Re: chkrootkit-log

To: Mikael Bergman <mb@abc.se>
Cc: Debian-User-Swedish <debian-user-swedish@lists.debian.org>
Subject: Re: chkrootkit-log
From: Patrik Wallstrom <pawal@blipp.com>
Date: Wed, 7 Dec 2005 13:30:49 +0100
Message-id: <[🔎] 20051207123049.GM22976@vic20.blipp.com>
Mail-followup-to: Mikael Bergman <mb@abc.se>, Debian-User-Swedish <debian-user-swedish@lists.debian.org>
In-reply-to: <[🔎] 200512071151.jB7BoxG7022333@violet.abc.se>
References: <[🔎] 200512071151.jB7BoxG7022333@violet.abc.se>

On Wed, 07 Dec 2005, Mikael Bergman wrote:

> Nedanstående dök upp i mina loggar. Känns inte bra i maggropen. Någon som
> kan lugna mig eller?
> 
> /etc/cron.daily/chkrootkit:
> The following suspicious files and directories were found:
> /usr/lib/j2se/1.4/jre/.systemPrefs
> /usr/lib/j2se/1.4/jre/.systemPrefs/.systemRootModFile
> /usr/lib/j2se/1.4/jre/.systemPrefs/.system.lock
> /usr/lib/j2se/1.4/jre/.systemPrefs
> You have     1 process hidden for readdir command
> You have     1 process hidden for ps command
> chkproc: Warning: Possible LKM Trojan installed
> eth0: PACKET SNIFFER(/sbin/dhclient[5746])
> 
> Raderna med "/usr/lib/j2se/1.4/jre/.systemPrefs*" har funnits ett tag.

Om jag var du skulle jag köra en vända med rkhunter också.

-- 
patrik_wallstrom->foodfight->pawal@blipp.com->+46-733173956

Reply to:

Follow-Ups:
- Re: chkrootkit-log
  - From: Inget namn angivet <menkomigen@gmail.com>
- Re: chkrootkit-log
  - From: Niels Larsen <niel@telia.com>

References:
- chkrootkit-log
  - From: "Mikael Bergman" <mb@abc.se>

Prev by Date: Re: USB-stöd
Next by Date: Re: chkrootkit-log
Previous by thread: chkrootkit-log
Next by thread: Re: chkrootkit-log
Index(es):
- Date
- Thread