Re: Am I infected with a rootkit?
Le 16 avril 2023 Jesper Dybdal a écrit :
> I have scanned the Windows machine with two antivirus tools (Windows defender
> and Malwarebytes).
Can you use clamav on windows ?
>> modules.dep
>> modules.devname
>> modules.symbols.bin
>> modules.symbols
>> modules.builtin.bin
>> modules.alias.bin
>> modules.builtin.alias.bin
>> modules.softdep
>> modules.alias
>> modules.dep.bin
These are generated during kernel install. And you can safely remove
/lib/modules/5.10.0-21-amd64 if these are the only files left.
> * Is it probable that somebody can remote control one or both machines? Do
> those 4 lines ring a bell? What are they all about?
Perhaps a bot trying to execute some commands. As they do not apply to
debian you debian machine should not be compromised.
> * I would really like to know how this happened. I consider myself to be a
> careful person who does not get hit by viruses and other malware. I've had a
> Windows virus once - because I trusted an install program from
> sourceforge.
Malware can be installed via web sites
> * Is there a significant risk that the problem came with the Bullseye upgrade?
no
> * I really don't want to reinstall from scratch. Not only because I don't
> know whether there is a problem on one or both machines, but also because I
> have no idea where any infection came from - it could easily be from something
> that I would also reinstall.
I think you don't have to. For debian. For windows a full deinstall
without reinstall is the best :)
Reply to: