Fedora 15 INFECTED [Suckit rootkit & Trojan] Help Please!
Manuel Escudero
Jmlevick at gmail.com
Thu Jun 9 23:50:16 UTC 2011
2011/6/9 Michael Schwendt <mschwendt at gmail.com>
> On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote:
>
> > This only leave 3 doubts... What about the Trojan mentioned
> > in line 111 of chkrootkit's output?
>
> Run this:
>
> /usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib
>
> It if isn't silent, it believes something is wrong with the link count of
> the directories and it concludes that there could be hidden directories.
> This may be because you're using "btrfs" instead of ext4. Could be a bug
> in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno.
> Somebody might want to investigate it.
>
> > and the "deletions" mentioned
> > on line 117, what does that mean?
>
> It's the result of running
>
> /usr/lib64/chkrootkit-0.49/chkwtmp
>
> and it may be necessary to examine whether the chkwtmp tool still does
> what it's supposed to do (check for deletions). Perhaps it's just broken
> on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in
> the past, their C code isn't pretty, and not all bug-fixes have been
> applied in upstream chkrootkit yet either.
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>
@Michael: Thanks for all the info and the tips, I'm more
paceful now...
Did some performance Tweaks in the machine and Everything
works just fine, discovered that the issue with the VM was fault
of Virtualbox 4.0.8 and had to downgrade to 4.0.6, Now I can work
as fast as always... (I reported the issue in Vbox Forums)
is good to have a community to talk to.
Thanks to everyone!!
Have a nice day.
--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick at googlewave.com
@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664 3E22 88C8 DFC9 4D7C 1B35
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20110609/a032ad4e/attachment.html
More information about the users
mailing list