

fred

the pop up comes all times with or without the firefox window open, yes i use wine. and i can't get my logfiles for rkhunter

sorry

[Fred]

dirk,

Ahhh... ok, that may be the answer. Wine would be high on my list. I would suggest you remove Wine and the programs associated with it. Then reinstall Wine and the Windows programs.

Fred

[dirk]

wine removed with the sudo apt-get remove command and later with the pakkage manager the pop up comes back, even off line.
it's irritating me a lot

[Fred]

dirk,

I am sure it is aggravating. I don't know what DE you are using but look in the autostart folder. It is called different things in different DEs. See if there is something in that folder that shouldn't be. That user folder is a hidden folder in your /home directory. Search the forum for the auto start folder for your DE. example: Gnome auto start

Fred

[dirk]

DE?? what's that and where do i find this. i am not the biggest linux user, my son installed most but i can do a lot alone but not this.

i am gonna sleep now and go on later today, thx for the help

dirk

[lexon]

This is just a WAG. I went were I should have not gone to and got something I could not get rid of. It kept popping up. I would clear History and it was still there. I found out I had twelve items still in History even though I had cleared it. By default, Firefox retains twelve, 12, items in History.
Below is the fix I found.
------------------------------------------------------------------------------------------------------------------
From what I can tell it is not a real bug but a regression that's
part of a new feature RichResults. The browsing history does
not erase RichResults anymore. If you don't want RichResults
keep track of where you went, in Firefox you need to enter
about:config
and then scroll down to:
browser.urlbar.maxRichResults
and change the default. The default setting is 12 and if you
want nothing, you enter 0.
---------------------------------------------------------------------------------------------------------------
May not be anything but you might think about it.

lexons

[Fred]

Very good point lexon. I must be getting tired. That RichResults "feature" slipped my mind. I do recommend setting it to 0. That is the way I have mine set. I never use it the way it was intended anyway.

Thanks for refreshing my memory lexon.

Fred

[dirk]

ritchresults thing did't work, i did some with a SSHroot=no and the pop up stopped
thx for all the help and patience with me, if some is still wrong please LMK
i had to work till 23.00 pm (europe time) and my pc is OFF this afternoon

here the logfile from rkhunter

8:55:25] Running Rootkit Hunter version 1.3.0 on..... (my pc)
[08:55:25]
[08:55:25] Info: Start date is wo mei 6 08:55:25 CEST 2009
[08:55:25]
[08:55:25] Checking configuration file and command-line options...
[08:55:25] Info: Detected operating system is 'Linux'
[08:55:25] Info: Found O/S name: Ubuntu 8.04.2
[08:55:25] Info: Command line is /usr/bin/rkhunter -c
[08:55:25] Info: Environment shell is /bin/bash; rkhunter is using dash
[08:55:25] Info: Using configuration file '/etc/rkhunter.conf'
[08:55:25] Info: Installation directory is '/usr'
[08:55:25] Info: Using language 'en'
[08:55:25] Info: Using '/var/lib/rkhunter/db' as the database directory
[08:55:25] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[08:55:25] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin /usr/X11R6/bin /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories
[08:55:25] Info: Using '/' as the root directory
[08:55:25] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[08:55:25] Info: No mail-on-warning address configured
[08:55:26] Info: X will automatically be detected
[08:55:26] Info: Using second color set
[08:55:26] Info: Found the 'diff' command: /usr/bin/diff
[08:55:26] Info: Found the 'file' command: /usr/bin/file
[08:55:26] Info: Found the 'find' command: /usr/bin/find
[08:55:26] Info: Found the 'ifconfig' command: /sbin/ifconfig
[08:55:26] Info: Found the 'ip' command: /sbin/ip
[08:55:26] Info: Found the 'ldd' command: /usr/bin/ldd
[08:55:26] Info: Found the 'lsattr' command: /usr/bin/lsattr
[08:55:26] Info: Found the 'lsmod' command: /sbin/lsmod
[08:55:26] Info: Found the 'lsof' command: /usr/bin/lsof
[08:55:26] Info: Found the 'mktemp' command: /bin/mktemp
[08:55:26] Info: Found the 'netstat' command: /bin/netstat
[08:55:26] Info: Found the 'perl' command: /usr/bin/perl
[08:55:26] Info: Found the 'ps' command: /bin/ps
[08:55:26] Info: Found the 'pwd' command: /bin/pwd
[08:55:26] Info: Found the 'readlink' command: /bin/readlink
[08:55:26] Info: Found the 'sort' command: /usr/bin/sort
[08:55:26] Info: Found the 'stat' command: /usr/bin/stat
[08:55:26] Info: Found the 'strings' command: /usr/bin/strings
[08:55:26] Info: Found the 'uniq' command: /usr/bin/uniq
[08:55:26] Info: System is not using prelinking
[08:55:26] Info: Using the '/usr/bin/sha1sum' command for the file hash checks
[08:55:26] Info: Stored hash values used hash function '/usr/bin/sha1sum'
[08:55:26] Info: Stored hash values did not use a package manager
[08:55:26] Info: The hash function field index is set to 1
[08:55:26] Info: No package manager specified: using hash function '/usr/bin/sha1sum'
[08:55:26] Info: Previous file attributes were stored
[08:55:26] Info: Enabled tests are: all
[08:55:26] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps
[08:55:26] Info: Found ksym file '/proc/kallsyms'
[08:55:26]
[08:55:26] Checking if the O/S has changed since last time...
[08:55:26] Info: Nothing seems to have changed
[08:55:26]
[08:55:26] Starting system checks...
[08:55:26]
[08:55:26] Checking system commands...
[08:55:26] Info: Starting test name 'system_commands'
[08:55:26]
[08:55:26] Performing 'strings' command checks
[08:55:26] Info: Starting test name 'strings'
[08:55:26] Scanning for string /usr/sbin/ntpsx [ OK ]
[08:55:26] Scanning for string /usr/lib/.../ls [ OK ]
[08:55:26] Scanning for string /usr/lib/.../netstat [ OK ]
[08:55:26] Scanning for string /usr/lib/.../lsof [ OK ]
[08:55:26] Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[08:55:26] Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[08:55:26] Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[08:55:26] Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[08:55:26] Scanning for string /usr/lib/.../uconf.inv [ OK ]
[08:55:26] Scanning for string /usr/lib/.../psr [ OK ]
[08:55:26] Scanning for string /usr/lib/.../find [ OK ]
[08:55:26] Scanning for string /usr/lib/.../pstree [ OK ]
[08:55:26] Scanning for string /usr/lib/.../slocate [ OK ]
[08:55:26] Scanning for string /usr/lib/.../du [ OK ]
[08:55:26] Scanning for string /usr/lib/.../top [ OK ]
[08:55:27] Scanning for string /usr/lib/... [ OK ]
[08:55:27] Scanning for string /usr/lib/.../bkit-ssh [ OK ]
[08:55:27] Scanning for string /usr/lib/.bkit- [ OK ]
[08:55:27] Scanning for string /tmp/.bkp [ OK ]
[08:55:27] Scanning for string /tmp/.cinik [ OK ]
[08:55:27] Scanning for string /tmp/.font-unix/.cinik [ OK ]
[08:55:27] Scanning for string /lib/.sso [ OK ]
[08:55:27] Scanning for string /lib/.so [ OK ]
[08:55:27] Scanning for string /var/run/...dica/clean [ OK ]
[08:55:27] Scanning for string /var/run/...dica/xl [ OK ]
[08:55:27] Scanning for string /var/run/...dica/xdr [ OK ]
[08:55:27] Scanning for string /var/run/...dica/psg [ OK ]
[08:55:27] Scanning for string /var/run/...dica/secure [ OK ]
[08:55:27] Scanning for string /var/run/...dica/rdx [ OK ]
[08:55:27] Scanning for string /var/run/...dica/va [ OK ]
[08:55:27] Scanning for string /var/run/...dica/cl.sh [ OK ]
[08:55:27] Scanning for string /usr/bin/.etc [ OK ]
[08:55:27] Scanning for string /usr/lib/.fx/sched_host.2 [ OK ]
[08:55:27] Scanning for string /usr/lib/.fx/random_d.2 [ OK ]
[08:55:27] Scanning for string /usr/lib/.fx/set_pid.2 [ OK ]
[08:55:27] Scanning for string /usr/lib/.fx/cons.saver [ OK ]
[08:55:27] Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[08:55:27] Scanning for string /bin/sysback [ OK ]
[08:55:27] Scanning for string /usr/local/bin/sysback [ OK ]
[08:55:27] Scanning for string /usr/lib/.tbd [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/t0rns [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/du [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/ls [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/t0rnsb [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/ps [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/t0rnp [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/find [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/ifconfig [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/pg [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/ssh.tgz [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/top [ OK ]
[08:55:27] Scanning for string /dev/.lib/lib/lib/sz [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/login [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/1i0n.sh [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/pstree [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/mjy [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/sush [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/tfn [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/name [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/getip.sh [ OK ]
[08:55:28] Scanning for string /usr/info/.torn/sh* [ OK ]
[08:55:28] Scanning for string /usr/src/.puta/.1addr [ OK ]
[08:55:28] Scanning for string /usr/src/.puta/.1file [ OK ]
[08:55:28] Scanning for string /usr/src/.puta/.1proc [ OK ]
[08:55:28] Scanning for string /usr/src/.puta/.1logz [ OK ]
[08:55:28] Scanning for string /usr/info/.t0rn [ OK ]
[08:55:28] Scanning for string /dev/.lib [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/lib/dev [ OK ]
[08:55:28] Scanning for string /dev/.lib/lib/scan [ OK ]
[08:55:28] Scanning for string /usr/src/.puta [ OK ]
[08:55:28] Scanning for string /usr/man/man1/man1 [ OK ]
[08:55:28] Scanning for string /usr/man/man1/man1/lib [ OK ]
[08:55:28] Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[08:55:28] Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[08:55:28]
[08:55:28] Performing 'shared libraries' checks
[08:55:28] Info: Starting test name 'shared_libs'
[08:55:28] Checking for preloading variables [ None found ]
[08:55:28] Checking for preload file [ Not found ]
[08:55:28] Info: Starting test name 'shared_libs_path'
[08:55:28] Checking LD_LIBRARY_PATH variable [ Not found ]
[08:55:28]
[08:55:28] Performing file properties checks
[08:55:28] Info: Starting test name 'properties'
[08:55:28] Checking for prerequisites [ OK ]
[08:55:29] /bin/bash [ OK ]
[08:55:29] /bin/cat [ OK ]
[08:55:29] /bin/chmod [ OK ]
[08:55:29] /bin/chown [ OK ]
[08:55:29] /bin/cp [ OK ]
[08:55:29] /bin/date [ OK ]
[08:55:29] /bin/df [ OK ]
[08:55:29] /bin/dmesg [ OK ]
[08:55:29] /bin/echo [ OK ]
[08:55:29] /bin/ed [ OK ]
[08:55:30] /bin/egrep [ OK ]
[08:55:30] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[08:55:30] /bin/fgrep [ OK ]
[08:55:30] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[08:55:30] /bin/grep [ OK ]
[08:55:30] /bin/ip [ OK ]
[08:55:30] /bin/kill [ OK ]
[08:55:30] /bin/login [ OK ]
[08:55:30] /bin/ls [ OK ]
[08:55:30] /bin/lsmod [ OK ]
[08:55:30] /bin/mktemp [ OK ]
[08:55:31] /bin/more [ OK ]
[08:55:31] /bin/mount [ OK ]
[08:55:31] /bin/mv [ OK ]
[08:55:31] /bin/netstat [ OK ]
[08:55:31] /bin/ps [ OK ]
[08:55:31] /bin/pwd [ OK ]
[08:55:31] /bin/readlink [ OK ]
[08:55:31] /bin/sed [ OK ]
[08:55:31] /bin/sh [ OK ]
[08:55:31] /bin/su [ OK ]
[08:55:32] /bin/touch [ OK ]
[08:55:32] /bin/uname [ OK ]
[08:55:32] /bin/which [ OK ]
[08:55:32] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[08:55:32] /bin/dash [ OK ]
[08:55:32] /usr/bin/awk [ OK ]
[08:55:32] /usr/bin/basename [ OK ]
[08:55:32] /usr/bin/chattr [ OK ]
[08:55:32] /usr/bin/cut [ OK ]
[08:55:32] /usr/bin/diff [ OK ]
[08:55:32] /usr/bin/dirname [ OK ]
[08:55:33] /usr/bin/dpkg [ OK ]
[08:55:33] /usr/bin/dpkg-query [ OK ]
[08:55:33] /usr/bin/du [ OK ]
[08:55:33] /usr/bin/env [ OK ]
[08:55:33] /usr/bin/file [ OK ]
[08:55:33] /usr/bin/find [ OK ]
[08:55:33] /usr/bin/GET [ OK ]
[08:55:33] /usr/bin/groups [ OK ]
[08:55:33] Info: Found file '/usr/bin/groups': it is whitelisted for the 'script replacement' check.
[08:55:33] /usr/bin/head [ OK ]
[08:55:33] /usr/bin/id [ OK ]
[08:55:34] /usr/bin/killall [ OK ]
[08:55:34] /usr/bin/last [ OK ]
[08:55:34] /usr/bin/lastlog [ OK ]
[08:55:34] /usr/bin/ldd [ OK ]
[08:55:34] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[08:55:34] /usr/bin/less [ OK ]
[08:55:34] /usr/bin/locate [ OK ]
[08:55:34] /usr/bin/logger [ OK ]
[08:55:34] /usr/bin/lsattr [ OK ]
[08:55:34] /usr/bin/lsof [ OK ]
[08:55:34] /usr/bin/lynx [ OK ]
[08:55:34] /usr/bin/md5sum [ OK ]
[08:55:35] /usr/bin/mlocate [ OK ]
[08:55:35] /usr/bin/newgrp [ OK ]
[08:55:35] /usr/bin/passwd [ OK ]
[08:55:35] /usr/bin/perl [ OK ]
[08:55:35] /usr/bin/pstree [ OK ]
[08:55:35] /usr/bin/rkhunter [ OK ]
[08:55:35] /usr/bin/runcon [ OK ]
[08:55:35] /usr/bin/sha1sum [ OK ]
[08:55:35] /usr/bin/size [ OK ]
[08:55:36] /usr/bin/slocate [ OK ]
[08:55:36] /usr/bin/sort [ OK ]
[08:55:36] /usr/bin/stat [ OK ]
[08:55:36] /usr/bin/strace [ OK ]
[08:55:36] /usr/bin/strings [ OK ]
[08:55:36] /usr/bin/sudo [ OK ]
[08:55:36] /usr/bin/tail [ OK ]
[08:55:36] /usr/bin/test [ OK ]
[08:55:36] /usr/bin/top [ OK ]
[08:55:36] /usr/bin/touch [ OK ]
[08:55:36] /usr/bin/tr [ OK ]
[08:55:36] /usr/bin/uniq [ OK ]
[08:55:37] /usr/bin/users [ OK ]
[08:55:37] /usr/bin/vmstat [ OK ]
[08:55:37] /usr/bin/w [ OK ]
[08:55:37] /usr/bin/watch [ OK ]
[08:55:37] /usr/bin/wc [ OK ]
[08:55:37] /usr/bin/wget [ OK ]
[08:55:37] /usr/bin/whatis [ OK ]
[08:55:37] /usr/bin/whereis [ OK ]
[08:55:37] /usr/bin/which [ OK ]
[08:55:37] /usr/bin/who [ OK ]
[08:55:37] /usr/bin/whoami [ OK ]
[08:55:38] /usr/bin/gawk [ OK ]
[08:55:38] /usr/bin/lwp-request [ OK ]
[08:55:38] Info: Found file '/usr/bin/lwp-request': it is whitelisted for the 'script replacement' check.
[08:55:38] /usr/bin/lynx.stable [ OK ]
[08:55:38] /usr/bin/w.procps [ OK ]
[08:55:38] /sbin/depmod [ OK ]
[08:55:38] /sbin/ifconfig [ OK ]
[08:55:38] /sbin/ifdown [ OK ]
[08:55:38] /sbin/ifup [ OK ]
[08:55:38] /sbin/init [ OK ]
[08:55:39] /sbin/insmod [ OK ]
[08:55:39] /sbin/ip [ OK ]
[08:55:39] /sbin/lsmod [ OK ]
[08:55:39] /sbin/modinfo [ OK ]
[08:55:39] /sbin/modprobe [ OK ]
[08:55:39] /sbin/rmmod [ OK ]
[08:55:39] /sbin/runlevel [ OK ]
[08:55:39] /sbin/sulogin [ OK ]
[08:55:39] /sbin/sysctl [ OK ]
[08:55:40] /sbin/syslogd [ OK ]
[08:55:40] /usr/sbin/adduser [ OK ]
[08:55:40] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[08:55:40] /usr/sbin/chroot [ OK ]
[08:55:40] /usr/sbin/cron [ OK ]
[08:55:40] /usr/sbin/groupadd [ OK ]
[08:55:40] /usr/sbin/groupdel [ OK ]
[08:55:40] /usr/sbin/groupmod [ OK ]
[08:55:40] /usr/sbin/grpck [ OK ]
[08:55:41] /usr/sbin/nologin [ OK ]
[08:55:41] /usr/sbin/pwck [ OK ]
[08:55:41] /usr/sbin/tcpd [ OK ]
[08:55:41] /usr/sbin/useradd [ OK ]
[08:55:41] /usr/sbin/userdel [ OK ]
[08:55:41] /usr/sbin/usermod [ OK ]
[08:55:41] /usr/sbin/vipw [ OK ]
[08:55:46]
[08:55:46] Checking for rootkits...
[08:55:46] Info: Starting test name 'rootkits'
[08:55:46]
[08:55:46] Performing check of known rootkit files and directories
[08:55:46] Info: Starting test name 'known_rkts'
[08:55:46]
[08:55:46] Checking for 55808 Trojan - Variant A...
[08:55:46] Checking for file '/tmp/.../r' [ Not found ]
[08:55:46] Checking for file '/tmp/.../a' [ Not found ]
[08:55:46] 55808 Trojan - Variant A [ Not found ]
[08:55:46]
[08:55:46] Checking for ADM Worm...
[08:55:46] Checking for string 'w0rm' [ Not found ]
[08:55:47] ADM Worm [ Not found ]
[08:55:47]
[08:55:47] Checking for AjaKit Rootkit...
[08:55:47] Checking for file '/dev/tux/.addr' [ Not found ]
[08:55:47] Checking for file '/dev/tux/.proc' [ Not found ]
[08:55:47] Checking for file '/dev/tux/.file' [ Not found ]
[08:55:47] Checking for file '/lib/.libgh-gh/cleaner' [ Not found ]
[08:55:47] Checking for file '/lib/.libgh-gh/Patch/patch' [ Not found ]
[08:55:47] Checking for file '/lib/.libgh-gh/sb0k' [ Not found ]
[08:55:47] Checking for directory '/dev/tux' [ Not found ]
[08:55:47] Checking for directory '/lib/.libgh-gh' [ Not found ]
[08:55:47] AjaKit Rootkit [ Not found ]
[08:55:47]
[08:55:47] Checking for aPa Kit...
[08:55:47] Checking for file '/usr/share/.aPa' [ Not found ]
[08:55:47] aPa Kit [ Not found ]
[08:55:47]
[08:55:47] Checking for Apache Worm...
[08:55:47] Checking for file '/bin/.log' [ Not found ]
[08:55:47] Apache Worm [ Not found ]
[08:55:47]
[08:55:47] Checking for Ambient (ark) Rootkit...
[08:55:47] Checking for file '/usr/lib/.ark?' [ Not found ]
[08:55:48] Checking for file '/dev/ptyxx/.log' [ Not found ]
[08:55:48] Checking for file '/dev/ptyxx/.file' [ Not found ]
[08:55:48] Checking for directory '/dev/ptyxx' [ Not found ]
[08:55:48] Ambient (ark) Rootkit [ Not found ]
[08:55:48]
[08:55:48] Checking for Balaur Rootkit...
[08:55:48] Checking for file '/usr/lib/liblog.o' [ Not found ]
[08:55:48] Checking for directory '/usr/lib/.kinetic' [ Not found ]
[08:55:48] Checking for directory '/usr/lib/.egcs' [ Not found ]
[08:55:48] Checking for directory '/usr/lib/.wormie' [ Not found ]
[08:55:48] Balaur Rootkit [ Not found ]
[08:55:48]
[08:55:48] Checking for BeastKit Rootkit...
[08:55:48] Checking for file '/usr/sbin/arobia' [ Not found ]
[08:55:48] Checking for file '/usr/sbin/idrun' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm/hk' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm/sc' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[08:55:48] Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[08:55:48] Checking for directory '/lib/ldd.so/bktools' [ Not found ]
[08:55:48] BeastKit Rootkit [ Not found ]
[08:55:48]
[08:55:48] Checking for beX2 Rootkit...
[08:55:48] Checking for directory '/usr/include/bex' [ Not found ]
[08:55:48] beX2 Rootkit [ Not found ]
[08:55:48]
[08:55:48] Checking for BOBKit Rootkit...
