Hello,
I got a new warning with 1.3.6:
Warning: Checking running processes for suspicious files [ Warning ]
Warning: One or more of these files were found: backdoor, adore.o,
mod_rootme.so, phide_mod.o, lbk.ko, vlogger.o, cleaner.o, cleaner, ava, tzava,
mod_klgr.o, hydra, hydra.restore, ras2xm, vobiscum, sshd3, system, t0rnsb,
t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech,
psybnc, mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o
Check the output of the lsof command 'lsof -F n -w -n'
I think it would be better to write exact suspicious process. Now by trying one
by one
I found that it is 'system', created by wine process and looks like:
# ps axw|grep system
18034 ? Sl 0:00 c:\windows\system\services.exe
18036 ? Sl 0:00 c:\windows\system\winedevice.exe MountMgr
18044 ? Ss 0:01 c:\windows\system\explorer.exe /desktop
If I exit wine application, I do not get this warning anymore.
How can I whitelist it?
Regards,
Nerijus
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
