Hi all i have a badly infected system here, where rkhunter found this: [07:25:44] Running Rootkit Hunter 1.2.9 on xxxxxxxxx
<..snip..> [07:34:42] Possible backdoored or harmful file found /usr/bin/md5sum <..snip..> [07:41:19] *** Start scan Dreams Rootkit *** [07:41:20] - File /dev/ttyoa... WARNING! Exists. [07:41:21] - File /dev/ttyof... WARNING! Exists. [07:41:22] - File /dev/ttyop... WARNING! Exists. [07:41:22] - File /usr/bin/sense... WARNING! Exists. [07:41:23] - File /usr/bin/sl2... WARNING! Exists. [07:41:24] - File /usr/bin/logclear... WARNING! Exists. [07:41:25] - File /usr/bin/(swapd)... WARNING! Exists. [07:41:26] - File /usr/bin/snfs... OK. Not found. [07:41:26] - File /usr/lib/libsss... WARNING! Exists. [07:41:27] - Directory /dev/ida/.hpd... WARNING! Exists. <..snip..> [07:41:44] *** Start scan Flea Linux Rootkit *** [07:41:45] - File /etc/ld.so.hash... WARNING! Exists. [07:41:46] - File /lib/security/.config/ssh/ssh_host_key... WARNING! Exists. [07:41:48] - File /lib/security/.config/ssh/ssh_host_key.pub... OK. Not found. [07:41:48] - File /lib/security/.config/ssh/ssh_random_seed... WARNING! Exists. <..snip..> [07:47:13] *** Start scan SHV4 *** [07:47:15] - File /etc/ld.so.hash... WARNING! Exists. [07:47:16] - File /lib/libext-2.so.7... OK. Not found. [07:47:16] - File /lib/lidps1.so... WARNING! Exists. [07:47:17] - File /usr/sbin/xntps... OK. Not found. [07:47:18] - Directory /lib/security/.config... WARNING! Exists. [07:47:19] - Directory /lib/security/.config/ssh... WARNING! Exists. and i found a # file /sbin/ttyload /sbin/ttyload: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, corrupted section header size ,which is an "SCS sshd 2.0.13 (protocol 1.5)" ,listening on 8080/tcp (according to nmap -A). and a # file /sbin/ttymon /sbin/ttymon: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), for GNU/Linux 2.2.5, stripped containing strings like: <..snip..> Usage: %s <dst> <src> <size> <number> Ports are set to send and receive on port 179 dst: Destination Address src: Source Address size: Size of packet which should be no larger than 1024 should allow for xtra header info thru routes num: packets Could not resolve %s fucknut ICMP jess tc: unknown host 3.3.3.3 mservers lamersucks skillz and a # file /usr/sbin/ttyload /usr/sbin/ttyload: ASCII text # cat /usr/sbin/ttyload /sbin/ttyload -q >/dev/null 2>&1 /sbin/ttymon >/dev/null 2>&1 cheers --Tran ps where i send the binaries? pps for replys please cc, as i'm not subscribed to the list
signature.asc
Description: Digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