[08:55:48] Checking for file '/usr/sbin/ntpsx' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../ls' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../netstat' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../lsof' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../uconf.inv' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../psr' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../find' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../pstree' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../slocate' [ Not found ]
[08:55:48] Checking for file '/usr/lib/.../du' [ Not found ]
[08:55:49] Checking for file '/usr/lib/.../top' [ Not found ]
[08:55:49] Checking for directory '/usr/lib/...' [ Not found ]
[08:55:49] Checking for directory '/usr/lib/.../bkit-ssh' [ Not found ]
[08:55:49] Checking for directory '/usr/lib/.bkit-' [ Not found ]
[08:55:49] Checking for directory '/tmp/.bkp' [ Not found ]
[08:55:49] BOBKit Rootkit [ Not found ]
[08:55:49]
[08:55:49] Checking for CiNIK Worm (Slapper.B variant)...
[08:55:49] Checking for file '/tmp/.cinik' [ Not found ]
[08:55:49] Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[08:55:49] CiNIK Worm (Slapper.B variant) [ Not found ]
[08:55:49]
[08:55:49] Checking for Danny-Boy's Abuse Kit...
[08:55:49] Checking for file '/dev/mdev' [ Not found ]
[08:55:49] Checking for file '/usr/lib/libX.a' [ Not found ]
[08:55:49] Danny-Boy's Abuse Kit [ Not found ]
[08:55:49]
[08:55:49] Checking for Devil RootKit...
[08:55:49] Checking for file '/var/lib/games/.src' [ Not found ]
[08:55:49] Checking for file '/dev/dsx' [ Not found ]
[08:55:49] Checking for file '/dev/caca' [ Not found ]
[08:55:49] Devil RootKit [ Not found ]
[08:55:49]
[08:55:49] Checking for Dica-Kit Rootkit...
[08:55:49] Checking for file '/lib/.sso' [ Not found ]
[08:55:49] Checking for file '/lib/.so' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/clean' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/xl' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/xdr' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/psg' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/secure' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/rdx' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/va' [ Not found ]
[08:55:49] Checking for file '/var/run/...dica/cl.sh' [ Not found ]
[08:55:49] Checking for file '/usr/bin/.etc' [ Not found ]
[08:55:49] Checking for directory '/var/run/...dica' [ Not found ]
[08:55:49] Checking for directory '/var/run/...dica/mh' [ Not found ]
[08:55:49] Checking for directory '/var/run/...dica/scan' [ Not found ]
[08:55:49] Dica-Kit Rootkit [ Not found ]
[08:55:49]
[08:55:49] Checking for Dreams Rootkit...
[08:55:49] Checking for file '/dev/ttyoa' [ Not found ]
[08:55:49] Checking for file '/dev/ttyof' [ Not found ]
[08:55:49] Checking for file '/dev/ttyop' [ Not found ]
[08:55:50] Checking for file '/usr/bin/sense' [ Not found ]
[08:55:50] Checking for file '/usr/bin/sl2' [ Not found ]
[08:55:50] Checking for file '/usr/bin/logclear' [ Not found ]
[08:55:50] Checking for file '/usr/bin/(swapd)' [ Not found ]
[08:55:50] Checking for file '/usr/bin/snfs' [ Not found ]
[08:55:50] Checking for file '/usr/lib/libsss' [ Not found ]
[08:55:50] Checking for directory '/dev/ida/.hpd' [ Not found ]
[08:55:50] Dreams Rootkit [ Not found ]
[08:55:50]
[08:55:50] Checking for Duarawkz Rootkit...
[08:55:50] Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ]
[08:55:50] Checking for directory '/usr/bin/duarawkz' [ Not found ]
[08:55:50] Duarawkz Rootkit [ Not found ]
[08:55:50]
[08:55:50] Checking for Enye LKM...
[08:55:50] Checking for file '/etc/.enyelkmHIDE^IT.ko' [ Not found ]
[08:55:50] Enye LKM [ Not found ]
[08:55:50]
[08:55:50] Checking for Flea Linux Rootkit...
[08:55:50] Checking for file '/etc/ld.so.hash' [ Not found ]
[08:55:50] Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[08:55:50] Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[08:55:50] Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[08:55:50] Checking for file '/usr/bin/ssh2d' [ Not found ]
[08:55:50] Checking for file '/usr/lib/ldlibns.so' [ Not found ]
[08:55:50] Checking for file '/usr/lib/ldlibpst.so' [ Not found ]
[08:55:50] Checking for file '/usr/lib/ldlibdu.so' [ Not found ]
[08:55:50] Checking for file '/usr/lib/ldlibct.so' [ Not found ]
[08:55:50] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[08:55:50] Checking for directory '/dev/..0' [ Not found ]
[08:55:50] Checking for directory '/dev/..0/backup' [ Not found ]
[08:55:50] Flea Linux Rootkit [ Not found ]
[08:55:50]
[08:55:50] Checking for FreeBSD Rootkit...
[08:55:50] Checking for file '/usr/lib/.fx/sched_host.2' [ Not found ]
[08:55:50] Checking for file '/usr/lib/.fx/random_d.2' [ Not found ]
[08:55:50] Checking for file '/usr/lib/.fx/set_pid.2' [ Not found ]
[08:55:50] Checking for file '/usr/lib/.fx/cons.saver' [ Not found ]
[08:55:50] Checking for file '/usr/lib/.fx/adore/adore/adore.ko' [ Not found ]
[08:55:50] Checking for file '/bin/sysback' [ Not found ]
[08:55:50] Checking for file '/usr/local/bin/sysback' [ Not found ]
[08:55:50] Checking for directory '/usr/lib/.fx' [ Not found ]
[08:55:50] Checking for directory '/usr/lib/.fx/adore' [ Not found ]
[08:55:51] FreeBSD Rootkit [ Not found ]
[08:55:51]
[08:55:51] Checking for rainbows`it Rootkit...
[08:55:51] Checking for file '/dev/proc/rainbows/hax0r' [ Not found ]
[08:55:51] Checking for file '/dev/proc/rainbows/hax0rshell' [ Not found ]
[08:55:51] Checking for file '/dev/proc/rainbows/config/lports' [ Not found ]
[08:55:51] Checking for file '/dev/proc/rainbows/config/rports' [ Not found ]
[08:55:51] Checking for file '/dev/proc/rainbows/config/rkconf' [ Not found ]
[08:55:51] Checking for file '/dev/proc/rainbows/config/password' [ Not found ]
[08:55:51] Checking for file '/dev/proc/rainbows/config/progs' [ Not found ]
[08:55:51] Checking for file '/dev/proc/system-bins/init' [ Not found ]
[08:55:51] rainbows`it Rootkit [ Not found ]
[08:55:51]
[08:55:51] Checking for GasKit Rootkit...
[08:55:51] Checking for file '/dev/dev/gaskit/sshd/sshdd' [ Not found ]
[08:55:51] Checking for directory '/dev/dev' [ Not found ]
[08:55:51] Checking for directory '/dev/dev/gaskit' [ Not found ]
[08:55:51] Checking for directory '/dev/dev/gaskit/sshd' [ Not found ]
[08:55:51] GasKit Rootkit [ Not found ]
[08:55:51]
[08:55:51] Checking for Heroin LKM...
[08:55:51] Checking for kernel symbol 'heroin' [ Not found ]
[08:55:51] Heroin LKM [ Not found ]
[08:55:51]
[08:55:51] Checking for HjC Kit...
[08:55:51] Checking for directory '/dev/.hijackerz' [ Not found ]
[08:55:51] HjC Kit [ Not found ]
[08:55:51]
[08:55:51] Checking for ignoKit Rootkit...
[08:55:51] Checking for file '/lib/defs/p' [ Not found ]
[08:55:51] Checking for file '/lib/defs/q' [ Not found ]
[08:55:51] Checking for file '/lib/defs/r' [ Not found ]
[08:55:51] Checking for file '/lib/defs/s' [ Not found ]
[08:55:51] Checking for file '/lib/defs/t' [ Not found ]
[08:55:51] Checking for file '/usr/lib/defs/p' [ Not found ]
[08:55:51] Checking for file '/usr/lib/defs/q' [ Not found ]
[08:55:51] Checking for file '/usr/lib/defs/r' [ Not found ]
[08:55:51] Checking for file '/usr/lib/defs/s' [ Not found ]
[08:55:51] Checking for file '/usr/lib/defs/t' [ Not found ]
[08:55:51] Checking for file '/usr/lib/.libigno/pkunsec' [ Not found ]
[08:55:51] Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ]
[08:55:51] Checking for directory '/usr/lib/.libigno' [ Not found ]
[08:55:51] Checking for directory '/usr/lib/.libigno/.igno' [ Not found ]
[08:55:52] ignoKit Rootkit [ Not found ]
[08:55:52]
[08:55:52] Checking for ImperalsS-FBRK Rootkit...
[08:55:52] Checking for directory '/dev/fd/.88' [ Not found ]
[08:55:52] Checking for directory '/dev/fd/.99' [ Not found ]
[08:55:52] ImperalsS-FBRK Rootkit [ Not found ]
[08:55:52]
[08:55:52] Checking for Irix Rootkit...
[08:55:52] Checking for directory '/dev/pts/01' [ Not found ]
