PDA

View Full Version : [gnome] Possible Exploitation?

uberlube
June 10th, 2009, 07:13 AM
Ive been thinking lately that i may have a rootkit installed or someone has invaded my system. My mem and bandwidth have been spiking erratically for the past few days even when nothing is running. I have always watched my system resources closely and this has never happened to this degree before. I ran rkhunter with this result:
[04:52:01] Running Rootkit Hunter version 1.3.2 on dan-desktop
[04:52:01]
[04:52:01] Info: Start date is Wed Jun 10 04:52:01 MDT 2009
[04:52:01]
[04:52:01] Checking configuration file and command-line options...
[04:52:01] Info: Detected operating system is 'Linux'
[04:52:01] Info: Found O/S name: Linux Mint 7 Gloria - Main Edition
[04:52:01] Info: Command line is /usr/bin/rkhunter -c
[04:52:01] Info: Environment shell is /bin/bash; rkhunter is using dash
[04:52:01] Info: Using configuration file '/etc/rkhunter.conf'
[04:52:01] Info: Installation directory is '/usr'
[04:52:01] Info: Using language 'en'
[04:52:01] Info: Using '/var/lib/rkhunter/db' as the database directory
[04:52:01] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[04:52:01] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin /usr/X11R6/bin /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories
[04:52:01] Info: Using '/' as the root directory
[04:52:01] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[04:52:01] Info: No mail-on-warning address configured
[04:52:01] Info: X will be automatically detected
[04:52:01] Info: Using second color set
[04:52:01] Info: Found the 'diff' command: /usr/bin/diff
[04:52:01] Info: Found the 'file' command: /usr/bin/file
[04:52:01] Info: Found the 'find' command: /usr/bin/find
[04:52:01] Info: Found the 'ifconfig' command: /sbin/ifconfig
[04:52:01] Info: Found the 'ip' command: /sbin/ip
[04:52:01] Info: Found the 'ldd' command: /usr/bin/ldd
[04:52:01] Info: Found the 'lsattr' command: /usr/bin/lsattr
[04:52:01] Info: Found the 'lsmod' command: /sbin/lsmod
[04:52:01] Info: Found the 'lsof' command: /usr/bin/lsof
[04:52:01] Info: Found the 'mktemp' command: /bin/mktemp
[04:52:01] Info: Found the 'netstat' command: /bin/netstat
[04:52:01] Info: Found the 'perl' command: /usr/bin/perl
[04:52:01] Info: Found the 'ps' command: /bin/ps
[04:52:01] Info: Found the 'pwd' command: /bin/pwd
[04:52:01] Info: Found the 'readlink' command: /bin/readlink
[04:52:01] Info: Found the 'sort' command: /usr/bin/sort
[04:52:01] Info: Found the 'stat' command: /usr/bin/stat
[04:52:01] Info: Found the 'strings' command: /usr/bin/strings
[04:52:01] Info: Found the 'uniq' command: /usr/bin/uniq
[04:52:01] Info: System is not using prelinking
[04:52:01] Info: Using the '/usr/bin/sha1sum' command for the file hash checks
[04:52:01] Info: Stored hash values used hash function '/usr/bin/sha1sum'
[04:52:01] Info: Stored hash values did not use a package manager
[04:52:01] Info: The hash function field index is set to 1
[04:52:01] Info: No package manager specified: using hash function '/usr/bin/sha1sum'
[04:52:01] Info: Previous file attributes were stored
[04:52:01] Info: Enabled tests are: all
[04:52:01] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps
[04:52:01] Info: Found ksym file '/proc/kallsyms'
[04:52:01]
[04:52:01] Checking if the O/S has changed since last time...
[04:52:01] Info: Nothing seems to have changed
[04:52:01]
[04:52:01] Starting system checks...
[04:52:01]
[04:52:01] Checking system commands...
[04:52:01] Info: Starting test name 'system_commands'
[04:52:01]
[04:52:01] Performing 'strings' command checks
[04:52:01] Info: Starting test name 'strings'
[04:52:01] Scanning for string /usr/sbin/ntpsx [ OK ]
[04:52:01] Scanning for string /usr/lib/.../ls [ OK ]
[04:52:01] Scanning for string /usr/lib/.../netstat [ OK ]
[04:52:01] Scanning for string /usr/lib/.../lsof [ OK ]
[04:52:01] Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[04:52:01] Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[04:52:01] Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[04:52:01] Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[04:52:01] Scanning for string /usr/lib/.../uconf.inv [ OK ]
[04:52:01] Scanning for string /usr/lib/.../psr [ OK ]
[04:52:01] Scanning for string /usr/lib/.../find [ OK ]
[04:52:01] Scanning for string /usr/lib/.../pstree [ OK ]
[04:52:01] Scanning for string /usr/lib/.../slocate [ OK ]
[04:52:02] Scanning for string /usr/lib/.../du [ OK ]
[04:52:02] Scanning for string /usr/lib/.../top [ OK ]
[04:52:02] Scanning for string /usr/lib/... [ OK ]
[04:52:02] Scanning for string /usr/lib/.../bkit-ssh [ OK ]
[04:52:02] Scanning for string /usr/lib/.bkit- [ OK ]
[04:52:02] Scanning for string /tmp/.bkp [ OK ]
[04:52:02] Scanning for string /tmp/.cinik [ OK ]
[04:52:02] Scanning for string /tmp/.font-unix/.cinik [ OK ]
[04:52:02] Scanning for string /lib/.sso [ OK ]
[04:52:02] Scanning for string /lib/.so [ OK ]
[04:52:02] Scanning for string /var/run/...dica/clean [ OK ]
[04:52:02] Scanning for string /var/run/...dica/xl [ OK ]
[04:52:02] Scanning for string /var/run/...dica/xdr [ OK ]
[04:52:02] Scanning for string /var/run/...dica/psg [ OK ]
[04:52:02] Scanning for string /var/run/...dica/secure [ OK ]
[04:52:02] Scanning for string /var/run/...dica/rdx [ OK ]
[04:52:02] Scanning for string /var/run/...dica/va [ OK ]
[04:52:02] Scanning for string /var/run/...dica/cl.sh [ OK ]
[04:52:02] Scanning for string /usr/bin/.etc [ OK ]
[04:52:02] Scanning for string /usr/lib/.fx/sched_host.2 [ OK ]
[04:52:02] Scanning for string /usr/lib/.fx/random_d.2 [ OK ]
[04:52:02] Scanning for string /usr/lib/.fx/set_pid.2 [ OK ]
[04:52:02] Scanning for string /usr/lib/.fx/cons.saver [ OK ]
[04:52:02] Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[04:52:02] Scanning for string /bin/sysback [ OK ]
[04:52:02] Scanning for string /usr/local/bin/sysback [ OK ]
[04:52:02] Scanning for string /usr/lib/.tbd [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/t0rns [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/du [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/ls [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/t0rnsb [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/ps [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/t0rnp [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/find [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/ifconfig [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/pg [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/ssh.tgz [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/top [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/sz [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/login [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/1i0n.sh [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/pstree [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/mjy [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/sush [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/tfn [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/name [ OK ]
[04:52:02] Scanning for string /dev/.lib/lib/lib/getip.sh [ OK ]
[04:52:02] Scanning for string /usr/info/.torn/sh* [ OK ]
[04:52:02] Scanning for string /usr/src/.****/.1addr [ OK ]
[04:52:02] Scanning for string /usr/src/.****/.1file [ OK ]
[04:52:02] Scanning for string /usr/src/.****/.1proc [ OK ]
[04:52:03] Scanning for string /usr/src/.****/.1logz [ OK ]
[04:52:03] Scanning for string /usr/info/.t0rn [ OK ]
[04:52:03] Scanning for string /dev/.lib [ OK ]
[04:52:03] Scanning for string /dev/.lib/lib [ OK ]
[04:52:03] Scanning for string /dev/.lib/lib/lib [ OK ]
[04:52:03] Scanning for string /dev/.lib/lib/lib/dev [ OK ]
[04:52:03] Scanning for string /dev/.lib/lib/scan [ OK ]
[04:52:03] Scanning for string /usr/src/.**** [ OK ]
[04:52:03] Scanning for string /usr/man/man1/man1 [ OK ]
[04:52:03] Scanning for string /usr/man/man1/man1/lib [ OK ]
[04:52:03] Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[04:52:03] Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[04:52:03]
[04:52:03] Performing 'shared libraries' checks
[04:52:03] Info: Starting test name 'shared_libs'
[04:52:03] Checking for preloading variables [ None found ]
[04:52:03] Checking for preload file [ Not found ]
[04:52:03] Info: Starting test name 'shared_libs_path'
[04:52:03] Checking LD_LIBRARY_PATH variable [ Not found ]
[04:52:03]
[04:52:03] Performing file properties checks
[04:52:03] Info: Starting test name 'properties'
[04:52:03] Checking for prerequisites [ OK ]
[04:52:03] /bin/bash [ OK ]
[04:52:03] /bin/cat [ OK ]
[04:52:03] /bin/chmod [ OK ]
[04:52:03] /bin/chown [ OK ]
[04:52:03] /bin/cp [ OK ]
[04:52:03] /bin/date [ OK ]
[04:52:03] /bin/df [ OK ]
[04:52:03] /bin/dmesg [ OK ]
[04:52:04] /bin/echo [ OK ]
[04:52:04] /bin/ed [ OK ]
[04:52:04] /bin/egrep [ OK ]
[04:52:04] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[04:52:04] /bin/fgrep [ OK ]
[04:52:04] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[04:52:04] /bin/fuser [ OK ]
[04:52:04] /bin/grep [ OK ]
[04:52:04] /bin/ip [ OK ]
[04:52:04] /bin/kill [ OK ]
[04:52:04] /bin/login [ OK ]
[04:52:04] /bin/ls [ OK ]
[04:52:04] /bin/lsmod [ OK ]
[04:52:04] /bin/mktemp [ OK ]
[04:52:04] /bin/more [ OK ]
[04:52:04] /bin/mount [ OK ]
[04:52:04] /bin/mv [ OK ]
[04:52:04] /bin/netstat [ OK ]
[04:52:05] /bin/ps [ OK ]
[04:52:05] /bin/pwd [ OK ]
[04:52:05] /bin/readlink [ OK ]
[04:52:05] /bin/sed [ OK ]
[04:52:05] /bin/sh [ OK ]
[04:52:05] /bin/su [ OK ]
[04:52:05] /bin/touch [ OK ]
[04:52:05] /bin/uname [ OK ]
[04:52:05] /bin/which [ OK ]
[04:52:05] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[04:52:05] /bin/dash [ OK ]
[04:52:05] /usr/bin/awk [ OK ]
[04:52:05] /usr/bin/basename [ OK ]
[04:52:05] /usr/bin/chattr [ OK ]
[04:52:05] /usr/bin/cut [ OK ]
[04:52:06] /usr/bin/diff [ OK ]
[04:52:06] /usr/bin/dirname [ OK ]
[04:52:06] /usr/bin/dpkg [ OK ]
[04:52:06] /usr/bin/dpkg-query [ OK ]
[04:52:06] /usr/bin/du [ OK ]
[04:52:06] /usr/bin/env [ OK ]
[04:52:06] /usr/bin/file [ OK ]
[04:52:06] /usr/bin/find [ OK ]
[04:52:06] /usr/bin/GET [ OK ]
[04:52:06] /usr/bin/groups [ OK ]
[04:52:06] Info: Found file '/usr/bin/groups': it is whitelisted for the 'script replacement' check.
[04:52:06] /usr/bin/head [ OK ]
[04:52:06] /usr/bin/id [ OK ]
[04:52:06] /usr/bin/killall [ OK ]
[04:52:06] /usr/bin/last [ OK ]
[04:52:06] /usr/bin/lastlog [ OK ]
[04:52:06] /usr/bin/ldd [ OK ]
[04:52:06] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[04:52:06] /usr/bin/less [ OK ]
[04:52:07] /usr/bin/locate [ OK ]
[04:52:07] /usr/bin/logger [ OK ]
[04:52:07] /usr/bin/lsattr [ OK ]
[04:52:07] /usr/bin/lsof [ OK ]
[04:52:07] /usr/bin/mail [ OK ]
[04:52:07] /usr/bin/md5sum [ OK ]
[04:52:07] /usr/bin/mlocate [ OK ]
[04:52:07] /usr/bin/newgrp [ OK ]
[04:52:07] /usr/bin/passwd [ OK ]
[04:52:07] /usr/bin/perl [ OK ]
[04:52:07] /usr/bin/pstree [ OK ]
[04:52:07] /usr/bin/rkhunter [ OK ]
[04:52:07] /usr/bin/runcon [ OK ]
[04:52:07] /usr/bin/sha1sum [ OK ]
[04:52:07] /usr/bin/size [ OK ]
[04:52:07] /usr/bin/sort [ OK ]
[04:52:08] /usr/bin/stat [ OK ]
[04:52:08] /usr/bin/strace [ OK ]
[04:52:08] /usr/bin/strings [ OK ]
[04:52:08] /usr/bin/sudo [ OK ]
[04:52:08] /usr/bin/tail [ OK ]
[04:52:08] /usr/bin/test [ OK ]
[04:52:08] /usr/bin/top [ OK ]
[04:52:08] /usr/bin/touch [ OK ]
[04:52:08] /usr/bin/tr [ OK ]
[04:52:08] /usr/bin/uniq [ OK ]
[04:52:08] /usr/bin/users [ OK ]
[04:52:08] /usr/bin/vmstat [ OK ]
[04:52:08] /usr/bin/w [ OK ]
[04:52:08] /usr/bin/watch [ OK ]
[04:52:08] /usr/bin/wc [ OK ]
[04:52:08] /usr/bin/wget [ OK ]
[04:52:08] /usr/bin/whatis [ OK ]
[04:52:09] /usr/bin/whereis [ OK ]
[04:52:09] /usr/bin/which [ OK ]
[04:52:09] /usr/bin/who [ OK ]
[04:52:09] /usr/bin/whoami [ OK ]
[04:52:09] /usr/bin/gawk [ OK ]
[04:52:09] /usr/bin/lwp-request [ OK ]
[04:52:09] Info: Found file '/usr/bin/lwp-request': it is whitelisted for the 'script replacement' check.
[04:52:09] /usr/bin/bsd-mailx [ OK ]
[04:52:09] /usr/bin/w.procps [ OK ]
[04:52:09] /sbin/depmod [ OK ]
[04:52:09] /sbin/ifconfig [ OK ]
[04:52:09] /sbin/ifdown [ OK ]
[04:52:09] /sbin/ifup [ OK ]
[04:52:09] /sbin/init [ OK ]
[04:52:09] /sbin/insmod [ OK ]
[04:52:09] /sbin/ip [ OK ]
[04:52:10] /sbin/lsmod [ OK ]
[04:52:10] /sbin/modinfo [ OK ]
[04:52:10] /sbin/modprobe [ OK ]
[04:52:10] /sbin/rmmod [ OK ]
[04:52:10] /sbin/runlevel [ OK ]
[04:52:10] /sbin/sulogin [ OK ]
[04:52:10] /sbin/sysctl [ OK ]
[04:52:10] /sbin/syslogd [ OK ]
[04:52:10] /usr/sbin/adduser [ OK ]
[04:52:10] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[04:52:10] /usr/sbin/chroot [ OK ]
[04:52:10] /usr/sbin/cron [ OK ]
[04:52:10] /usr/sbin/groupadd [ OK ]
[04:52:11] /usr/sbin/groupdel [ OK ]
[04:52:11] /usr/sbin/groupmod [ OK ]
[04:52:11] /usr/sbin/grpck [ OK ]
[04:52:11] /usr/sbin/nologin [ OK ]
[04:52:11] /usr/sbin/pwck [ OK ]
[04:52:11] /usr/sbin/tcpd [ OK ]
[04:52:11] /usr/sbin/unhide [ Warning ]
[04:52:11] Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.
[04:52:11] /usr/sbin/useradd [ OK ]
[04:52:11] /usr/sbin/userdel [ OK ]
[04:52:11] /usr/sbin/usermod [ OK ]
[04:52:11] /usr/sbin/vipw [ OK ]
[04:52:11] /usr/sbin/unhide-linux26 [ Warning ]
[04:52:11] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file.
[04:52:16]
[04:52:16] Checking for rootkits...
[04:52:16] Info: Starting test name 'rootkits'
[04:52:16]
[04:52:16] Performing check of known rootkit files and directories
[04:52:16] Info: Starting test name 'known_rkts'
[04:52:16]
[04:52:16] Checking for 55808 Trojan - Variant A...
[04:52:16] Checking for file '/tmp/.../r' [ Not found ]
[04:52:16] Checking for file '/tmp/.../a' [ Not found ]
[04:52:16] 55808 Trojan - Variant A [ Not found ]
[04:52:16]
[04:52:16] Checking for ADM Worm...
[04:52:16] Checking for string 'w0rm' [ Not found ]
[04:52:16] ADM Worm [ Not found ]
[04:52:16]
[04:52:16] Checking for AjaKit Rootkit...
[04:52:16] Checking for file '/dev/tux/.addr' [ Not found ]
[04:52:16] Checking for file '/dev/tux/.proc' [ Not found ]
[04:52:16] Checking for file '/dev/tux/.file' [ Not found ]
[04:52:16] Checking for file '/lib/.libgh-gh/cleaner' [ Not found ]
[04:52:16] Checking for file '/lib/.libgh-gh/Patch/patch' [ Not found ]
[04:52:16] Checking for file '/lib/.libgh-gh/sb0k' [ Not found ]
[04:52:17] Checking for directory '/dev/tux' [ Not found ]
[04:52:17] Checking for directory '/lib/.libgh-gh' [ Not found ]
[04:52:17] AjaKit Rootkit [ Not found ]
[04:52:17]
[04:52:17] Checking for aPa Kit...
[04:52:17] Checking for file '/usr/share/.aPa' [ Not found ]
[04:52:17] aPa Kit [ Not found ]
[04:52:17]
[04:52:17] Checking for Apache Worm...
[04:52:17] Checking for file '/bin/.log' [ Not found ]
[04:52:17] Apache Worm [ Not found ]
[04:52:17]
[04:52:17] Checking for Ambient (ark) Rootkit...
[04:52:17] Checking for file '/usr/lib/.ark?' [ Not found ]
[04:52:17] Checking for file '/dev/ptyxx/.log' [ Not found ]
[04:52:17] Checking for file '/dev/ptyxx/.file' [ Not found ]
[04:52:17] Checking for directory '/dev/ptyxx' [ Not found ]
[04:52:17] Ambient (ark) Rootkit [ Not found ]
[04:52:17]
[04:52:17] Checking for Balaur Rootkit...
[04:52:17] Checking for file '/usr/lib/liblog.o' [ Not found ]
[04:52:17] Checking for directory '/usr/lib/.kinetic' [ Not found ]
[04:52:17] Checking for directory '/usr/lib/.egcs' [ Not found ]
[04:52:17] Checking for directory '/usr/lib/.wormie' [ Not found ]
[04:52:17] Balaur Rootkit [ Not found ]
[04:52:17]
[04:52:17] Checking for BeastKit Rootkit...
[04:52:17] Checking for file '/usr/sbin/arobia' [ Not found ]
[04:52:17] Checking for file '/usr/sbin/idrun' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm/hk' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm/sc' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[04:52:17] Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[04:52:17] Checking for directory '/lib/ldd.so/bktools' [ Not found ]
[04:52:17] BeastKit Rootkit [ Not found ]
[04:52:17]
[04:52:17] Checking for beX2 Rootkit...
[04:52:17] Checking for directory '/usr/include/bex' [ Not found ]
[04:52:17] beX2 Rootkit [ Not found ]
[04:52:17]
[04:52:17] Checking for BOBKit Rootkit...
[04:52:17] Checking for file '/usr/sbin/ntpsx' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../ls' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../netstat' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../lsof' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../uconf.inv' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../psr' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../find' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../pstree' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../slocate' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../du' [ Not found ]
[04:52:17] Checking for file '/usr/lib/.../top' [ Not found ]
[04:52:17] Checking for directory '/usr/lib/...' [ Not found ]
[04:52:17] Checking for directory '/usr/lib/.../bkit-ssh' [ Not found ]
[04:52:17] Checking for directory '/usr/lib/.bkit-' [ Not found ]
[04:52:17] Checking for directory '/tmp/.bkp' [ Not found ]
[04:52:17] BOBKit Rootkit [ Not found ]
[04:52:17]
[04:52:17] Checking for CiNIK Worm (Slapper.B variant)...
[04:52:18] Checking for file '/tmp/.cinik' [ Not found ]
[04:52:18] Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[04:52:18] CiNIK Worm (Slapper.B variant) [ Not found ]
[04:52:18]
[04:52:18] Checking for Danny-Boy's Abuse Kit...
[04:52:18] Checking for file '/dev/mdev' [ Not found ]
[04:52:18] Checking for file '/usr/lib/libX.a' [ Not found ]
[04:52:18] Danny-Boy's Abuse Kit [ Not found ]
[04:52:18]
[04:52:18] Checking for Devil RootKit...
[04:52:18] Checking for file '/var/lib/games/.src' [ Not found ]
[04:52:18] Checking for file '/dev/dsx' [ Not found ]
[04:52:18] Checking for file '/dev/caca' [ Not found ]
[04:52:18] Devil RootKit [ Not found ]
[04:52:18]
[04:52:18] Checking for Dica-Kit Rootkit...
[04:52:18] Checking for file '/lib/.sso' [ Not found ]
[04:52:18] Checking for file '/lib/.so' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/clean' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/xl' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/xdr' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/psg' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/secure' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/rdx' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/va' [ Not found ]
[04:52:18] Checking for file '/var/run/...dica/cl.sh' [ Not found ]
[04:52:18] Checking for file '/usr/bin/.etc' [ Not found ]
[04:52:18] Checking for directory '/var/run/...dica' [ Not found ]
[04:52:18] Checking for directory '/var/run/...dica/mh' [ Not found ]
[04:52:18] Checking for directory '/var/run/...dica/scan' [ Not found ]
[04:52:18] Dica-Kit Rootkit [ Not found ]
[04:52:18]
[04:52:18] Checking for Dreams Rootkit...
[04:52:18] Checking for file '/dev/ttyoa' [ Not found ]
[04:52:18] Checking for file '/dev/ttyof' [ Not found ]
[04:52:18] Checking for file '/dev/ttyop' [ Not found ]
[04:52:18] Checking for file '/usr/bin/sense' [ Not found ]
[04:52:18] Checking for file '/usr/bin/sl2' [ Not found ]
[04:52:18] Checking for file '/usr/bin/logclear' [ Not found ]
[04:52:18] Checking for file '/usr/bin/(swapd)' [ Not found ]
[04:52:18] Checking for file '/usr/bin/snfs' [ Not found ]
[04:52:18] Checking for file '/usr/lib/libsss' [ Not found ]
[04:52:18] Checking for directory '/dev/ida/.hpd' [ Not found ]
[04:52:18] Dreams Rootkit [ Not found ]
[04:52:18]
[04:52:18] Checking for Duarawkz Rootkit...
[04:52:18] Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ]
[04:52:18] Checking for directory '/usr/bin/duarawkz' [ Not found ]
[04:52:18] Duarawkz Rootkit [ Not found ]
[04:52:18]
[04:52:18] Checking for Enye LKM...
[04:52:18] Checking for file '/etc/.enyelkmHIDE^IT.ko' [ Not found ]
[04:52:18] Enye LKM [ Not found ]
[04:52:18]
[04:52:18] Checking for Flea Linux Rootkit...
[04:52:18] Checking for file '/etc/ld.so.hash' [ Not found ]
[04:52:18] Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[04:52:18] Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[04:52:18] Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[04:52:18] Checking for file '/usr/bin/ssh2d' [ Not found ]
[04:52:18] Checking for file '/usr/lib/ldlibns.so' [ Not found ]
[04:52:18] Checking for file '/usr/lib/ldlibpst.so' [ Not found ]
[04:52:18] Checking for file '/usr/lib/ldlibdu.so' [ Not found ]
[04:52:18] Checking for file '/usr/lib/ldlibct.so' [ Not found ]
[04:52:19] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[04:52:19] Checking for directory '/dev/..0' [ Not found ]
[04:52:19] Checking for directory '/dev/..0/backup' [ Not found ]
[04:52:19] Flea Linux Rootkit [ Not found ]
[04:52:19]
[04:52:19] Checking for FreeBSD Rootkit...
[04:52:19] Checking for file '/usr/lib/.fx/sched_host.2' [ Not found ]
[04:52:19] Checking for file '/usr/lib/.fx/random_d.2' [ Not found ]
[04:52:19] Checking for file '/usr/lib/.fx/set_pid.2' [ Not found ]
[04:52:19] Checking for file '/usr/lib/.fx/cons.saver' [ Not found ]
[04:52:19] Checking for file '/usr/lib/.fx/adore/adore/adore.ko' [ Not found ]
[04:52:19] Checking for file '/bin/sysback' [ Not found ]
[04:52:19] Checking for file '/usr/local/bin/sysback' [ Not found ]
[04:52:19] Checking for directory '/usr/lib/.fx' [ Not found ]
[04:52:19] Checking for directory '/usr/lib/.fx/adore' [ Not found ]
[04:52:19] FreeBSD Rootkit [ Not found ]
[04:52:19]
[04:52:19] Checking for ****`it Rootkit...
[04:52:19] Checking for file '/dev/proc/fuckit/hax0r' [ Not found ]
[04:52:19] Checking for file '/dev/proc/fuckit/hax0rshell' [ Not found ]
[04:52:19] Checking for file '/dev/proc/fuckit/config/lports' [ Not found ]
[04:52:19] Checking for file '/dev/proc/fuckit/config/rports' [ Not found ]
[04:52:19] Checking for file '/dev/proc/fuckit/config/rkconf' [ Not found ]
[04:52:19] Checking for file '/dev/proc/fuckit/config/password' [ Not found ]
[04:52:19] Checking for file '/dev/proc/fuckit/config/progs' [ Not found ]
[04:52:19] Checking for file '/dev/proc/system-bins/init' [ Not found ]
