The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help With Possibile Rootkit

Discussion in 'General Discussion' started by Chris2k3, May 17, 2004.

  1. Chris2k3

    Chris2k3 Member

    May 17, 2004
    Likes Received:
    Trophy Points:

    chkrootkit tells me Searching for Suckit rootkit ... Warning: /sbin/init INFECTED

    So i ran rootkit hunter also but that's clean, looking for hidden processes:

    [~]# ./chkproc -v
    3683 is a Linux Thread, marking as such...
    3684 is a Linux Thread, marking as such...
    3685 is a Linux Thread, marking as such...

    Several sites i've read about this say that /sbin/telinit will show as a real file not a symlink on an infected machine, but it doesn't:

    [~]# ls -li /sbin/init /sbin/telinit
    119402 -rwxr-xr-x 1 root root 27036 Feb 5 21:55 /sbin/init*
    119410 lrwxrwxrwx 1 root root 4 May 13 00:59 /sbin/telinit -> init*

    I tried to run skdetect

    But unless i'm doing something wrong it just spat out aload of errors (i should just ./Makefile right?)

    Any help with getting skdetect to run or other suggestions would be useful, not sure if this is a false alarm (the fact /sbin/init doesn't seem to have been replaced suggests it might be)

    Not sure what else to check.


Share This Page