[08:55:52] Checking for directory '/dev/pts/01/backup' [ Not found ]
[08:55:52] Checking for directory '/dev/pts/01/etc' [ Not found ]
[08:55:52] Checking for directory '/dev/pts/01/tmp' [ Not found ]
[08:55:52] Irix Rootkit [ Not found ]
[08:55:52]
[08:55:52] Checking for Kitko Rootkit...
[08:55:52] Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ]
[08:55:52] Kitko Rootkit [ Not found ]
[08:55:52]
[08:55:52] Checking for Knark Rootkit...
[08:55:52] Checking for file '/proc/knark/pids' [ Not found ]
[08:55:52] Checking for directory '/proc/knark' [ Not found ]
[08:55:52] Knark Rootkit [ Not found ]
[08:55:52]
[08:55:52] Checking for Li0n Worm...
[08:55:52] Checking for file '/bin/in.telnetd' [ Not found ]
[08:55:52] Checking for file '/bin/mjy' [ Not found ]
[08:55:52] Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ]
[08:55:52] Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ]
[08:55:52] Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/1i0n.sh' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/hack.sh' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/bind' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/randb' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/scan.sh' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/pscan' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/star.sh' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/1i0n.sh' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/lib/netstat' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ]
[08:55:52] Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ]
[08:55:53] Li0n Worm [ Not found ]
[08:55:53]
[08:55:53] Checking for Lockit / LJK2 Rootkit...
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parser' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ]
[08:55:53] Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ]
[08:55:53] Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ]
[08:55:53] Lockit / LJK2 Rootkit [ Not found ]
[08:55:53]
[08:55:53] Checking for Mood-NT Rootkit...
[08:55:53] Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ]
[08:55:53] Checking for file '/_cthulhu/mood-nt.init' [ Not found ]
[08:55:54] Checking for file '/_cthulhu/mood-nt.conf' [ Not found ]
[08:55:54] Checking for file '/_cthulhu/mood-nt.sniff' [ Not found ]
[08:55:54] Checking for directory '/_cthulhu' [ Not found ]
[08:55:54] Mood-NT Rootkit [ Not found ]
[08:55:54]
[08:55:54] Checking for MRK Rootkit...
[08:55:54] Checking for file '/dev/ida/.inet/pid' [ Not found ]
[08:55:54] Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[08:55:54] Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[08:55:54] Checking for file '/dev/ida/.inet/tcp.log' [ Not found ]
[08:55:54] Checking for directory '/dev/ida/.inet' [ Not found ]
[08:55:54] Checking for directory '/var/spool/cron/.sh' [ Not found ]
[08:55:54] MRK Rootkit [ Not found ]
[08:55:54]
[08:55:54] Checking for Ni0 Rootkit...
[08:55:54] Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ]
[08:55:54] Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ]
[08:55:54] Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ]
[08:55:54] Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ]
[08:55:54] Checking for directory '/tmp/waza' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[08:55:54] Checking for directory '/usr/sbin/es' [ Not found ]
[08:55:54] Ni0 Rootkit [ Not found ]
[08:55:54]
[08:55:54] Checking for Ohhara Rootkit...
[08:55:54] Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ]
[08:55:54] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ]
[08:55:54] Ohhara Rootkit [ Not found ]
[08:55:54]
[08:55:54] Checking for Optic Kit (Tux) Worm...
[08:55:54] Checking for directory '/dev/tux' [ Not found ]
[08:55:54] Checking for directory '/usr/bin/xchk' [ Not found ]
[08:55:54] Checking for directory '/usr/bin/xsf' [ Not found ]
[08:55:54] Checking for directory '/usr/bin/ssh2d' [ Not found ]
[08:55:54] Optic Kit (Tux) Worm [ Not found ]
[08:55:54]
[08:55:54] Checking for Oz Rootkit...
[08:55:54] Checking for file '/dev/.oz/.nap/rkit/terror' [ Not found ]
[08:55:54] Checking for directory '/dev/.oz' [ Not found ]
[08:55:54] Oz Rootkit [ Not found ]
[08:55:55]
[08:55:55] Checking for Phalanx Rootkit...
[08:55:55] Checking for file '/usr/share/.home.ph1/cb' [ Not found ]
[08:55:55] Checking for file '/etc/host.ph1' [ Not found ]
[08:55:55] Checking for file '/bin/host.ph1' [ Not found ]
[08:55:55] Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ]
[08:55:55] Checking for directory '/usr/share/.home.ph1' [ Not found ]
[08:55:55] Phalanx Rootkit [ Not found ]
[08:55:55]
[08:55:55] Checking for Phalanx Rootkit (strings)...
[08:55:55] Checking for string 'phalanx' [ Not found ]
[08:55:55] Phalanx Rootkit (strings) [ Not found ]
[08:55:55]
[08:55:55] Checking for Portacelo Rootkit...
[08:55:55] Checking for file '/var/lib/.../.ak' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../.hk' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../.rs' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../.p' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../getty' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../lkt.o' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../show' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../nlkt.o' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../ssshrc' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../sssh_equiv' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ]
[08:55:55] Checking for file '/var/lib/.../sssh_pid' [ Not found ]
[08:55:55] Checking for file '~/.sssh/known_hosts' [ Not found ]
[08:55:55] Portacelo Rootkit [ Not found ]
[08:55:55]
[08:55:55] Checking for R3dstorm Toolkit...
[08:55:55] Checking for file '/var/log/tk02/see_all' [ Not found ]
[08:55:55] Checking for file '/bin/.../sshd/sbin/sshd1' [ Not found ]
[08:55:55] Checking for file '/bin/.../hate/sk' [ Not found ]
[08:55:55] Checking for file '/bin/.../see_all' [ Not found ]
[08:55:55] Checking for directory '/var/log/tk02' [ Not found ]
[08:55:55] Checking for directory '/var/log/tk02/old' [ Not found ]
[08:55:55] Checking for directory '/bin/...' [ Not found ]
[08:55:55] R3dstorm Toolkit [ Not found ]
[08:55:55]
[08:55:55] Checking for RH-Sharpe's Rootkit...
[08:55:55] Checking for file '/bin/lps' [ Not found ]
[08:55:55] Checking for file '/usr/bin/lpstree' [ Not found ]
[08:55:55] Checking for file '/usr/bin/ltop' [ Not found ]
[08:55:55] Checking for file '/usr/bin/lkillall' [ Not found ]
[08:55:56] Checking for file '/usr/bin/ldu' [ Not found ]
[08:55:56] Checking for file '/usr/bin/lnetstat' [ Not found ]
[08:55:56] Checking for file '/usr/bin/wp' [ Not found ]
[08:55:56] Checking for file '/usr/bin/shad' [ Not found ]
[08:55:56] Checking for file '/usr/bin/vadim' [ Not found ]
[08:55:56] Checking for file '/usr/bin/slice' [ Not found ]
[08:55:56] Checking for file '/usr/bin/cleaner' [ Not found ]
[08:55:56] Checking for file '/usr/include/rpcsvc/du' [ Not found ]
[08:55:56] RH-Sharpe's Rootkit [ Not found ]
[08:55:56]
[08:55:56] Checking for RSHA's Rootkit...
[08:55:56] Checking for file '/bin/kr4p' [ Not found ]
[08:55:56] Checking for file '/usr/bin/n3tstat' [ Not found ]
[08:55:56] Checking for file '/usr/bin/chsh2' [ Not found ]
[08:55:56] Checking for file '/usr/bin/slice2' [ Not found ]
[08:55:56] Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[08:55:56] Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[08:55:56] Checking for directory '/etc/rc.d/rsha' [ Not found ]
[08:55:56] Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[08:55:56] RSHA's Rootkit [ Not found ]
[08:55:56]
[08:55:56] Checking for Scalper Worm...
[08:55:56] Checking for file '/tmp/.a' [ Not found ]
[08:55:56] Checking for file '/tmp/.uua' [ Not found ]
[08:55:56] Scalper Worm [ Not found ]
[

[dirk]

part two besause of to much characters

08:55:56]
[08:55:56] Checking for Sebek LKM...
[08:55:56] Checking for kernel symbol 'adore or sebek' [ Not found ]
[08:55:56] Sebek LKM [ Not found ]
[08:55:56]
[08:55:56] Checking for Shutdown Rootkit...
[08:55:56] Checking for file '/usr/man/man5/.. /.dir/scannah/asus' [ Not found ]
[08:55:56] Checking for file '/usr/man/man5/.. /.dir/see' [ Not found ]
[08:55:56] Checking for file '/usr/man/man5/.. /.dir/nscd' [ Not found ]
[08:55:56] Checking for file '/usr/man/man5/.. /.dir/alpd' [ Not found ]
[08:55:56] Checking for file '/etc/rc.d/rc.local ' [ Not found ]
[08:55:57] Checking for directory '/usr/man/man5/.. /.dir' [ Not found ]
[08:55:57] Checking for directory '/usr/man/man5/.. /.dir/scannah' [ Not found ]
[08:55:57] Checking for directory '/etc/rc.d/rc0.d/.. /.dir' [ Not found ]
[08:55:57] Shutdown Rootkit [ Not found ]
[08:55:57]
[08:55:57] Checking for SHV4 Rootkit...
[08:55:57] Checking for file '/etc/ld.so.hash' [ Not found ]
[08:55:57] Checking for file '/lib/libext-2.so.7' [ Not found ]
[08:55:57] Checking for file '/lib/lidps1.so' [ Not found ]
[08:55:57] Checking for file '/usr/sbin/xntps' [ Not found ]
[08:55:57] Checking for directory '/lib/security/.config' [ Not found ]
[08:55:57] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[08:55:57] SHV4 Rootkit [ Not found ]
[08:55:57]
[08:55:57] Checking for SHV5 Rootkit...
[08:55:57] Checking for file '/etc/sh.conf' [ Not found ]
[08:55:57] Checking for file '/dev/srd0' [ Not found ]
[08:55:57] Checking for directory '/usr/lib/libsh' [ Not found ]
[08:55:57] SHV5 Rootkit [ Not found ]
[08:55:57]
[08:55:57] Checking for Sin Rootkit...
[08:55:57] Checking for file '/dev/.haos/haos1/.f/Denyed' [ Not found ]
[08:55:57] Checking for file '/dev/ttyoa' [ Not found ]
[08:55:57] Checking for file '/dev/ttyof' [ Not found ]
[08:55:57] Checking for file '/dev/ttyop' [ Not found ]
[08:55:57] Checking for file '/dev/ttyos' [ Not found ]
[08:55:57] Checking for file '/usr/lib/.lib' [ Not found ]
[08:55:57] Checking for file '/usr/lib/sn/.X' [ Not found ]
[08:55:57] Checking for file '/usr/lib/sn/.sys' [ Not found ]
[08:55:57] Checking for file '/usr/lib/ld/.X' [ Not found ]
[08:55:57] Checking for file '/usr/man/man1/...' [ Not found ]
[08:55:57] Checking for file '/usr/man/man1/.../.m' [ Not found ]
[08:55:57] Checking for file '/usr/man/man1/.../.w' [ Not found ]
[08:55:57] Checking for directory '/usr/lib/sn' [ Not found ]
[08:55:57] Checking for directory '/usr/lib/man1/...' [ Not found ]
[08:55:57] Checking for directory '/dev/.haos' [ Not found ]
[08:55:57] Sin Rootkit [ Not found ]
[08:55:57]
[08:55:57] Checking for Slapper Worm...
[08:55:57] Checking for file '/tmp/.bugtraq' [ Not found ]
[08:55:57] Checking for file '/tmp/.uubugtraq' [ Not found ]
[08:55:57] Checking for file '/tmp/.bugtraq.c' [ Not found ]
[08:55:57] Checking for file '/tmp/httpd' [ Not found ]
[08:55:58] Checking for file '/tmp/.unlock' [ Not found ]
[08:55:58] Checking for file '/tmp/update' [ Not found ]
[08:55:58] Checking for file '/tmp/.cinik' [ Not found ]
[08:55:58] Checking for file '/tmp/.b' [ Not found ]
[08:55:58] Slapper Worm [ Not found ]
[08:55:58]
[08:55:58] Checking for Sneakin Rootkit...
[08:55:58] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ]
[08:55:58] Sneakin Rootkit [ Not found ]
[08:55:58]
[08:55:58] Checking for Suckit Rootkit...
[08:55:58] Checking for file '/sbin/initsk12' [ Not found ]
[08:55:58] Checking for file '/sbin/initxrk' [ Not found ]
[08:55:58] Checking for file '/usr/bin/null' [ Not found ]
[08:55:58] Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc0.d/S23kmdac' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc1.d/S23kmdac' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc2.d/S23kmdac' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc3.d/S23kmdac' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc4.d/S23kmdac' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc5.d/S23kmdac' [ Not found ]
[08:55:58] Checking for file '/etc/rc.d/rc6.d/S23kmdac' [ Not found ]
[08:55:58] Checking for directory '/dev/sdhu0/tehdrakg' [ Not found ]
[08:55:58] Checking for directory '/etc/.MG' [ Not found ]
[08:55:58] Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[08:55:58] Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[08:55:58] Suckit Rootkit [ Not found ]
[08:55:58]
[08:55:58] Checking for SunOS Rootkit...
[08:55:58] Checking for file '/etc/ld.so.hash' [ Not found ]
[08:55:58] Checking for file '/lib/libext-2.so.7' [ Not found ]
[08:55:58] Checking for file '/usr/bin/ssh2d' [ Not found ]
[08:55:58] Checking for file '/bin/xlogin' [ Not found ]
[08:55:58] Checking for file '/usr/lib/crth.o' [ Not found ]
[08:55:58] Checking for file '/usr/lib/crtz.o' [ Not found ]
[08:55:58] Checking for file '/sbin/login' [ Not found ]
[08:55:58] Checking for file '/lib/security/.config/sn' [ Not found ]
[08:55:58] Checking for file '/lib/security/.config/lpsched' [ Not found ]
[08:55:58] Checking for file '/dev/kmod' [ Not found ]
[08:55:58] Checking for file '/dev/dos' [ Not found ]
[08:55:58] SunOS Rootkit [ Not found ]
[08:55:58]
[08:55:58] Checking for SunOS / NSDAP Rootkit...
[08:55:59] Checking for file '/usr/lib/vold/nsdap/.kit' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/defines' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/patcher' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/pg' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/cleaner' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/utime' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/crypt' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/findkit' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/sn2' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/sniffload' [ Not found ]
[08:55:59] Checking for file '/usr/lib/vold/nsdap/runsniff' [ Not found ]
[08:55:59] Checking for file '/usr/lib/lpset' [ Not found ]
[08:55:59] Checking for directory '/usr/lib/vold/nsdap' [ Not found ]
[08:55:59] SunOS / NSDAP Rootkit [ Not found ]
[08:55:59]
[08:55:59] Checking for Superkit Rootkit...
[08:55:59] Checking for file '/usr/man/.sman/sk' [ Not found ]
[08:55:59] Superkit Rootkit [ Not found ]
[08:55:59]
[08:55:59] Checking for TBD (Telnet BackDoor)...
[08:55:59] Checking for file '/usr/lib/.tbd' [ Not found ]
[08:55:59] TBD (Telnet BackDoor) [ Not found ]
[08:55:59]
[08:55:59] Checking for TeLeKiT Rootkit...
[08:55:59] Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[08:55:59] Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[08:55:59] Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[08:55:59] Checking for file '/usr/man/man3/.../cl' [ Not found ]
[08:55:59] Checking for file '/dev/ptyr' [ Not found ]
[08:55:59] Checking for file '/dev/ptyp' [ Not found ]
[08:55:59] Checking for file '/dev/ptyq' [ Not found ]
[08:55:59] Checking for file '/dev/hda06' [ Not found ]
[08:55:59] Checking for file '/usr/info/libc1.so' [ Not found ]
[08:55:59] Checking for directory '/usr/man/man3/...' [ Not found ]
[08:55:59] Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[08:55:59] Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[08:55:59] TeLeKiT Rootkit [ Not found ]
[08:55:59]
[08:55:59] Checking for T0rn Rootkit...
[08:55:59] Checking for file '/dev/.lib/lib/lib/t0rns' [ Not found ]
[08:55:59] Checking for file '/dev/.lib/lib/lib/du' [ Not found ]
[08:55:59] Checking for file '/dev/.lib/lib/lib/ls' [ Not found ]
[08:55:59] Checking for file '/dev/.lib/lib/lib/t0rnsb' [ Not found ]
[08:55:59] Checking for file '/dev/.lib/lib/lib/ps' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/t0rnp' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/find' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/ifconfig' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/pg' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/ssh.tgz' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/top' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/sz' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/login' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/1i0n.sh' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/pstree' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/mjy' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/sush' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/tfn' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/name' [ Not found ]
[08:56:00] Checking for file '/dev/.lib/lib/lib/getip.sh' [ Not found ]
[08:56:00] Checking for file '/usr/info/.torn/sh*' [ Not found ]
[08:56:00] Checking for file '/usr/src/.puta/.1addr' [ Not found ]
[08:56:00] Checking for file '/usr/src/.puta/.1file' [ Not found ]
[08:56:00] Checking for file '/usr/src/.puta/.1proc' [ Not found ]
[08:56:00] Checking for file '/usr/src/.puta/.1logz' [ Not found ]
[08:56:00] Checking for file '/usr/info/.t0rn' [ Not found ]
[08:56:00] Checking for directory '/dev/.lib' [ Not found ]
[08:56:00] Checking for directory '/dev/.lib/lib' [ Not found ]
[08:56:00] Checking for directory '/dev/.lib/lib/lib' [ Not found ]
[08:56:00] Checking for directory '/dev/.lib/lib/lib/dev' [ Not found ]
[08:56:00] Checking for directory '/dev/.lib/lib/scan' [ Not found ]
[08:56:00] Checking for directory '/usr/src/.puta' [ Not found ]
[08:56:00] Checking for directory '/usr/man/man1/man1' [ Not found ]
[08:56:00] Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[08:56:00] Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[08:56:00] Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[08:56:00] T0rn Rootkit [ Not found ]
[08:56:00]
[08:56:00] Checking for Trojanit Kit...
[08:56:00] Checking for file '/bin/.ls' [ Not found ]
[08:56:00] Checking for file '/bin/.ps' [ Not found ]
[08:56:00] Checking for file '/bin/.netstat' [ Not found ]
[08:56:00] Checking for file '/usr/bin/.nop' [ Not found ]
[08:56:00] Checking for file '/usr/bin/.who' [ Not found ]
[08:56:01] Trojanit Kit [ Not found ]
[08:56:01]
[08:56:01] Checking for Tuxtendo Rootkit...
[08:56:01] Checking for file '/dev/tux/.addr' [ Not found ]
[08:56:01] Checking for file '/dev/tux/.cron' [ Not found ]
[08:56:01] Checking for file '/dev/tux/.file' [ Not found ]
[08:56:01] Checking for file '/dev/tux/.log' [ Not found ]
[08:56:01] Checking for file '/dev/tux/.proc' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/crontab' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/df' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/dir' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/find' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/ifconfig' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/locate' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/netstat' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/ps' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/pstree' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/syslogd' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/tcpd' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/top' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/updatedb' [ Not found ]
[08:56:01] Checking for file '/dev/tux/backup/vdir' [ Not found ]
[08:56:01] Checking for directory '/dev/tux' [ Not found ]
[08:56:01] Checking for directory '/dev/tux/ssh2' [ Not found ]
[08:56:01] Checking for directory '/dev/tux/backup' [ Not found ]
[08:56:01] Tuxtendo Rootkit [ Not found ]
[08:56:01]
[08:56:01] Checking for URK Rootkit...
[08:56:01] Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[08:56:01] Checking for file '/usr/man/man1/xxxxxxbin/du' [ Not found ]
[08:56:01] Checking for file '/usr/man/man1/xxxxxxbin/ps' [ Not found ]
[08:56:01] Checking for file '/tmp/conf.inf' [ Not found ]
[08:56:01] Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[08:56:01] URK Rootkit [ Not found ]
[08:56:01]
[08:56:01] Checking for VcKit Rootkit...
[08:56:01] Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[08:56:01] Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[08:56:01] VcKit Rootkit [ Not found ]
[08:56:01]
[08:56:01] Checking for Volc Rootkit...
[08:56:02] Checking for directory '/var/spool/.recent' [ Not found ]
[08:56:02] Checking for directory '/var/spool/.recent/.files' [ Not found ]
[08:56:02] Checking for directory '/usr/lib/volc' [ Not found ]
[08:56:02] Checking for directory '/usr/lib/volc/backup' [ Not found ]
[08:56:02] Volc Rootkit [ Not found ]
[08:56:02]
[08:56:02] Checking for X-Org SunOS Rootkit...
[08:56:02] Checking for file '/usr/lib/libX.a/bin/tmpfl' [ Not found ]
[08:56:02] Checking for file '/usr/lib/libX.a/bin/rps' [ Not found ]
[08:56:02] Checking for file '/usr/bin/srload' [ Not found ]
[08:56:02] Checking for file '/usr/lib/libX.a/bin/sparcv7/rps' [ Not found ]
[08:56:02] Checking for file '/usr/sbin/modcheck' [ Not found ]
[08:56:02] Checking for directory '/usr/lib/libX.a' [ Not found ]
[08:56:02] Checking for directory '/usr/lib/libX.a/bin' [ Not found ]
[08:56:02] Checking for directory '/usr/lib/libX.a/bin/sparcv7' [ Not found ]
[08:56:02] Checking for directory '/usr/share/man...' [ Not found ]
[08:56:02] X-Org SunOS Rootkit [ Not found ]
[08:56:02]
[08:56:02] Checking for zaRwT.KiT Rootkit...
[08:56:02] Checking for file '/dev/rd/s/sendmeil' [ Not found ]
[08:56:02] Checking for file '/dev/ttyf' [ Not found ]
[08:56:02] Checking for file '/dev/ttyp' [ Not found ]
[08:56:02] Checking for file '/dev/ttyn' [ Not found ]
[08:56:02] Checking for file '/rk/tulz' [ Not found ]
[08:56:02] Checking for directory '/rk' [ Not found ]
[08:56:02] Checking for directory '/dev/rd/s' [ Not found ]
[08:56:02] zaRwT.KiT Rootkit [ Not found ]
[08:56:02]
[08:56:02] Performing additional rootkit checks
[08:56:02] Info: Starting test name 'additional_rkts'
[08:56:02]
[08:56:02] Performing Suckit Rookit additional checks
[08:56:02] Checking /sbin/init link count [ OK ]
[08:56:02] Checking for hidden file extensions [ None found ]
[08:56:02] Running skdet command [ Skipped ]
[08:56:02] Info: Unable to find the 'skdet' command
[08:56:02] Suckit Rookit additional checks [ OK ]
[08:56:02]
[08:56:02] Performing check of possible rootkit files and directories
[08:56:02] Info: Starting test name 'possible_rkt_files'
[08:56:02] Checking for file '/dev/sdr0' [ Not found ]
[08:56:02] Checking for file '/tmp/.syshackfile' [ Not found ]
[08:56:03] Checking for file '/tmp/.bash_history' [ Not found ]
[08:56:03] Checking for file '/usr/info/.clib' [ Not found ]
[08:56:03] Checking for file '/usr/sbin/tcp.log' [ Not found ]
[08:56:03] Checking for file '/usr/bin/take/pid' [ Not found ]
[08:56:03] Checking for file '/sbin/create' [ Not found ]
[08:56:03] Checking for file '/dev/ttypz' [ Not found ]
[08:56:03] Checking for directory '/usr/bin/take' [ Not found ]
[08:56:03] Checking for directory '/usr/src/.lib' [ Not found ]
[08:56:03] Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[08:56:03] Checking for directory '/lib/lblip.tk' [ Not found ]
[08:56:03] Checking for directory '/usr/sbin/...' [ Not found ]
[08:56:03] Checking for directory '/usr/share/.gun' [ Not found ]
[08:56:03] Checking for possible rootkit files and directories [ None found ]
[08:56:03]
[08:56:03] Performing check for possible rootkit strings
[08:56:03] Info: Starting test name 'possible_rkt_strings'
[08:56:03] Info: Found local startup file: /etc/rc.local
[08:56:03] Checking for string '/dev/proc/rainbows' [ Not found ]
[08:56:03] Checking for string 'rainbows' [ Not found ]
[08:56:03] Checking for string 'backdoor' [ Not found ]
[08:56:03] Checking for string 'vt200' [ Not found ]
[08:56:03] Checking for string '/usr/bin/xstat' [ Not found ]
[08:56:03] Checking for string '/bin/envpc' [ Not found ]
[08:56:03] Checking for string 'L4m3r0x' [ Not found ]
[08:56:03] Checking for string '/usr/lib/.tbd' [ Not found ]
[08:56:03] Checking for string '/dev/ptyxx/.file' [ Not found ]
[08:56:03] Checking for string '/dev/sgk' [ Not found ]
[08:56:03] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[08:56:04] Checking for string '/usr/lib/.tbd' [ Not found ]
[08:56:04] Checking for string '/dev/proc/rainbows' [ Not found ]
[08:56:04] Checking for string '/lib/.sso' [ Not found ]
[08:56:04] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[08:56:04] Checking for string '/dev/caca' [ Not found ]
[08:56:04] Checking for string '/dev/ttyoa' [ Not found ]
[08:56:04] Checking for string 'syg' [ Not found ]
[08:56:04] Checking for string '/dev/pts/01' [ Not found ]
[08:56:04] Checking for string 'tw33dl3' [ Not found ]
[08:56:04] Checking for string 'psniff' [ Not found ]
[08:56:04] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[08:56:04] Checking for string '/dev/ptyxx' [ Not found ]
[08:56:04] Checking for string 'promiscuous' [ Not found ]
[08:56:04] Checking for string '/usr/lib/.tbd' [ Not found ]
[08:56:04] Checking for string '/dev/xdta' [ Not found ]
[08:56:04] Checking for string '/usr/lib/.tbd' [ Not found ]
[08:56:04] Checking for string 'in.inetd' [ Not found ]
[08:56:04] Checking for string '#<HIDE_.*>' [ Not found ]
[08:56:04] Checking for string 'bin/xchk' [ Not found ]
[08:56:04] Checking for string 'bin/xsf' [ Not found ]
[08:56:04] Checking for possible rootkit strings [ None found ]
[08:56:04]
[08:56:04] Performing malware checks
[08:56:04] Info: Starting test name 'malware'
[08:56:04]
[08:56:04] Info: Test 'deleted_files' disabled at users request.
[08:56:04] Info: Starting test name 'running_procs'
[08:56:05] Checking running processes for suspicious files [ None found ]
[08:56:05]
[08:56:05] Info: Test 'hidden_procs' disabled at users request.
[08:56:05]
[08:56:05] Info: Test 'suspscan' disabled at users request.
[08:56:05]
[08:56:05] Performing check for login backdoors
[08:56:05] Info: Starting test name 'other_malware'
[08:56:05] Checking for '/bin/.login' [ Not found ]
[08:56:05] Checking for '/sbin/.login' [ Not found ]
[08:56:05] Checking for login backdoors [ None found ]
[08:56:05]
[08:56:05] Performing check for suspicious directories
[08:56:05] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[08:56:05] Checking for directory '/dev/rd/cdb' [ Not found ]
[08:56:05] Checking for suspicious directories [ None found ]
[08:56:05]
[08:56:05] Checking for software intrusions [ Skipped ]
[08:56:05] Info: Check skipped - tripwire not installed
[08:56:05]
[08:56:05] Performing check for sniffer log files
[08:56:05] Checking for file '/usr/lib/libice.log' [ Not found ]
[08:56:05] Checking for sniffer log files [ None found ]
[08:56:05]
[08:56:05] Performing trojan specific checks
[08:56:05] Info: Starting test name 'trojans'
[08:56:05] Info: Using inetd configuration file '/etc/inetd.conf'
[08:56:05] Checking for enabled inetd services [ OK ]
[08:56:05]
[08:56:05] Performing check for enabled xinetd services
[08:56:05] Checking for enabled xinetd services [ Skipped ]
[08:56:05] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[08:56:05] Checking for Apache backdoor [ Not found ]
[08:56:05]
[08:56:05] Performing Linux specific checks
[08:56:05] Info: Starting test name 'os_specific'
[08:56:05] Checking kernel module commands [ OK ]
[08:56:05] Info: Using modules pathname of '/lib/modules/2.6.24-16-generic'
[08:56:05] Checking kernel module names [ OK ]
[08:56:08]
[08:56:08] Checking the network...
[08:56:08] Info: Starting test name 'network'
[08:56:08] Info: Starting test name 'ports'
[08:56:08]
[08:56:08] Performing check for backdoor ports
[08:56:08] Checking for UDP port 2001 [ Not found ]
[08:56:08] Checking for TCP port 2006 [ Not found ]
[08:56:08] Checking for TCP port 2128 [ Not found ]
[08:56:08] Checking for TCP port 14856 [ Not found ]
[08:56:09] Checking for TCP port 47107 [ Not found ]
[08:56:09] Checking for TCP port 60922 [ Not found ]
[08:56:09]
[08:56:09] Performing checks on the network interfaces
[08:56:09] Info: Starting test name 'promisc'
[08:56:09] Checking for promiscuous interfaces [ None found ]
[08:56:09]
[08:56:09] Info: Test 'packet_cap_apps' disabled at users request.
[08:56:12]
[08:56:12] Checking the local host...
[08:56:12] Info: Starting test name 'local_host'
[08:56:12]
[08:56:12] Performing system boot checks
[08:56:12] Info: Starting test name 'startup_files'
[08:56:12] Checking for local host name [ Found ]
[08:56:13] Info: Starting test name 'startup_malware'
[08:56:13] Info: Found local startup file: /etc/rc.local
[08:56:13] Checking for local startup files [ Found ]
[08:56:13] Checking local startup files for malware [ None found ]
[08:56:13] Info: Found system startup directory: /etc/init.d
[08:56:14] Checking system startup files for malware [ None found ]
[08:56:14]
[08:56:14] Performing group and account checks
[08:56:14] Info: Starting test name 'group_accounts'
[08:56:14] Checking for passwd file [ Found ]
[08:56:14] Info: Found password file: /etc/passwd
[08:56:14] Checking for root equivalent (UID 0) accounts [ None found ]
[08:56:14] Info: Found shadow file: /etc/shadow
[08:56:14] Checking for passwordless accounts [ None found ]
[08:56:14] Info: Starting test name 'passwd_changes'
[08:56:14] Checking for passwd file changes [ Warning ]
[08:56:14] Warning: Users have been added to the passwd file:
[08:56:14] dirk:x:1000:1000:dirk,,,,:/home/dirk:/bin/bash
[08:56:14] Warning: Users have been removed from the passwd file:
[08:56:14] dirk:x:1000:0:dirk,,,,:/home/dirk:/bin/bash
[08:56:14] admin:x:1001:100::/home/admin:/bin/bash
[08:56:15] Info: Starting test name 'group_changes'
[08:56:15] Checking for group file changes [ Warning ]
[08:56:15] Warning: Groups have been added to the group file:
[08:56:15] root:x:0:dirk,root
[08:56:15] Warning: Groups have been removed from the group file:
[08:56:15] root:x:0:dirk,root,admin
[08:56:15] Checking root account shell history files [ OK ]
[08:56:15]
[08:56:15] Performing system configuration file checks
[08:56:15] Info: Starting test name 'system_configs'
[08:56:15] Checking for SSH configuration file [ Found ]
[08:56:15] Info: Found SSH configuration file: /etc/ssh/sshd_config
[08:56:15] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[08:56:15] Checking if SSH root access is allowed [ Not allowed ]
[08:56:15] Checking if SSH protocol v1 is allowed [ Not allowed ]
[08:56:15] Checking for running syslog daemon [ Found ]
[08:56:15] Checking for syslog configuration file [ Found ]
[08:56:15] Info: Found syslog configuration file: /etc/syslog.conf
[08:56:15] Checking if syslog remote logging is allowed [ Not allowed ]
[08:56:15]
[08:56:15] Performing filesystem checks
[08:56:15] Info: Starting test name 'filesystem'
[08:56:15] Info: SCAN_MODE_DEV set to 'THOROUGH'
[08:56:26] Checking /dev for suspicious file types [ None found ]
[08:56:26] Checking for hidden files and directories [ Warning ]
[08:56:26] Warning: Hidden directory found: /etc/.java
[08:56:26] Warning: Hidden directory found: /dev/.static
[08:56:26] Warning: Hidden directory found: /dev/.udev
[08:56:26] Warning: Hidden directory found: /dev/.initramfs
[08:56:36]
[08:56:36] Checking application versions...
[08:56:36] Info: Starting test name 'apps'
[08:56:37] Checking version of Exim MTA [ OK ]
[08:56:37] Info: Application 'exim' version '4.69' found.
[08:56:37] Checking version of GnuPG [ OK ]
[08:56:37] Info: Application 'gpg' version '1.4.6' found.
[08:56:37] Info: Application 'httpd' not found.
[08:56:37] Info: Application 'named' not found.
[08:56:37] Checking version of OpenSSL [ OK ]
[08:56:37] Info: Application 'openssl' version '0.9.8g' found.
[08:56:37] Info: Application 'php' not found.
[08:56:37] Info: Application 'procmail' not found.
[08:56:37] Info: Application 'proftpd' not found.
[08:56:37] Checking version of OpenSSH [ OK ]
[08:56:37] Info: Application 'sshd' version '4.7p1' found.
[08:56:37] Info: Applications checked: 4 out of 9
[08:56:37]
[08:56:37] System checks summary
[08:56:37] =====================
[08:56:37]
[08:56:37] File properties checks...
[08:56:37] Files checked: 125
[08:56:37] Suspect files: 0
[08:56:37]
[08:56:37] Rootkit checks...
[08:56:37] Rootkits checked : 110
[08:56:37] Possible rootkits: 0
[08:56:37]
[08:56:37] Applications checks...
[08:56:37] Applications checked: 4
[08:56:37] Suspect applications: 0
[08:56:37]
[08:56:37] The system checks took: 1 minute and 11 second