[04:52:19] ****`it Rootkit [ Not found ]
[04:52:19]
[04:52:19] Checking for GasKit Rootkit...
[04:52:19] Checking for file '/dev/dev/gaskit/sshd/sshdd' [ Not found ]
[04:52:19] Checking for directory '/dev/dev' [ Not found ]
[04:52:19] Checking for directory '/dev/dev/gaskit' [ Not found ]
[04:52:19] Checking for directory '/dev/dev/gaskit/sshd' [ Not found ]
[04:52:19] GasKit Rootkit [ Not found ]
[04:52:19]
[04:52:19] Checking for Heroin LKM...
[04:52:19] Checking for kernel symbol 'heroin' [ Not found ]
[04:52:19] Heroin LKM [ Not found ]
[04:52:19]
[04:52:19] Checking for HjC Kit...
[04:52:19] Checking for directory '/dev/.hijackerz' [ Not found ]
[04:52:19] HjC Kit [ Not found ]
[04:52:19]
[04:52:19] Checking for ignoKit Rootkit...
[04:52:19] Checking for file '/lib/defs/p' [ Not found ]
[04:52:19] Checking for file '/lib/defs/q' [ Not found ]
[04:52:19] Checking for file '/lib/defs/r' [ Not found ]
[04:52:19] Checking for file '/lib/defs/s' [ Not found ]
[04:52:19] Checking for file '/lib/defs/t' [ Not found ]
[04:52:19] Checking for file '/usr/lib/defs/p' [ Not found ]
[04:52:19] Checking for file '/usr/lib/defs/q' [ Not found ]
[04:52:19] Checking for file '/usr/lib/defs/r' [ Not found ]
[04:52:19] Checking for file '/usr/lib/defs/s' [ Not found ]
[04:52:19] Checking for file '/usr/lib/defs/t' [ Not found ]
[04:52:19] Checking for file '/usr/lib/.libigno/pkunsec' [ Not found ]
[04:52:19] Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ]
[04:52:19] Checking for directory '/usr/lib/.libigno' [ Not found ]
[04:52:19] Checking for directory '/usr/lib/.libigno/.igno' [ Not found ]
[04:52:19] ignoKit Rootkit [ Not found ]
[04:52:19]
[04:52:19] Checking for ImperalsS-FBRK Rootkit...
[04:52:19] Checking for directory '/dev/fd/.88' [ Not found ]
[04:52:20] Checking for directory '/dev/fd/.99' [ Not found ]
[04:52:20] ImperalsS-FBRK Rootkit [ Not found ]
[04:52:20]
[04:52:20] Checking for Irix Rootkit...
[04:52:20] Checking for directory '/dev/pts/01' [ Not found ]
[04:52:20] Checking for directory '/dev/pts/01/backup' [ Not found ]
[04:52:20] Checking for directory '/dev/pts/01/etc' [ Not found ]
[04:52:20] Checking for directory '/dev/pts/01/tmp' [ Not found ]
[04:52:20] Irix Rootkit [ Not found ]
[04:52:20]
[04:52:20] Checking for Kitko Rootkit...
[04:52:20] Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ]
[04:52:20] Kitko Rootkit [ Not found ]
[04:52:20]
[04:52:20] Checking for Knark Rootkit...
[04:52:20] Checking for file '/proc/knark/pids' [ Not found ]
[04:52:20] Checking for directory '/proc/knark' [ Not found ]
[04:52:20] Knark Rootkit [ Not found ]
[04:52:20]
[04:52:20] Checking for Li0n Worm...
[04:52:20] Checking for file '/bin/in.telnetd' [ Not found ]
[04:52:20] Checking for file '/bin/mjy' [ Not found ]
[04:52:20] Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ]
[04:52:20] Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ]
[04:52:20] Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/1i0n.sh' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/hack.sh' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/bind' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/randb' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/scan.sh' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/pscan' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/star.sh' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/1i0n.sh' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/lib/netstat' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ]
[04:52:20] Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ]
[04:52:20] Li0n Worm [ Not found ]
[04:52:20]
[04:52:20] Checking for Lockit / LJK2 Rootkit...
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ]
[04:52:20] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parser' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ]
[04:52:21] Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ]
[04:52:21] Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ]
[04:52:21] Lockit / LJK2 Rootkit [ Not found ]
[04:52:21]
[04:52:21] Checking for Mood-NT Rootkit...
[04:52:21] Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ]
[04:52:21] Checking for file '/_cthulhu/mood-nt.init' [ Not found ]
[04:52:21] Checking for file '/_cthulhu/mood-nt.conf' [ Not found ]
[04:52:21] Checking for file '/_cthulhu/mood-nt.sniff' [ Not found ]
[04:52:21] Checking for directory '/_cthulhu' [ Not found ]
[04:52:21] Mood-NT Rootkit [ Not found ]
[04:52:21]
[04:52:21] Checking for MRK Rootkit...
[04:52:21] Checking for file '/dev/ida/.inet/pid' [ Not found ]
[04:52:21] Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[04:52:21] Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[04:52:21] Checking for file '/dev/ida/.inet/tcp.log' [ Not found ]
[04:52:21] Checking for directory '/dev/ida/.inet' [ Not found ]
[04:52:21] Checking for directory '/var/spool/cron/.sh' [ Not found ]
[04:52:21] MRK Rootkit [ Not found ]
[04:52:21]
[04:52:21] Checking for Ni0 Rootkit...
[04:52:21] Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ]
[04:52:21] Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ]
[04:52:21] Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ]
[04:52:21] Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ]
[04:52:21] Checking for directory '/tmp/waza' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[04:52:21] Checking for directory '/usr/sbin/es' [ Not found ]
[04:52:21] Ni0 Rootkit [ Not found ]
[04:52:21]
[04:52:21] Checking for Ohhara Rootkit...
[04:52:21] Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ]
[04:52:21] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ]
[04:52:21] Ohhara Rootkit [ Not found ]
[04:52:21]
[04:52:21] Checking for Optic Kit (Tux) Worm...
[04:52:21] Checking for directory '/dev/tux' [ Not found ]
[04:52:21] Checking for directory '/usr/bin/xchk' [ Not found ]
[04:52:21] Checking for directory '/usr/bin/xsf' [ Not found ]
[04:52:21] Checking for directory '/usr/bin/ssh2d' [ Not found ]
[04:52:21] Optic Kit (Tux) Worm [ Not found ]
[04:52:21]
[04:52:21] Checking for Oz Rootkit...
[04:52:21] Checking for file '/dev/.oz/.nap/rkit/terror' [ Not found ]
[04:52:21] Checking for directory '/dev/.oz' [ Not found ]
[04:52:21] Oz Rootkit [ Not found ]
[04:52:21]
[04:52:21] Checking for Phalanx Rootkit...
[04:52:22] Checking for file '/usr/share/.home.ph1/cb' [ Not found ]
[04:52:22] Checking for file '/etc/host.ph1' [ Not found ]
[04:52:22] Checking for file '/bin/host.ph1' [ Not found ]
[04:52:22] Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ]
[04:52:22] Checking for directory '/usr/share/.home.ph1' [ Not found ]
[04:52:22] Phalanx Rootkit [ Not found ]
[04:52:22]
[04:52:22] Checking for Phalanx Rootkit (strings)...
[04:52:22] Checking for string 'phalanx' [ Not found ]
[04:52:22] Phalanx Rootkit (strings) [ Not found ]
[04:52:22]
[04:52:22] Checking for Portacelo Rootkit...
[04:52:22] Checking for file '/var/lib/.../.ak' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../.hk' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../.rs' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../.p' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../getty' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../lkt.o' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../show' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../nlkt.o' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../ssshrc' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../sssh_equiv' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ]
[04:52:22] Checking for file '/var/lib/.../sssh_pid' [ Not found ]
[04:52:22] Checking for file '~/.sssh/known_hosts' [ Not found ]
[04:52:22] Portacelo Rootkit [ Not found ]
[04:52:22]
[04:52:22] Checking for R3dstorm Toolkit...
[04:52:22] Checking for file '/var/log/tk02/see_all' [ Not found ]
[04:52:22] Checking for file '/bin/.../sshd/sbin/sshd1' [ Not found ]
[04:52:22] Checking for file '/bin/.../hate/sk' [ Not found ]
[04:52:22] Checking for file '/bin/.../see_all' [ Not found ]
[04:52:22] Checking for directory '/var/log/tk02' [ Not found ]
[04:52:22] Checking for directory '/var/log/tk02/old' [ Not found ]
[04:52:22] Checking for directory '/bin/...' [ Not found ]
[04:52:22] R3dstorm Toolkit [ Not found ]
[04:52:22]
[04:52:22] Checking for RH-Sharpe's Rootkit...
[04:52:22] Checking for file '/bin/lps' [ Not found ]
[04:52:22] Checking for file '/usr/bin/lpstree' [ Not found ]
[04:52:22] Checking for file '/usr/bin/ltop' [ Not found ]
[04:52:22] Checking for file '/usr/bin/lkillall' [ Not found ]
[04:52:22] Checking for file '/usr/bin/ldu' [ Not found ]
[04:52:22] Checking for file '/usr/bin/lnetstat' [ Not found ]
[04:52:22] Checking for file '/usr/bin/wp' [ Not found ]
[04:52:22] Checking for file '/usr/bin/shad' [ Not found ]
[04:52:22] Checking for file '/usr/bin/vadim' [ Not found ]
[04:52:22] Checking for file '/usr/bin/slice' [ Not found ]
[04:52:22] Checking for file '/usr/bin/cleaner' [ Not found ]
[04:52:22] Checking for file '/usr/include/rpcsvc/du' [ Not found ]
[04:52:22] RH-Sharpe's Rootkit [ Not found ]
[04:52:22]
[04:52:22] Checking for RSHA's Rootkit...
[04:52:22] Checking for file '/bin/kr4p' [ Not found ]
[04:52:22] Checking for file '/usr/bin/n3tstat' [ Not found ]
[04:52:22] Checking for file '/usr/bin/chsh2' [ Not found ]
[04:52:22] Checking for file '/usr/bin/slice2' [ Not found ]
[04:52:22] Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[04:52:22] Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[04:52:22] Checking for directory '/etc/rc.d/rsha' [ Not found ]
[04:52:22] Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[04:52:22] RSHA's Rootkit [ Not found ]
[04:52:23]
[04:52:23] Checking for Scalper Worm...
[04:52:23] Checking for file '/tmp/.a' [ Not found ]
[04:52:23] Checking for file '/tmp/.uua' [ Not found ]
[04:52:23] Scalper Worm [ Not found ]
[04:52:23]
[04:52:23] Checking for Sebek LKM...
[04:52:23] Checking for kernel symbol 'adore or sebek' [ Not found ]
[04:52:23] Sebek LKM [ Not found ]
[04:52:23]
[04:52:23] Checking for Shutdown Rootkit...
[04:52:23] Checking for file '/usr/man/man5/.. /.dir/scannah/asus' [ Not found ]
[04:52:23] Checking for file '/usr/man/man5/.. /.dir/see' [ Not found ]
[04:52:23] Checking for file '/usr/man/man5/.. /.dir/nscd' [ Not found ]
[04:52:23] Checking for file '/usr/man/man5/.. /.dir/alpd' [ Not found ]
[04:52:23] Checking for file '/etc/rc.d/rc.local ' [ Not found ]
[04:52:23] Checking for directory '/usr/man/man5/.. /.dir' [ Not found ]
[04:52:23] Checking for directory '/usr/man/man5/.. /.dir/scannah' [ Not found ]
[04:52:23] Checking for directory '/etc/rc.d/rc0.d/.. /.dir' [ Not found ]
[04:52:23] Shutdown Rootkit [ Not found ]
[04:52:23]
[04:52:23] Checking for SHV4 Rootkit...
[04:52:23] Checking for file '/etc/ld.so.hash' [ Not found ]
[04:52:23] Checking for file '/lib/libext-2.so.7' [ Not found ]
[04:52:23] Checking for file '/lib/lidps1.so' [ Not found ]
[04:52:23] Checking for file '/usr/sbin/xntps' [ Not found ]
[04:52:23] Checking for directory '/lib/security/.config' [ Not found ]
[04:52:23] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[04:52:23] SHV4 Rootkit [ Not found ]
[04:52:23]
[04:52:23] Checking for SHV5 Rootkit...
[04:52:23] Checking for file '/etc/sh.conf' [ Not found ]
[04:52:23] Checking for file '/dev/srd0' [ Not found ]
[04:52:23] Checking for directory '/usr/lib/libsh' [ Not found ]
[04:52:23] SHV5 Rootkit [ Not found ]
[04:52:23]
[04:52:23] Checking for Sin Rootkit...
[04:52:23] Checking for file '/dev/.haos/haos1/.f/Denyed' [ Not found ]
[04:52:23] Checking for file '/dev/ttyoa' [ Not found ]
[04:52:23] Checking for file '/dev/ttyof' [ Not found ]
[04:52:23] Checking for file '/dev/ttyop' [ Not found ]
[04:52:23] Checking for file '/dev/ttyos' [ Not found ]
[04:52:23] Checking for file '/usr/lib/.lib' [ Not found ]
[04:52:23] Checking for file '/usr/lib/sn/.X' [ Not found ]
[04:52:23] Checking for file '/usr/lib/sn/.sys' [ Not found ]
[04:52:23] Checking for file '/usr/lib/ld/.X' [ Not found ]
[04:52:23] Checking for file '/usr/man/man1/...' [ Not found ]
[04:52:23] Checking for file '/usr/man/man1/.../.m' [ Not found ]
[04:52:23] Checking for file '/usr/man/man1/.../.w' [ Not found ]
[04:52:23] Checking for directory '/usr/lib/sn' [ Not found ]
[04:52:24] Checking for directory '/usr/lib/man1/...' [ Not found ]
[04:52:24] Checking for directory '/dev/.haos' [ Not found ]
[04:52:24] Sin Rootkit [ Not found ]
[04:52:24]
[04:52:24] Checking for Slapper Worm...
[04:52:24] Checking for file '/tmp/.bugtraq' [ Not found ]
[04:52:24] Checking for file '/tmp/.uubugtraq' [ Not found ]
[04:52:24] Checking for file '/tmp/.bugtraq.c' [ Not found ]
[04:52:24] Checking for file '/tmp/httpd' [ Not found ]
[04:52:24] Checking for file '/tmp/.unlock' [ Not found ]
[04:52:24] Checking for file '/tmp/update' [ Not found ]
[04:52:24] Checking for file '/tmp/.cinik' [ Not found ]
[04:52:24] Checking for file '/tmp/.b' [ Not found ]
[04:52:24] Slapper Worm [ Not found ]
[04:52:24]
[04:52:24] Checking for Sneakin Rootkit...
[04:52:24] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ]
[04:52:24] Sneakin Rootkit [ Not found ]
[04:52:24]
[04:52:24] Checking for Suckit Rootkit...
[04:52:24] Checking for file '/sbin/initsk12' [ Not found ]
[04:52:24] Checking for file '/sbin/initxrk' [ Not found ]
[04:52:24] Checking for file '/usr/bin/null' [ Not found ]
[04:52:24] Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc0.d/S23kmdac' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc1.d/S23kmdac' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc2.d/S23kmdac' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc3.d/S23kmdac' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc4.d/S23kmdac' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc5.d/S23kmdac' [ Not found ]
[04:52:24] Checking for file '/etc/rc.d/rc6.d/S23kmdac' [ Not found ]
[04:52:24] Checking for directory '/dev/sdhu0/tehdrakg' [ Not found ]
[04:52:24] Checking for directory '/etc/.MG' [ Not found ]
[04:52:24] Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[04:52:24] Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[04:52:24] Suckit Rootkit [ Not found ]
[04:52:24]
[04:52:24] Checking for SunOS Rootkit...
[04:52:24] Checking for file '/etc/ld.so.hash' [ Not found ]
[04:52:24] Checking for file '/lib/libext-2.so.7' [ Not found ]
[04:52:24] Checking for file '/usr/bin/ssh2d' [ Not found ]
[04:52:24] Checking for file '/bin/xlogin' [ Not found ]
[04:52:24] Checking for file '/usr/lib/crth.o' [ Not found ]
[04:52:24] Checking for file '/usr/lib/crtz.o' [ Not found ]
[04:52:24] Checking for file '/sbin/login' [ Not found ]
[04:52:24] Checking for file '/lib/security/.config/sn' [ Not found ]
[04:52:24] Checking for file '/lib/security/.config/lpsched' [ Not found ]
[04:52:24] Checking for file '/dev/kmod' [ Not found ]
[04:52:24] Checking for file '/dev/dos' [ Not found ]
[04:52:24] SunOS Rootkit [ Not found ]
[04:52:24]
[04:52:24] Checking for SunOS / NSDAP Rootkit...
[04:52:24] Checking for file '/usr/lib/vold/nsdap/.kit' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/defines' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/patcher' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/pg' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/cleaner' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/utime' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/crypt' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/findkit' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/sn2' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/sniffload' [ Not found ]
[04:52:24] Checking for file '/usr/lib/vold/nsdap/runsniff' [ Not found ]
[04:52:25] Checking for file '/usr/lib/lpset' [ Not found ]
[04:52:25] Checking for directory '/usr/lib/vold/nsdap' [ Not found ]
[04:52:25] SunOS / NSDAP Rootkit [ Not found ]
[04:52:25]
[04:52:25] Checking for Superkit Rootkit...
[04:52:25] Checking for file '/usr/man/.sman/sk' [ Not found ]
[04:52:25] Superkit Rootkit [ Not found ]
[04:52:25]
[04:52:25] Checking for TBD (Telnet BackDoor)...
[04:52:25] Checking for file '/usr/lib/.tbd' [ Not found ]
[04:52:25] TBD (Telnet BackDoor) [ Not found ]
[04:52:25]
[04:52:25] Checking for TeLeKiT Rootkit...
[04:52:25] Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[04:52:25] Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[04:52:25] Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[04:52:25] Checking for file '/usr/man/man3/.../cl' [ Not found ]
[04:52:25] Checking for file '/dev/ptyr' [ Not found ]
[04:52:25] Checking for file '/dev/ptyp' [ Not found ]
[04:52:25] Checking for file '/dev/ptyq' [ Not found ]
[04:52:25] Checking for file '/dev/hda06' [ Not found ]
[04:52:25] Checking for file '/usr/info/libc1.so' [ Not found ]
[04:52:25] Checking for directory '/usr/man/man3/...' [ Not found ]
[04:52:25] Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[04:52:25] Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[04:52:25] TeLeKiT Rootkit [ Not found ]
[04:52:25]
[04:52:25] Checking for T0rn Rootkit...
[04:52:25] Checking for file '/dev/.lib/lib/lib/t0rns' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/du' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/ls' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/t0rnsb' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/ps' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/t0rnp' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/find' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/ifconfig' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/pg' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/ssh.tgz' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/top' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/sz' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/login' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/1i0n.sh' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/pstree' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/mjy' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/sush' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/tfn' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/name' [ Not found ]
[04:52:25] Checking for file '/dev/.lib/lib/lib/getip.sh' [ Not found ]
[04:52:25] Checking for file '/usr/info/.torn/sh*' [ Not found ]
[04:52:25] Checking for file '/usr/src/.****/.1addr' [ Not found ]
[04:52:25] Checking for file '/usr/src/.****/.1file' [ Not found ]
[04:52:25] Checking for file '/usr/src/.****/.1proc' [ Not found ]
[04:52:25] Checking for file '/usr/src/.****/.1logz' [ Not found ]
[04:52:25] Checking for file '/usr/info/.t0rn' [ Not found ]
[04:52:25] Checking for directory '/dev/.lib' [ Not found ]
[04:52:25] Checking for directory '/dev/.lib/lib' [ Not found ]
[04:52:25] Checking for directory '/dev/.lib/lib/lib' [ Not found ]
[04:52:25] Checking for directory '/dev/.lib/lib/lib/dev' [ Not found ]
[04:52:25] Checking for directory '/dev/.lib/lib/scan' [ Not found ]
[04:52:26] Checking for directory '/usr/src/.****' [ Not found ]
[04:52:26] Checking for directory '/usr/man/man1/man1' [ Not found ]
[04:52:26] Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[04:52:26] Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[04:52:26] Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[04:52:26] T0rn Rootkit [ Not found ]
[04:52:26]
[04:52:26] Checking for Trojanit Kit...
[04:52:26] Checking for file '/bin/.ls' [ Not found ]
[04:52:26] Checking for file '/bin/.ps' [ Not found ]
[04:52:26] Checking for file '/bin/.netstat' [ Not found ]
[04:52:26] Checking for file '/usr/bin/.nop' [ Not found ]
[04:52:26] Checking for file '/usr/bin/.who' [ Not found ]
[04:52:26] Trojanit Kit [ Not found ]
[04:52:26]
[04:52:26] Checking for Tuxtendo Rootkit...
[04:52:26] Checking for file '/dev/tux/.addr' [ Not found ]
[04:52:26] Checking for file '/dev/tux/.cron' [ Not found ]
[04:52:26] Checking for file '/dev/tux/.file' [ Not found ]
[04:52:26] Checking for file '/dev/tux/.log' [ Not found ]
[04:52:26] Checking for file '/dev/tux/.proc' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/crontab' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/df' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/dir' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/find' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/ifconfig' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/locate' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/netstat' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/ps' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/pstree' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/syslogd' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/tcpd' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/top' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/updatedb' [ Not found ]
[04:52:26] Checking for file '/dev/tux/backup/vdir' [ Not found ]
[04:52:26] Checking for directory '/dev/tux' [ Not found ]
[04:52:26] Checking for directory '/dev/tux/ssh2' [ Not found ]
[04:52:26] Checking for directory '/dev/tux/backup' [ Not found ]
[04:52:26] Tuxtendo Rootkit [ Not found ]
[04:52:26]
[04:52:26] Checking for URK Rootkit...
[04:52:26] Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[04:52:26] Checking for file '/usr/man/man1/xxxxxxbin/du' [ Not found ]
[04:52:26] Checking for file '/usr/man/man1/xxxxxxbin/ps' [ Not found ]
[04:52:26] Checking for file '/tmp/conf.inf' [ Not found ]
[04:52:26] Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[04:52:26] URK Rootkit [ Not found ]
[04:52:26]
[04:52:26] Checking for VcKit Rootkit...
[04:52:26] Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[04:52:26] Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[04:52:26] VcKit Rootkit [ Not found ]
[04:52:26]
[04:52:26] Checking for Volc Rootkit...
[04:52:26] Checking for directory '/var/spool/.recent' [ Not found ]
[04:52:26] Checking for directory '/var/spool/.recent/.files' [ Not found ]
[04:52:26] Checking for directory '/usr/lib/volc' [ Not found ]
