Re: [Rkhunter-users] Possible Rootkit

2018-09-10 Thread John Horne
On Mon, 2018-09-10 at 19:43 +0200, Markus Egg wrote: > Am 10.05.18 um 04:04 schrieb Al Varnell: > > How about this section: > > > > > Performing additional rootkit checks > > > Checking for possible rootkit files and directories [None found] > > > Checking for possible rootkit

Re: [Rkhunter-users] Possible Rootkit

2018-09-10 Thread Markus Egg
Am 10.05.18 um 04:04 schrieb Al Varnell: How about this section:  Performing additional rootkit checks     Checking for possible rootkit files and directories      [None found]     Checking for possible rootkit strings                    [None found] Sorry to BUMP this older thread but I

Re: [Rkhunter-users] Possible Rootkit

2018-05-10 Thread John Horne
On Wed, 2018-05-09 at 10:21 -0400, Mark Misulich wrote: > Hi, > when I run rkhunter on my opensuse 42.3 linux Operating System, I get > this result telling me that I have a possible rootkit. > > > Rootkit checks... > > Rootkits checked : 500 > > Possible rootkits: 1 > > I have looked

Re: [Rkhunter-users] Possible Rootkit

2018-05-09 Thread Al Varnell
How about this section: > Performing additional rootkit checks > Checking for possible rootkit files and directories [ None found ] > Checking for possible rootkit strings[ None found ] -Al- On Wed, May 09, 2018 at 07:02 PM, Mark Misulich wrote: > Nope,

Re: [Rkhunter-users] Possible Rootkit

2018-05-09 Thread Mark Misulich
Nope, nothing in the list of rootkits you referenced is written in red.  They are all tagged "not found" in green.  Every rootkit check listed in the /var/log/rkhunter.log is listed as not found. On Wed, 2018-05-09 at 15:13 -0700, Al Varnell wrote: > Didn't you get a section above the summary

Re: [Rkhunter-users] Possible Rootkit

2018-05-09 Thread Al Varnell
Didn't you get a section above the summary that looks something like this: Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [

[Rkhunter-users] Possible Rootkit

2018-05-09 Thread Mark Misulich
Hi, when I run rkhunter on my opensuse 42.3 linux Operating System, I get this result telling me that I have a possible rootkit. > Rootkit checks... > Rootkits checked : 500 > Possible rootkits: 1 I have looked through the var/log/rkhunter.log and don't find anything that stands out to

Re: [Rkhunter-users] Possible Rootkit: Dica-Kit Rootkit

2014-09-08 Thread Al Varnell
If you are absolutely sure it’s clean then whitelist it in rkhunter.conf.local. # # The following two options can be used to whitelist files and directories # that would normally be flagged with a warning during the various rootkit # and malware checks. If the file or directory name contains a

Re: [Rkhunter-users] Possible Rootkit

2009-12-07 Thread Mike McCarty
Mark Misulich wrote: Hi, I recently installed rkhunter-1.3.6 on my laptop computer on two linux operating systems. On this laptop I have opensuse 11.1 and Elive development version 1.9.51 installed, along with Win7. I just purchased the laptop so both linux instalations are fresh installs.

Re: [Rkhunter-users] Possible Rootkit

2009-12-05 Thread John Horne
On Thu, 2009-12-03 at 13:46 -0500, Mark Misulich wrote: Rootkit checks... Possible rootkits: 2 Rootkit names: Xzibit Rootkit, Xzibit Rootkit This looks a little odd, but in some respects is correct. The Xzibit rootkit has been detected in 2 different tests, and so is reported

[Rkhunter-users] Possible Rootkit

2009-12-04 Thread Mark Misulich
Hi, I recently installed rkhunter-1.3.6 on my laptop computer on two linux operating systems. On this laptop I have opensuse 11.1 and Elive development version 1.9.51 installed, along with Win7. I just purchased the laptop so both linux instalations are fresh installs. When I ran rkhunter -c

Re: [Rkhunter-users] Possible rootkit?

2007-12-20 Thread Dave Burns
I got something similar recently. I think it was a phishing expedition. Shouldn't you change the subject of your email when you start a new thread? Dave On Dec 3, 2007 12:24 AM, Johan Sundström [EMAIL PROTECTED] wrote: Hi all! I got the report below this morning, ive run the rkhunter and it

[Rkhunter-users] Possible rootkit?

2007-12-15 Thread Johan Sundström
Hi all! I got the report below this morning, ive run the rkhunter and it reports no rootkit. Anyone seen this before? The computer using the ip- adress is a linux-machine. -- [EMAIL PROTECTED] - Sun Dec 02 17:20:21 2007]: Greetings: IP Address of attacker: xxx.yyy.zzz.zzz Type of

[Rkhunter-users] Possible rootkit?

2007-12-03 Thread Johan Sundström
Hi all! I got the report below this morning, ive run the rkhunter and it reports no rootkit. Anyone seen this before? The computer using the ip- adress is a linux-machine. -- [EMAIL PROTECTED] - Sun Dec 02 17:20:21 2007]: Greetings: IP Address of attacker: xxx.yyy.zzz.zzz Type of

Re: [Rkhunter-users] Possible rootkit?

2007-12-03 Thread Helmut Hullen
Hallo, Johan, Du (johan.sundstrom) meintest am 03.12.07: IP Address of attacker: xxx.yyy.zzz.zzz Type of attack: URL Injection -- attempt to inject / load files onto the server via PHP/CGI vulnerabilities Sample log report including date and time stamp: Request: onlinesurfnshop.com

Re: [Rkhunter-users] Possible rootkit?

2007-12-03 Thread Johan Sundström
Hi! That much i understand. Problem is that its not my apache-log. The IP wich is showing up in the log is my server.(the one making the requests) So what is causing it? Cant fint any rootkits with rkhunter.. Cheers! /J On 3 dec 2007, at 13.33, Helmut Hullen wrote: Hallo, Johan, Du