Hi,
I recently installed rkhunter-1.3.6 on my laptop computer on two linux
operating systems. On this laptop I have opensuse 11.1 and Elive development
version 1.9.51 installed, along with Win7. I just purchased the laptop so both
linux instalations are fresh installs.
When I ran rkhunter -c --sk to check for rootkits on the Elive installation, I
got a positive result.
when checking for rootkits...
Performing check of known rootkit files and directories
Xzibit Rootkit {Not found}
Performing additional rootkit checks
Checking for possible rootkit strings {Warning}
Rootkit checks...
Possible rootkits: 2
Rootkit names: Xzibit Rootkit, Xzibit Rootkit
I was in a country that is known for having an army of hackers that seek to
acquire information from around the world, so I was suspicious that somehow
they had gotten into my computer. I looked over the info in FAQ and the long
and the short of it that I understood was that if one acquires a rootkit, the
fix is to format the harddrive partition and reinstall. I thought that to be
the easy fix since it was a fresh install anyways. So I reformatted the root
and home partitions several times and then reinstalled Elive.
Before I got to far into the installation and use of Elive after the fresh
install, I downloaded rkhunter and ran a scan again. It showed the same
results on the fresh install of Elive, same rootkit. I believe that the
possibility exists that this may be a false indication of a rootkit, so I am
writing for some help to determine what is going on here.
Looking forward to your replies,
Mark
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