[04:52:26] Checking for directory '/usr/lib/volc/backup' [ Not found ]
[04:52:26] Volc Rootkit [ Not found ]
[04:52:26]
[04:52:26] Checking for X-Org SunOS Rootkit...
[04:52:26] Checking for file '/usr/lib/libX.a/bin/tmpfl' [ Not found ]
[04:52:26] Checking for file '/usr/lib/libX.a/bin/rps' [ Not found ]
[04:52:27] Checking for file '/usr/bin/srload' [ Not found ]
[04:52:27] Checking for file '/usr/lib/libX.a/bin/sparcv7/rps' [ Not found ]
[04:52:27] Checking for file '/usr/sbin/modcheck' [ Not found ]
[04:52:27] Checking for directory '/usr/lib/libX.a' [ Not found ]
[04:52:27] Checking for directory '/usr/lib/libX.a/bin' [ Not found ]
[04:52:27] Checking for directory '/usr/lib/libX.a/bin/sparcv7' [ Not found ]
[04:52:27] Checking for directory '/usr/share/man...' [ Not found ]
[04:52:27] X-Org SunOS Rootkit [ Not found ]
[04:52:27]
[04:52:27] Checking for zaRwT.KiT Rootkit...
[04:52:27] Checking for file '/dev/rd/s/sendmeil' [ Not found ]
[04:52:27] Checking for file '/dev/ttyf' [ Not found ]
[04:52:27] Checking for file '/dev/ttyp' [ Not found ]
[04:52:27] Checking for file '/dev/ttyn' [ Not found ]
[04:52:27] Checking for file '/rk/tulz' [ Not found ]
[04:52:27] Checking for directory '/rk' [ Not found ]
[04:52:27] Checking for directory '/dev/rd/s' [ Not found ]
[04:52:27] zaRwT.KiT Rootkit [ Not found ]
[04:52:27]
[04:52:27] Performing additional rootkit checks
[04:52:27] Info: Starting test name 'additional_rkts'
[04:52:27]
[04:52:27] Performing Suckit Rookit additional checks
[04:52:27] Checking /sbin/init link count [ OK ]
[04:52:27] Checking for hidden file extensions [ None found ]
[04:52:27] Running skdet command [ Skipped ]
[04:52:27] Info: Unable to find the 'skdet' command
[04:52:27] Suckit Rookit additional checks [ OK ]
[04:52:27]
[04:52:27] Performing check of possible rootkit files and directories
[04:52:27] Info: Starting test name 'possible_rkt_files'
[04:52:27] Checking for file '/dev/sdr0' [ Not found ]
[04:52:27] Checking for file '/tmp/.syshackfile' [ Not found ]
[04:52:27] Checking for file '/tmp/.bash_history' [ Not found ]
[04:52:27] Checking for file '/usr/info/.clib' [ Not found ]
[04:52:27] Checking for file '/usr/sbin/tcp.log' [ Not found ]
[04:52:27] Checking for file '/usr/bin/take/pid' [ Not found ]
[04:52:27] Checking for file '/sbin/create' [ Not found ]
[04:52:27] Checking for file '/dev/ttypz' [ Not found ]
[04:52:27] Checking for directory '/usr/bin/take' [ Not found ]
[04:52:27] Checking for directory '/usr/src/.lib' [ Not found ]
[04:52:27] Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[04:52:27] Checking for directory '/lib/lblip.tk' [ Not found ]
[04:52:27] Checking for directory '/usr/sbin/...' [ Not found ]
[04:52:27] Checking for directory '/usr/share/.gun' [ Not found ]
[04:52:27] Checking for possible rootkit files and directories [ None found ]
[04:52:27]
[04:52:27] Performing check for possible rootkit strings
[04:52:27] Info: Starting test name 'possible_rkt_strings'
[04:52:27] Info: Found local startup file: /etc/rc.local
[04:52:27] Checking for string '/dev/proc/fuckit' [ Not found ]
[04:52:27] Checking for string '****' [ Not found ]
[04:52:27] Checking for string 'backdoor' [ Not found ]
[04:52:27] Checking for string 'vt200' [ Not found ]
[04:52:27] Checking for string '/usr/bin/xstat' [ Not found ]
[04:52:28] Checking for string '/bin/envpc' [ Not found ]
[04:52:28] Checking for string 'L4m3r0x' [ Not found ]
[04:52:28] Checking for string '/usr/lib/.tbd' [ Not found ]
[04:52:28] Checking for string '/dev/ptyxx/.file' [ Not found ]
[04:52:28] Checking for string '/dev/sgk' [ Not found ]
[04:52:28] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[04:52:28] Checking for string '/usr/lib/.tbd' [ Not found ]
[04:52:28] Checking for string '/dev/proc/fuckit' [ Not found ]
[04:52:28] Checking for string '/lib/.sso' [ Not found ]
[04:52:28] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[04:52:28] Checking for string '/dev/caca' [ Not found ]
[04:52:28] Checking for string '/dev/ttyoa' [ Not found ]
[04:52:28] Checking for string 'syg' [ Not found ]
[04:52:28] Checking for string '/dev/pts/01' [ Not found ]
[04:52:28] Checking for string 'tw33dl3' [ Not found ]
[04:52:28] Checking for string 'psniff' [ Not found ]
[04:52:28] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[04:52:28] Checking for string 'promiscuous' [ Not found ]
[04:52:28] Checking for string '/usr/lib/.tbd' [ Not found ]
[04:52:28] Checking for string '/dev/xdta' [ Not found ]
[04:52:28] Checking for string '/usr/lib/.tbd' [ Not found ]
[04:52:28] Checking for string 'in.inetd' [ Not found ]
[04:52:28] Checking for string '#<HIDE_.*>' [ Not found ]
[04:52:28] Checking for string 'bin/xchk' [ Not found ]
[04:52:28] Checking for string 'bin/xsf' [ Not found ]
[04:52:28] Checking for possible rootkit strings [ None found ]
[04:52:28]
[04:52:28] Performing malware checks
[04:52:28] Info: Starting test name 'malware'
[04:52:28]
[04:52:28] Info: Test 'deleted_files' disabled at users request.
[04:52:28] Info: Starting test name 'running_procs'
[04:52:28] Checking running processes for suspicious files [ None found ]
[04:52:28]
[04:52:28] Info: Test 'hidden_procs' disabled at users request.
[04:52:28]
[04:52:28] Info: Test 'suspscan' disabled at users request.
[04:52:28]
[04:52:28] Performing check for login backdoors
[04:52:28] Info: Starting test name 'other_malware'
[04:52:28] Checking for '/bin/.login' [ Not found ]
[04:52:29] Checking for '/sbin/.login' [ Not found ]
[04:52:29] Checking for login backdoors [ None found ]
[04:52:29]
[04:52:29] Performing check for suspicious directories
[04:52:29] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[04:52:29] Checking for directory '/dev/rd/cdb' [ Not found ]
[04:52:29] Checking for suspicious directories [ None found ]
[04:52:29]
[04:52:29] Checking for software intrusions [ Skipped ]
[04:52:29] Info: Check skipped - tripwire not installed
[04:52:29]
[04:52:29] Performing check for sniffer log files
[04:52:29] Checking for file '/usr/lib/libice.log' [ Not found ]
[04:52:29] Checking for sniffer log files [ None found ]
[04:52:29]
[04:52:29] Performing trojan specific checks
[04:52:29] Info: Starting test name 'trojans'
[04:52:29] Info: Using inetd configuration file '/etc/inetd.conf'
[04:52:29] Checking for enabled inetd services [ OK ]
[04:52:29]
[04:52:29] Performing check for enabled xinetd services
[04:52:29] Checking for enabled xinetd services [ Skipped ]
[04:52:29] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[04:52:29] Info: Apache backdoor check skipped: Apache modules and configuration directories not found.
[04:52:29]
[04:52:29] Performing Linux specific checks
[04:52:29] Info: Starting test name 'os_specific'
[04:52:29] Checking kernel module commands [ OK ]
[04:52:29] Info: Using modules pathname of '/lib/modules/2.6.28-11-generic'
[04:52:29] Checking kernel module names [ OK ]
[04:52:41]
[04:52:41] Checking the network...
[04:52:41] Info: Starting test name 'network'
[04:52:41] Info: Starting test name 'ports'
[04:52:41]
[04:52:41] Performing check for backdoor ports
[04:52:41] Checking for UDP port 2001 [ Not found ]
[04:52:41] Checking for TCP port 2006 [ Not found ]
[04:52:41] Checking for TCP port 2128 [ Not found ]
[04:52:41] Checking for TCP port 14856 [ Not found ]
[04:52:41] Checking for TCP port 47107 [ Not found ]
[04:52:41] Checking for TCP port 60922 [ Not found ]
[04:52:41]
[04:52:41] Performing checks on the network interfaces
[04:52:41] Info: Starting test name 'promisc'
[04:52:41] Checking for promiscuous interfaces [ None found ]
[04:52:41]
[04:52:41] Info: Test 'packet_cap_apps' disabled at users request.
[04:52:45]
[04:52:45] Checking the local host...
[04:52:45] Info: Starting test name 'local_host'
[04:52:45]
[04:52:45] Performing system boot checks
[04:52:45] Info: Starting test name 'startup_files'
[04:52:45] Checking for local host name [ Found ]
[04:52:45] Info: Starting test name 'startup_malware'
[04:52:45] Info: Found local startup file: /etc/rc.local
[04:52:45] Checking for local startup files [ Found ]
[04:52:45] Checking local startup files for malware [ None found ]
[04:52:45] Info: Found system startup directory: /etc/init.d
[04:52:46] Checking system startup files for malware [ None found ]
[04:52:46]
[04:52:46] Performing group and account checks
[04:52:46] Info: Starting test name 'group_accounts'
[04:52:46] Checking for passwd file [ Found ]
[04:52:46] Info: Found password file: /etc/passwd
[04:52:46] Checking for root equivalent (UID 0) accounts [ None found ]
[04:52:46] Info: Found shadow file: /etc/shadow
[04:52:46] Checking for passwordless accounts [ None found ]
[04:52:46] Info: Starting test name 'passwd_changes'
[04:52:46] Checking for passwd file changes [ None found ]
[04:52:46] Info: Starting test name 'group_changes'
[04:52:46] Checking for group file changes [ None found ]
[04:52:46] Checking root account shell history files [ OK ]
[04:52:46]
[04:52:46] Performing system configuration file checks
[04:52:46] Info: Starting test name 'system_configs'
[04:52:46] Checking for SSH configuration file [ Not found ]
[04:52:46] Checking for running syslog daemon [ Found ]
[04:52:46] Checking for syslog configuration file [ Found ]
[04:52:46] Info: Found syslog configuration file: /etc/syslog.conf
[04:52:46] Checking if syslog remote logging is allowed [ Not allowed ]
[04:52:46]
[04:52:46] Performing filesystem checks
[04:52:46] Info: Starting test name 'filesystem'
[04:52:46] Info: SCAN_MODE_DEV set to 'THOROUGH'
[04:52:46] Checking /dev for suspicious file types [ Warning ]
[04:52:46] Warning: Suspicious file types found in /dev:
[04:52:46] /dev/shm/pulse-shm-3744902748: data
[04:52:46] Checking for hidden files and directories [ None found ]
[04:54:01]
[04:54:01] Checking application versions...
[04:54:01] Info: Starting test name 'apps'
[04:54:01] Checking version of Exim MTA [ OK ]
[04:54:01] Info: Application 'exim' version '4.69' found.
[04:54:01] Checking version of GnuPG [ OK ]
[04:54:01] Info: Application 'gpg' version '1.4.9' found.
[04:54:02] Info: Application 'httpd' not found.
[04:54:02] Info: Application 'named' not found.
[04:54:02] Checking version of OpenSSL [ OK ]
[04:54:02] Info: Application 'openssl' version '0.9.8g' found.
[04:54:02] Info: Application 'php' not found.
[04:54:02] Info: Application 'procmail' not found.
[04:54:02] Info: Application 'proftpd' not found.
[04:54:02] Info: Application 'sshd' not found.
[04:54:02] Info: Applications checked: 3 out of 9
[04:54:02]
[04:54:02] System checks summary
[04:54:02] =====================
[04:54:02]
[04:54:02] File properties checks...
[04:54:02] Files checked: 127
[04:54:02] Suspect files: 2
[04:54:02]
[04:54:02] Rootkit checks...
[04:54:02] Rootkits checked : 109
[04:54:02] Possible rootkits: 0
[04:54:02]
[04:54:02] Applications checks...
[04:54:02] Applications checked: 3
[04:54:02] Suspect applications: 0
[04:54:02]
[04:54:02] The system checks took: 2 minutes and 1 second
[04:54:02]
[04:54:02] Info: End date is Wed Jun 10 04:54:02 MDT 2009

Here also is my netstat:

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 dan-desktop.local:33190 nemesis.webwizhost.:www ESTABLISHED
tcp 0 0 dan-desktop.local:33195 nemesis.webwizhost.:www ESTABLISHED
tcp 0 0 dan-desktop.local:33192 nemesis.webwizhost.:www ESTABLISHED
tcp 0 0 dan-desktop.local:33191 nemesis.webwizhost.:www ESTABLISHED
tcp 0 0 dan-desktop.local:35877 qb-in-f101.google.c:www ESTABLISHED
tcp 0 0 dan-desktop.local:33194 nemesis.webwizhost.:www ESTABLISHED
tcp 0 0 dan-desktop.local:33193 nemesis.webwizhost.:www ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 2872 @/com/ubuntu/upstart
unix 13 [ ] DGRAM 5992 /dev/log
unix 2 [ ] DGRAM 3095 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 6376 @/org/freedesktop/hal/udev_event
unix 3 [ ] STREAM CONNECTED 72096
unix 3 [ ] STREAM CONNECTED 72095
unix 3 [ ] STREAM CONNECTED 72092 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 72091
unix 3 [ ] STREAM CONNECTED 72082 /tmp/orbit-dan/linc-5c20-0-3c2af7ce8a51
unix 3 [ ] STREAM CONNECTED 72081
unix 3 [ ] STREAM CONNECTED 72078 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 72077
unix 3 [ ] STREAM CONNECTED 72073 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 72072
unix 3 [ ] STREAM CONNECTED 72071 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 72070
unix 3 [ ] STREAM CONNECTED 72068 @/tmp/.X11-unix/X0
unix 6 [ ] STREAM CONNECTED 72067
unix 3 [ ] STREAM CONNECTED 67208 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 67207
unix 3 [ ] STREAM CONNECTED 67187 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 67186
unix 3 [ ] STREAM CONNECTED 67183 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 67182
unix 3 [ ] STREAM CONNECTED 67175 /tmp/orbit-dan/linc-5c04-0-540467461f23f
unix 3 [ ] STREAM CONNECTED 67174
unix 3 [ ] STREAM CONNECTED 67171 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 67170
unix 3 [ ] STREAM CONNECTED 67168 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 67167
unix 3 [ ] STREAM CONNECTED 67166 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 67165
unix 3 [ ] STREAM CONNECTED 67161 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 67160
unix 3 [ ] STREAM CONNECTED 62756 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 62755
unix 3 [ ] STREAM CONNECTED 62746 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 62745
unix 3 [ ] STREAM CONNECTED 62744 /tmp/orbit-dan/linc-5931-0-2b2510abb1e07
unix 3 [ ] STREAM CONNECTED 62743
unix 3 [ ] STREAM CONNECTED 62740 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 62739
unix 3 [ ] STREAM CONNECTED 62735 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 62734
unix 3 [ ] STREAM CONNECTED 62731 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 62730
unix 3 [ ] STREAM CONNECTED 62728 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 62727
unix 3 [ ] STREAM CONNECTED 59662 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 59645
unix 3 [ ] STREAM CONNECTED 59644
unix 3 [ ] STREAM CONNECTED 59643
unix 3 [ ] STREAM CONNECTED 59630 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 59629
unix 3 [ ] STREAM CONNECTED 13486 /tmp/orbit-dan/linc-f06-0-732bdde81982d
unix 3 [ ] STREAM CONNECTED 13485
unix 3 [ ] STREAM CONNECTED 13482 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 13481
unix 3 [ ] STREAM CONNECTED 13474 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 13473
unix 3 [ ] STREAM CONNECTED 12061 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12060
unix 3 [ ] STREAM CONNECTED 12059 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 12058
unix 3 [ ] STREAM CONNECTED 12056 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 12055
unix 3 [ ] STREAM CONNECTED 12054 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12053
unix 3 [ ] STREAM CONNECTED 12025 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 12024
unix 3 [ ] STREAM CONNECTED 12021 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12020
unix 3 [ ] STREAM CONNECTED 12019 /tmp/orbit-dan/linc-e60-0-1f856871e04cb
unix 3 [ ] STREAM CONNECTED 12018
unix 3 [ ] STREAM CONNECTED 12015 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 12014
unix 3 [ ] STREAM CONNECTED 12009 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 12008
unix 3 [ ] STREAM CONNECTED 12007 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12006
unix 3 [ ] STREAM CONNECTED 11437 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11436
unix 3 [ ] STREAM CONNECTED 11426 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 11425
unix 3 [ ] STREAM CONNECTED 11419 /tmp/orbit-dan/linc-df3-0-5210f6046ae54
unix 3 [ ] STREAM CONNECTED 11418
unix 3 [ ] STREAM CONNECTED 11417 /tmp/orbit-dan/linc-df3-0-5210f6046ae54
unix 3 [ ] STREAM CONNECTED 11416
unix 3 [ ] STREAM CONNECTED 11414 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 11413
unix 3 [ ] STREAM CONNECTED 11412 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11411
unix 3 [ ] STREAM CONNECTED 11410 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11409
unix 3 [ ] STREAM CONNECTED 11408 /tmp/orbit-dan/linc-df3-0-5210f6046ae54
unix 3 [ ] STREAM CONNECTED 11407
unix 3 [ ] STREAM CONNECTED 11406 /tmp/orbit-dan/linc-e26-0-441dcf6adfcd5
unix 3 [ ] STREAM CONNECTED 11405
unix 3 [ ] STREAM CONNECTED 11404 /tmp/orbit-dan/linc-e22-0-10b16a233ddd0
unix 3 [ ] STREAM CONNECTED 11403
unix 3 [ ] STREAM CONNECTED 11402 /tmp/orbit-dan/linc-e20-0-6e97d01858faa
unix 3 [ ] STREAM CONNECTED 11401
unix 2 [ ] DGRAM 11390
unix 3 [ ] STREAM CONNECTED 11386 /tmp/orbit-dan/linc-e26-0-441dcf6adfcd5
unix 3 [ ] STREAM CONNECTED 11385
unix 3 [ ] STREAM CONNECTED 11383 /tmp/orbit-dan/linc-e19-0-33aaa20b17cfd
unix 3 [ ] STREAM CONNECTED 11382
unix 3 [ ] STREAM CONNECTED 11381 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 11380
unix 3 [ ] STREAM CONNECTED 11369 @/dbus-vfs-daemon/socket-hGIoCeXE
unix 3 [ ] STREAM CONNECTED 11368
unix 3 [ ] STREAM CONNECTED 11367 @/dbus-vfs-daemon/socket-OzbCywd7
unix 3 [ ] STREAM CONNECTED 11366
unix 3 [ ] STREAM CONNECTED 11358 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11357
unix 3 [ ] STREAM CONNECTED 11329 /tmp/orbit-dan/linc-e26-0-441dcf6adfcd5
unix 3 [ ] STREAM CONNECTED 11328
unix 3 [ ] STREAM CONNECTED 11325 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 11324
unix 3 [ ] STREAM CONNECTED 11322 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11321
unix 3 [ ] STREAM CONNECTED 11265 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11264
unix 3 [ ] STREAM CONNECTED 11233 @/dbus-vfs-daemon/socket-1A2d5k0G
unix 3 [ ] STREAM CONNECTED 11232
unix 3 [ ] STREAM CONNECTED 11234 @/dbus-vfs-daemon/socket-qfsmAzA0
unix 3 [ ] STREAM CONNECTED 11231
unix 3 [ ] STREAM CONNECTED 11216 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11215
unix 3 [ ] STREAM CONNECTED 11213 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11212
unix 3 [ ] STREAM CONNECTED 11210 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11209
unix 3 [ ] STREAM CONNECTED 11194 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 11193
unix 3 [ ] STREAM CONNECTED 11189 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11188
unix 3 [ ] STREAM CONNECTED 11187 /tmp/orbit-dan/linc-e20-0-6e97d01858faa
unix 3 [ ] STREAM CONNECTED 11186
unix 3 [ ] STREAM CONNECTED 11185 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 11183
unix 3 [ ] STREAM CONNECTED 11048 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11047
unix 3 [ ] STREAM CONNECTED 11043 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11042
unix 3 [ ] STREAM CONNECTED 11041 /tmp/orbit-dan/linc-e20-0-6e97d01858faa
unix 3 [ ] STREAM CONNECTED 11040
unix 3 [ ] STREAM CONNECTED 11039 /tmp/orbit-dan/linc-e19-0-33aaa20b17cfd
unix 3 [ ] STREAM CONNECTED 11036
unix 3 [ ] STREAM CONNECTED 11032 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11031
unix 3 [ ] STREAM CONNECTED 11027 /tmp/orbit-dan/linc-e22-0-10b16a233ddd0
unix 3 [ ] STREAM CONNECTED 11026
unix 3 [ ] STREAM CONNECTED 11025 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 11024
unix 3 [ ] STREAM CONNECTED 11022 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 11021
unix 3 [ ] STREAM CONNECTED 11020 /tmp/orbit-dan/linc-e22-0-10b16a233ddd0
unix 3 [ ] STREAM CONNECTED 11019
unix 3 [ ] STREAM CONNECTED 11018 /tmp/orbit-dan/linc-e19-0-33aaa20b17cfd
unix 3 [ ] STREAM CONNECTED 11015
unix 3 [ ] STREAM CONNECTED 11011 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11010
unix 3 [ ] STREAM CONNECTED 10897 /tmp/orbit-dan/linc-df3-0-5210f6046ae54
unix 3 [ ] STREAM CONNECTED 10896
unix 3 [ ] STREAM CONNECTED 10893 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10892
unix 3 [ ] STREAM CONNECTED 10894 /tmp/orbit-dan/linc-e19-0-33aaa20b17cfd
unix 3 [ ] STREAM CONNECTED 10891
unix 3 [ ] STREAM CONNECTED 10886 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 10885
unix 3 [ ] STREAM CONNECTED 10870 @/dbus-vfs-daemon/socket-koXL7Mkh
unix 3 [ ] STREAM CONNECTED 10869
unix 3 [ ] STREAM CONNECTED 10868 @/dbus-vfs-daemon/socket-LZDaYbUM
unix 3 [ ] STREAM CONNECTED 10867
unix 3 [ ] STREAM CONNECTED 10862 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10861
unix 3 [ ] STREAM CONNECTED 10858 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10857
unix 3 [ ] STREAM CONNECTED 10836 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10835
unix 3 [ ] STREAM CONNECTED 10792 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10791
unix 3 [ ] STREAM CONNECTED 10790 /tmp/orbit-dan/linc-e14-0-3b2a34512a4f3
unix 3 [ ] STREAM CONNECTED 10789
unix 3 [ ] STREAM CONNECTED 10786 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10785
unix 3 [ ] STREAM CONNECTED 10781 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10780
unix 3 [ ] STREAM CONNECTED 10778 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10777
unix 3 [ ] STREAM CONNECTED 10767 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10766
unix 3 [ ] STREAM CONNECTED 10763 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10762
unix 3 [ ] STREAM CONNECTED 10761 /tmp/orbit-dan/linc-e11-0-4c5d2a8ae5c0e
unix 3 [ ] STREAM CONNECTED 10760
unix 3 [ ] STREAM CONNECTED 10757 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10756
unix 3 [ ] STREAM CONNECTED 10754 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10753
unix 3 [ ] STREAM CONNECTED 10752 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 10751
unix 3 [ ] STREAM CONNECTED 10747 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10745
unix 3 [ ] STREAM CONNECTED 10739 /tmp/orbit-dan/linc-dfe-0-79093e44e1ca2
unix 3 [ ] STREAM CONNECTED 10738
unix 3 [ ] STREAM CONNECTED 10735 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10734
unix 3 [ ] STREAM CONNECTED 10729 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10728
unix 3 [ ] STREAM CONNECTED 10727 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10726
unix 3 [ ] STREAM CONNECTED 10725 /tmp/orbit-dan/linc-df4-0-79b472d5dbe26
unix 3 [ ] STREAM CONNECTED 10724
unix 3 [ ] STREAM CONNECTED 10721 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10720
unix 3 [ ] STREAM CONNECTED 10716 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10715
unix 3 [ ] STREAM CONNECTED 10713 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10712
unix 3 [ ] STREAM CONNECTED 10640 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10639
unix 3 [ ] STREAM CONNECTED 10597 /tmp/orbit-dan/linc-e08-0-78571eb97a33
unix 3 [ ] STREAM CONNECTED 10596
unix 3 [ ] STREAM CONNECTED 10593 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10592
unix 3 [ ] STREAM CONNECTED 10588 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10587
unix 3 [ ] STREAM CONNECTED 10585 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10584
unix 3 [ ] STREAM CONNECTED 10583 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10582
unix 3 [ ] STREAM CONNECTED 10447 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10446
unix 3 [ ] STREAM CONNECTED 10342 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10341
unix 3 [ ] STREAM CONNECTED 10309 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10308
unix 3 [ ] STREAM CONNECTED 10274 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 10273
unix 3 [ ] STREAM CONNECTED 10271 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10270
unix 3 [ ] STREAM CONNECTED 10262 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10261
unix 3 [ ] STREAM CONNECTED 10230 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 10229
unix 3 [ ] STREAM CONNECTED 10228 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 10227
unix 3 [ ] STREAM CONNECTED 10225 /tmp/orbit-dan/linc-df2-0-383a7538c55d3
unix 3 [ ] STREAM CONNECTED 10224
unix 3 [ ] STREAM CONNECTED 10221 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10220
unix 3 [ ] STREAM CONNECTED 10213 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10212
unix 3 [ ] STREAM CONNECTED 10211 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10210
unix 3 [ ] STREAM CONNECTED 10208 /tmp/orbit-dan/linc-df3-0-5210f6046ae54
unix 3 [ ] STREAM CONNECTED 10207
unix 3 [ ] STREAM CONNECTED 10204 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 10203
unix 3 [ ] STREAM CONNECTED 10201 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10200
unix 3 [ ] STREAM CONNECTED 10196 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10195
unix 3 [ ] STREAM CONNECTED 10191 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10190
unix 3 [ ] STREAM CONNECTED 10161 /tmp/.ICE-unix/3301
unix 3 [ ] STREAM CONNECTED 10160
unix 3 [ ] STREAM CONNECTED 10026 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 10025
unix 3 [ ] STREAM CONNECTED 9976 /tmp/orbit-dan/linc-cd8-0-77bd911453d15
unix 3 [ ] STREAM CONNECTED 9975
unix 3 [ ] STREAM CONNECTED 9972 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 9971
unix 3 [ ] STREAM CONNECTED 9966 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9965
unix 3 [ ] STREAM CONNECTED 9894 /tmp/orbit-dan/linc-dae-0-3f26cb303838a
unix 3 [ ] STREAM CONNECTED 9893
unix 3 [ ] STREAM CONNECTED 9890 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 9889
unix 3 [ ] STREAM CONNECTED 9883 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9882
unix 3 [ ] STREAM CONNECTED 9880 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9879
unix 3 [ ] STREAM CONNECTED 9791 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9790
unix 3 [ ] STREAM CONNECTED 9786 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9785
unix 3 [ ] STREAM CONNECTED 9767 /tmp/orbit-dan/linc-d9d-0-fd0f1a515326
unix 3 [ ] STREAM CONNECTED 9766
unix 3 [ ] STREAM CONNECTED 9763 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 9762
unix 3 [ ] STREAM CONNECTED 9758 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9757
unix 3 [ ] STREAM CONNECTED 9731 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9730
unix 3 [ ] STREAM CONNECTED 9721 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9720
unix 3 [ ] STREAM CONNECTED 9717 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9716
unix 3 [ ] STREAM CONNECTED 9715 /tmp/orbit-dan/linc-ce5-0-4994d706553e2
unix 3 [ ] STREAM CONNECTED 9714
unix 3 [ ] STREAM CONNECTED 9711 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 9710
unix 3 [ ] STREAM CONNECTED 9672 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9671
unix 3 [ ] STREAM CONNECTED 9669 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9668
unix 3 [ ] STREAM CONNECTED 9643 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9642
unix 3 [ ] STREAM CONNECTED 9635 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9634
unix 3 [ ] STREAM CONNECTED 9615 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9614
unix 3 [ ] STREAM CONNECTED 9613 /tmp/orbit-dan/linc-d90-0-5ac226d251902
unix 3 [ ] STREAM CONNECTED 9612
unix 3 [ ] STREAM CONNECTED 9609 /tmp/orbit-dan/linc-d92-0-47eb94a63ed58
unix 3 [ ] STREAM CONNECTED 9608
unix 3 [ ] STREAM CONNECTED 9602 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9601
unix 3 [ ] STREAM CONNECTED 9417 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9416
unix 3 [ ] STREAM CONNECTED 9402 @/tmp/dbus-U2HStvTGzg
unix 3 [ ] STREAM CONNECTED 9401
unix 3 [ ] STREAM CONNECTED 9362 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9361
unix 3 [ ] STREAM CONNECTED 9348 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9347
unix 3 [ ] STREAM CONNECTED 9346
unix 3 [ ] STREAM CONNECTED 9345
unix 4 [ ] STREAM CONNECTED 9332 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9331
unix 2 [ ] DGRAM 8460
unix 3 [ ] STREAM CONNECTED 8372 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8371
unix 3 [ ] STREAM CONNECTED 8361 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8360
unix 2 [ ] DGRAM 8154
unix 3 [ ] STREAM CONNECTED 8064 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8063
unix 4 [ ] STREAM CONNECTED 8073 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 8062
unix 3 [ ] STREAM CONNECTED 8057 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 8056
unix 2 [ ] DGRAM 7650
unix 3 [ ] STREAM CONNECTED 7584 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7583
unix 2 [ ] DGRAM 7516
unix 3 [ ] STREAM CONNECTED 7515 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7514
unix 2 [ ] DGRAM 7509
unix 3 [ ] STREAM CONNECTED 7508 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7507
unix 3 [ ] STREAM CONNECTED 7451 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7444
unix 3 [ ] STREAM CONNECTED 7436
unix 3 [ ] STREAM CONNECTED 7435
unix 2 [ ] DGRAM 7433
unix 3 [ ] STREAM CONNECTED 7382 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7381
unix 2 [ ] DGRAM 7375
unix 3 [ ] STREAM CONNECTED 7358 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 7357
unix 3 [ ] STREAM CONNECTED 7173 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7172
unix 2 [ ] DGRAM 7169
unix 3 [ ] STREAM CONNECTED 7119 @/var/run/hald/dbus-1F6rJIOhKu
unix 3 [ ] STREAM CONNECTED 7118
unix 2 [ ] DGRAM 7117
unix 3 [ ] STREAM CONNECTED 7116 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 7115
unix 3 [ ] STREAM CONNECTED 7108 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7107
unix 3 [ ] STREAM CONNECTED 7110 @/var/run/hald/dbus-1F6rJIOhKu
unix 3 [ ] STREAM CONNECTED 7096
unix 3 [ ] STREAM CONNECTED 7097 @/var/run/hald/dbus-1F6rJIOhKu
unix 3 [ ] STREAM CONNECTED 7086
unix 3 [ ] STREAM CONNECTED 7084 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7083
unix 3 [ ] STREAM CONNECTED 6868 @/var/run/hald/dbus-1F6rJIOhKu
unix 3 [ ] STREAM CONNECTED 6637
unix 3 [ ] STREAM CONNECTED 6371 @/var/run/hald/dbus-tFUoFIoGg4
unix 3 [ ] STREAM CONNECTED 6370
unix 3 [ ] STREAM CONNECTED 6335 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6334
unix 3 [ ] STREAM CONNECTED 6321 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6320
unix 3 [ ] STREAM CONNECTED 6090
unix 3 [ ] STREAM CONNECTED 6089
unix 2 [ ] DGRAM 6046


rkhunter says there are 2 suspected files (usr/sbin/unhide being one of them. i have tried to look this up and there seems to be more ppl thinking this is malicious as well. unfortunetelly no one has given a clear response to what it does or so i can see.)

also does that netstat look right to you?

any help would be appreciated!
Cavemann
June 10th, 2009, 08:45 AM
Hi All

I also think something happened last night / early this morning 10/6 when I was getting some programs from the repository suddenly I was confronted with a download and when I opened Open Office today it was all in a crylic alphabet that I could not read and I cant get rid of it

I will probably have to reformat the drive

Be Careful

Regards
Peter
cdenley
June 10th, 2009, 08:56 AM
dpkg -l unhide
apt-cache show unhide
Cavemann
June 10th, 2009, 09:00 AM
Hello

YES THERE IS SOMETHING HAPPENING - I HAVE NOW LOST THE LOT - LUCKILY IT WAS ON A NOTEBOOK NOT NOW CONNECTED TO MY LAN - TRYING TO REMOVE A FEW STRANGE APPLICATIONS NOW ALL HAVE GONE AND UBUNTU WILL NO LONGER BOOT - I THINK THIS IS A GENUINE MALICIOUS ATTACK

TAKE CARE
cdenley
June 10th, 2009, 09:01 AM
Hello

YES THERE IS SOMETHING HAPPENING - I HAVE NOW LOST THE LOT - LUCKILY IT WAS ON A NOTEBOOK NOT NOW CONNECTED TO MY LAN - TRYING TO REMOVE A FEW STRANGE APPLICATIONS NOW ALL HAVE GONE AND UBUNTU WILL NO LONGER BOOT - I THINK THIS IS A GENUINE MALICIOUS ATTACK

TAKE CARE

Don't post in all caps, and don't hijack unrelated threads.
brian_p
June 10th, 2009, 09:16 AM
rkhunter says there are 2 suspected files (usr/sbin/unhide being one of them. i have tried to look this up and there seems to be more ppl thinking this is malicious as well. unfortunetelly no one has given a clear response to what it does or so i can see.)

Many would class this as a false positive. Which is a polite way of saying rkhunter's role as a security measure is useless.

apt-cache show rkhunter

The Recommends: line.

also does that netstat look right to you?

Nothing untoward there.
uberlube
June 11th, 2009, 04:13 AM
thnx for the responses guys. much appreciated!
XanTrax
June 11th, 2009, 11:24 AM
hide and unhide are two applications that you don't have to worry about as they come down when you install rkhunter.

http://www.security-projects.com/?Unhide