On Sun April 9 2006 11:53, Ron Johnson wrote: > On Sun, 2006-04-09 at 07:54 -0400, Rick Friedman wrote: > > I run chkrootkit daily. Today it has found a file it calls, "suspicious". > > The file is a zero byte, hidden file. The path is > > /usr/lib/xulrunner/.autoreg > > > > After seeing this warning, I also ran rkhunter (rootkit hunter). The > > report from rkhunter comes up clean. It does not flag the .autoreg file > > (or any file for that matter). > > > > I am running sid and I believe that the .autoreg file may come from the > > libxul0d package. > > > > Is this a legitimate file or something I should be concerned about? I > > tend to think chkrootkit flagged it simply because it's hidden and zero > > bytes. I don't think it's really a threat but I want to make certain. > > > > Any help is appreciated. Thanks. > > Are you running a web/ftp/telnet server? IOW, how could the rk > have been installed? > > Have you Googled for that file? > > Have you searched the Debian package list? > http://www.debian.org/ > http://www.debian.org/distrib/packages > In the "Search the contents of packages" section, enter the file > name. I've tried to find out about the .autoreg file. It seems to have something to do with letting Mozilla and/or Firefox know if an extension has been installed or uninstalled. I have deleted the file. Thus far there seems to be no ill effects. Rick -- Rick's Law: What cannot be imagined will be accomplished by a fool.
Attachment:
pgp8eof2Kfj2x.pgp
Description: PGP signature