The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Checking for infected files.

Discussion in 'General Discussion' started by 4402734, Sep 24, 2005.

  1. 4402734

    4402734 Active Member

    Joined:
    Sep 20, 2005
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hello.
    I installed chrootkit and checked my system for infected files .then saw the following lines between checking log.

    Checking `ldsopreload'... can't exec ./strings-static, not tested

    Checking `tcpdump'... warning, got duplicate tcp line.
    not infected



    Checking `bindshell'... warning, got duplicate tcp line.
    warning, got duplicate tcp line.
    INFECTED (PORTS: 465)



    Checking `sniffer'... not tested: can't exec ./ifpromisc

    Checking `wted'... not tested: can't exec ./chkwtmp

    Checking `scalper'... warning, got duplicate tcp line.
    not infected


    Checking `z2'... not tested: can't exec ./chklastlog

    Checking `chkutmp'... not tested: can't exec ./chkutmp


    .
    Has my Server infected with worms or viruses?
    Please, some explain about this lines.

    thanks
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That doesn't look as though you have compiled chkrootkit correctly.

    As an alternative try rkhunter instead.
     
  3. chris74108

    chris74108 Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    I simple search with google or using the search feature here shows that
    INFECTED (PORTS: 465)
    is normal.

    rkhunter is better so give it a try.
     
  4. 4402734

    4402734 Active Member

    Joined:
    Sep 20, 2005
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Where can I find the rkhunter and how to install it?

    thanks
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You only need a little initiative - search these forums or use your favourtite web browser.
     
  6. gupi

    gupi Well-Known Member

    Joined:
    Apr 27, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    well, if you still have'n found it, here's the homepage: http://www.rootkit.nl/
    (nice name for a domain, isn't it ?)
     
Loading...

Share This Page