[Rkhunter-users] Rootkit infection on Mac? Please help?

Wed, 27 Dec 2017 11:38:26 -0800 

Hello,

Could anyone help me? I'm new.. just learning ethical hacking for
beginners, and I was afraid to download Kali and Metasploitable environment
because I suspected I had intrusion on my system. I've taken the system in
to Apple and consulted Apple, but they deny they see anything wrong. Yet, I
see suspicious things. Research lead me to RK hunter with a tutorial on how
to download and enable it and the terminal commands to use.

I've now DOD-level- erased, repartitioned disks, downloaded and reinstalled
my operating system 7 times on my Mac over the course of 3 days, but I
think rootkit or string injection is rebuilding itself. Here are my
suspicious results.  I have summarized below the suspicious findings that
appear exactly the same each time, regardless of how fresh the OSX High
Sierra refresh: Can anyone Kindly tell me what they think, and how to go
about cleaning this up?

Evas-MacBook-Pro:rkhunter-1.4.4 evadlp$ sudo rkhunter --check

*Checking system commands...*


  Performing 'strings' command checks

    Checking 'strings' command                               [ *Warning* ]

  Performing 'shared libraries' checks

    Checking LD_LIBRARY_PATH variable                        [ *Skipped* ]

  Performing file properties checks

    /usr/bin/fuser                                           [ *Warning* ]

    /usr/bin/whatis                                          [ *Warning* ]

    /usr/bin/shasum                                          [ *Warning* ]

*Checking for rootkits...*

  Performing check of known rootkit files and directories

    Checking for possible rootkit strings                    [ *Warning* ]

  Performing Darwin specific checks                          [ *Skipped* ]

*Checking the network...*

  Performing checks on the network interfaces

    Checking for promiscuous interfaces                      [ *Warning* ]

*Checking the local host...*

    Checking for system startup files                        [ *Warning* ]

  Performing system configuration file checks

    Checking if SSH root access is allowed                   [ *Warning* ]

    Checking if SSH protocol v1 is allowed                   [ *Warning* ]

    Checking for hidden files and directories                [ *Warning* ]

System checks summary

=====================


File properties checks...

    Files checked: 94

    Suspect files: 3


Rootkit checks...

    Rootkits checked : 364

    Possible rootkits: 0


Seasons greetings, many thanks,

Eva dip

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to