Re: OT: Suspicious File found by chkrootkit
On 09 Apr 2006, Adam Collins wrote:
> On Sunday 09 April 2006 04:54, Rick Friedman wrote:
> > I run chkrootkit daily. Today it has found a file it calls, "suspicious".
> > The file is a zero byte, hidden file. The path is
> > /usr/lib/xulrunner/.autoreg
> >
> > After seeing this warning, I also ran rkhunter (rootkit hunter). The
> > report from rkhunter comes up clean. It does not flag the .autoreg file
> > (or any file for that matter).
> >
> > I am running sid and I believe that the .autoreg file may come from the
> > libxul0d package.
> >
> > Is this a legitimate file or something I should be concerned about? I
> > tend to think chkrootkit flagged it simply because it's hidden and zero
> > bytes. I don't think it's really a threat but I want to make certain.
> >
> > Any help is appreciated. Thanks.
> >
> > Rick
>
> I am running a 5-day old sid installation and have this .autoreg file, as
> well. I couldn't find any other information online regarding this file,
> but seeing as how the file's mtime is a few seconds after the other file's
> mtimes, this file was probably generated when some package was configured,
> most likely libxul0d.
>
> Adam
>
I have this file as well; it is not flagged by chkrootkit.
Anthony
--
Anthony Campbell - ac@acampbell.org.uk
Microsoft-free zone - Using Linux Gnu-Debian
http://www.acampbell.org.uk (blog, book reviews,
on-line books and sceptical articles)
Reply to: