Re: OT: Suspicious File found by chkrootkit
On Sun, 2006-04-09 at 07:54 -0400, Rick Friedman wrote:
> I run chkrootkit daily. Today it has found a file it calls, "suspicious". The
> file is a zero byte, hidden file. The path is /usr/lib/xulrunner/.autoreg
>
> After seeing this warning, I also ran rkhunter (rootkit hunter). The report
> from rkhunter comes up clean. It does not flag the .autoreg file (or any file
> for that matter).
>
> I am running sid and I believe that the .autoreg file may come from the
> libxul0d package.
>
> Is this a legitimate file or something I should be concerned about? I tend to
> think chkrootkit flagged it simply because it's hidden and zero bytes. I
> don't think it's really a threat but I want to make certain.
>
> Any help is appreciated. Thanks.
Are you running a web/ftp/telnet server? IOW, how could the rk
have been installed?
Have you Googled for that file?
Have you searched the Debian package list?
http://www.debian.org/
http://www.debian.org/distrib/packages
In the "Search the contents of packages" section, enter the file
name.
--
-----------------------------------------------------------------
Ron Johnson, Jr.
Jefferson, LA USA
"Everybody today seems to be in such a terrible rush, anxious for
greater developments and greater riches and so on, so that
children have very little time for their parents. Parents have
very little time for each other, and in the home begins the
disruption of peace of the world."
Mother Teresa
Reply to: