On Thu, 2012-03-22 at 09:32 +0000, Berni Elbourn wrote:
>
> Warning: Checking running processes for suspicious files [ Warning ]
> Warning: One or more of these files were found: backdoor, adore.o,
> mod_rootme.so, phide_mod.o, lbk.ko, vlogger.o,
> cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, hydra.restore, ras2xm,
> vobiscum, sshd3, system, t0rnsb, t0rns, t0rnp,
> rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech, psybnc, mech,
> httpd.bin, mh, xl, write,
> Phantasmagoria.o, lkt.o, nlkt.o
> Check the output of the lsof command 'lsof -F n -w -n'
>
I suspect you are running an old version of rkhunter. The latest version
simply shows the specific file causing the problem:
Warning: The following processes are using suspicious files:
Command: crontab
UID: 0 PID: 19336
Pathname: /usr/bin/crontab
Possible Rootkit: Unknown rootkit
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
