Re: OT: Suspicious File found by chkrootkit

To: Rick Friedman <rickfriedman@verizon.net>
Cc: Debian List <debian-user@lists.debian.org>
Subject: Re: OT: Suspicious File found by chkrootkit
From: Star King of the Grape Trees <thestar@fussycoder.id.au>
Date: Sun, 09 Apr 2006 22:23:43 +1000
Message-id: <[🔎] 4438FCCF.8040101@fussycoder.id.au>
In-reply-to: <[🔎] 200604090754.41243.rickfriedman@verizon.net>
References: <[🔎] 200604090754.41243.rickfriedman@verizon.net>

Rick Friedman wrote:

I run chkrootkit daily. Today it has found a file it calls, "suspicious". Thefile is a zero byte, hidden file. The path is /usr/lib/xulrunner/.autoreg
After seeing this warning, I also ran rkhunter (rootkit hunter). The reportfrom rkhunter comes up clean. It does not flag the .autoreg file (or any filefor that matter).
I am running sid and I believe that the .autoreg file may come from thelibxul0d package.
Is this a legitimate file or something I should be concerned about? I tend tothink chkrootkit flagged it simply because it's hidden and zero bytes. Idon't think it's really a threat but I want to make certain.
Any help is appreciated. Thanks.

Rick

The best solution is to track down where that file came from and comparethe original with the copy you have, and to determine its purpose. (Orfailing that, the purpose of the program it came with).

Disclaimer: I do not have experience in this, just a comment I wanted tomake.

Reply to:

References:
- OT: Suspicious File found by chkrootkit
  - From: Rick Friedman <rickfriedman@verizon.net>

Prev by Date: Re: Poor glxgears perfomance with unstable and radeon 7500
Next by Date: Re: building an etch box
Previous by thread: Re: OT: Suspicious File found by chkrootkit
Next by thread: Re: OT: Suspicious File found by chkrootkit
Index(es):
- Date
- Thread