Community Forums
Connect with us on LinkedIn
Community Notice
Checking for infected files.
  
+ Reply to Thread
Results 1 to 6 of 6
  1. 09-24-2005 02:04 PM #1
    4402734
    4402734 is offline
    Member
    Join Date
    Sep 2005
    Posts
    42

    Default Checking for infected files.

    Hello.
    I installed chrootkit and checked my system for infected files .then saw the following lines between checking log.

    Checking `ldsopreload'... can't exec ./strings-static, not tested

    Checking `tcpdump'... warning, got duplicate tcp line.
    not infected


    Checking `bindshell'... warning, got duplicate tcp line.
    warning, got duplicate tcp line.
    INFECTED (PORTS: 465)


    Checking `sniffer'... not tested: can't exec ./ifpromisc

    Checking `wted'... not tested: can't exec ./chkwtmp

    Checking `scalper'... warning, got duplicate tcp line.
    not infected

    Checking `z2'... not tested: can't exec ./chklastlog

    Checking `chkutmp'... not tested: can't exec ./chkutmp


    .
    Has my Server infected with worms or viruses?
    Please, some explain about this lines.

    thanks
    Reply With Quote Reply With Quote
  2. 09-24-2005 05:25 PM #2
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    That doesn't look as though you have compiled chkrootkit correctly.

    As an alternative try rkhunter instead.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
  3. 09-24-2005 08:28 PM #3
    chris74108
    chris74108 is offline
    Member
    Join Date
    Apr 2004
    Posts
    90

    Default

    Quote Originally Posted by 4402734
    Hello.
    I installed chrootkit and checked my system for infected files .then saw the following lines between checking log.

    Checking `ldsopreload'... can't exec ./strings-static, not tested

    Checking `tcpdump'... warning, got duplicate tcp line.
    not infected


    Checking `bindshell'... warning, got duplicate tcp line.
    warning, got duplicate tcp line.
    INFECTED (PORTS: 465)


    Checking `sniffer'... not tested: can't exec ./ifpromisc

    Checking `wted'... not tested: can't exec ./chkwtmp

    Checking `scalper'... warning, got duplicate tcp line.
    not infected

    Checking `z2'... not tested: can't exec ./chklastlog

    Checking `chkutmp'... not tested: can't exec ./chkutmp


    .
    Has my Server infected with worms or viruses?
    Please, some explain about this lines.

    thanks
    I simple search with google or using the search feature here shows that
    INFECTED (PORTS: 465)
    is normal.

    rkhunter is better so give it a try.
    Reply With Quote Reply With Quote
  4. 09-25-2005 06:10 AM #4
    4402734
    4402734 is offline
    Member
    Join Date
    Sep 2005
    Posts
    42

    Default

    Where can I find the rkhunter and how to install it?

    thanks
    Reply With Quote Reply With Quote
  5. 09-25-2005 06:14 AM #5
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    You only need a little initiative - search these forums or use your favourtite web browser.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
  6. 09-25-2005 08:57 AM #6
    gupi
    gupi is offline
    Member gupi's Avatar
    Join Date
    Apr 2004
    Posts
    125

    Default

    well, if you still have'n found it, here's the homepage: http://www.rootkit.nl/
    (nice name for a domain, isn't it ?)
    Stefaniu -gupi- Criste
    Hangar Hosting - a safe place for your Romanian online business
    Reply With Quote Reply With Quote
«   Export Mailman list emails | Swapping IP's to another server »     
Similar Threads & Tags
Similar threads

  1. clamav scan /home and move infected files
    By k-planethost in forum Security
    Replies: 15
    Last Post: 11-25-2011, 07:55 AM
  2. clamav lets in massive number of infected files
    By ebizindia in forum E-mail Discussions
    Replies: 19
    Last Post: 10-25-2010, 06:00 PM
  3. System Integrity checking - modified files !
    By bigste in forum Security
    Replies: 3
    Last Post: 10-15-2010, 04:53 PM
  4. Infected index.xxx files on my server
    By samuelmf in forum Security
    Replies: 5
    Last Post: 01-25-2010, 11:01 PM
  5. Why my index files on the server be infected with JS/Kryptik.B (Troyano)
    By PC-Drivers in forum New User Questions
    Replies: 4
    Last Post: 12-01-2008, 01:28 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube