chkrootkit indicates infection
Josh Coffman
josh_coffman at yahoo.com
Mon Oct 24 10:38:15 MST 2005
--- JD Austin <jd at twingeckos.com> wrote:
> Josh Coffman wrote:
>
> >I just installed rkhunter and chkrootkit and ran
> them.
> >chkrootkit gave me one infected message:
> >
> >Checking `bindshell'... INFECTED (PORTS: 4000)
> >
> >What can I do to find out more? I'm not sure if
> this
> >message really means I have a problem or just
> >something I need to investigate.
> >
> >btw, rkhunter seemed to say everything checks out.
> >Just a couple things were in yellow text which I
> can't
> >read against the white console background.
> >
> >-j
> >
> >
> >
> >__________________________________
> >Start your day with Yahoo! - Make it your home
> page!
> >http://www.yahoo.com/r/hs
> >---------------------------------------------------
> >PLUG-discuss mailing list -
> PLUG-discuss at lists.plug.phoenix.az.us
> >To subscribe, unsubscribe, or to change you mail
> settings:
>
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> Bindshell often comes up with false positives.
> That may or may not be an issue.
> Do you have mldonkey running? (saw reference to it
> on google).
>
>
>
> --
> JD Austin
> Twin Geckos Technology Services LLC
> email: jd at twingeckos.com
> http://www.twingeckos.com
> phone/fax: 480.288.8195
mldonkey is installed but not running. I kinda thought
it was a false positive.
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the PLUG-discuss
mailing list