Re: chkrootkit indicates infection

Top Page
This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMJosh Coffman at <-
.MMJD Austin at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Josh Coffman
Date:  
To: Main PLUG discussion list
Subject: Re: chkrootkit indicates infection


--- Josh Coffman <> wrote:

> I just installed rkhunter and chkrootkit and ran
> them.
> chkrootkit gave me one infected message:
>
> Checking `bindshell'... INFECTED (PORTS: 4000)
>
> What can I do to find out more? I'm not sure if this
> message really means I have a problem or just
> something I need to investigate.
>
> btw, rkhunter seemed to say everything checks out.
> Just a couple things were in yellow text which I
> can't
> read against the white console background.
>
> -j
>
changed the console colors and tried rkhunter again..
rkhunter did give me this: 

* Filesystem checks
   Checking /dev for suspicious files...              
       [ OK ]
   Scanning for hidden files...                       
       [ Warning! ]
---------------
 /dev/.udevdb  /usr/share/man/man1/..1.gz  /etc/.java
/etc/.pwd.lock
---------------
Please inspect:  /dev/.udevdb (directory)  /etc/.java
(directory)




    
        
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: KJZZ on the web?Re: chkrootkit indicates infection->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)