[relst]

Hy all,

I'm the son he is talking about, and i think this is because my dad has an openssh server on the pc and his pass was 1234. It is gone now, and he is going to uninstall the openssh server. We did the firefox thing, and he scanned it as you can see, but does someone know what this was? it atleast is gone now. Thanks in advance

[slider]

Hi Dirk

I read your post here as well: http://www.linuxquestions.org/questions/linux-distributions-5/need-fast-help-723975/

Nothing of this type can normally run on Linux unless your clicked on it giving it permission, even unknowingly, or you were online using a root account (a real no no!).

I have a URL to an article that deals with this subject in more detail that was written by an security expert. In all cases of Linux hacks, the user must at some point provide permission for this type of thing to work. Once that is done however things can go downhill very quickly if the writer knows what they are doing. I feel very reluctant to post the URL (even though it is public info on the net) because I do not want to be party to spreading any of this type of info.

In the future please be careful, even in Linux, what you click on or allow to be downloaded to your PC. Even Linux is not completely bullet-proof when it comes to certain things....

tvgc

[AK Dave]

And if you're going to run a SSH server, and thats totally fine with me, then you need to do some basic work to secure it. Or don't run it at all.

Would you play hockey? Competetively? With no pads? No cup? No pants? Just skates and a stick?

Read here: http://www.linux.com/feature/61061

[dirk]

i'd never runned a SSH sever at all and never will

[Pierre]

If you never run a SSH server, then how can you control a M$W (server) from a LNX box ( viewer ) ??.

[emorrp1]

Pierre: easy - with a Mint install disc!

Actually I agree that ssh servers are useful. I wanted to be able to access my computer from anywhere, but it was behind a stupid campus firewall, thanks to ssh tunnelling, I now can!

[Husse]

I stumbled over this and I can not enough emphasise the importance of what slider posted above
One addition though - if you have a really weak password (and you had) it's possible to break it and use your account