Kinetic Being
October 5th, 2008, 02:16 PM
Searching for anomalies in shell history files... /usr/bin/find: //home/matt/.gvfs: Permission denied
Warning: `//home/matt/.local/share/Trash/files/sysbackup092808/home/matt/.civserver_history
//home/matt/.local/share/Trash/files/sysbackup092808/home/matt/Desktop/sysbackup092808/home/matt/.civserver_history
//home/matt/.civserver_history' file size is zero
/usr/bin/find: //home/matt/.gvfs: Permission denied
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient3[5761])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user matt deleted or never logged from lastlog!
The first part, where the file name is 4 lines long (at least that's what I think it is) is because I started a backup, stopped it, then started another, and ended that, so that's why it's got the really long file name. At least, I think that's why, it looks like that's the reason.
But, I don't know why its empty, is the freeciv server file supposed to be empty? I've gone onto servers and observed before, but never actually played online.
Also, I don't know what the z2 thing is. From what I could find out, it says that the user "matt" was created since the last time I ran chkrootkit, which it wasn't, that was the one I started Ubuntu with, and I never created any other users.
And the thing that worries me most is the eth0: PACKET SNIFFER(/sbin/dhclient3[5761]) line.
Everything else before this section came up nothing found.
I am worried about a rootkit because last night I was trying to set up tor to use some proxies from a howto on this forum, and I was trying to see if the ip's on the list worked. I "ping"'ed them, which in foresight might not have been the best idea, but I thought it would tell me if they were up and fast or not. I think someone mistook that for a malicious attempt (BTW, none of them came back to me within a minute and I ctrl-c'd) and tried to exact revenge on me. My computer started acting up a bit, so I shut off the internet and ran chkrootkit. I didn't know what to do from there, so here I am. My computer so far has not been acting weird, and I ran chkrootkit again a few times and got the same results.
All help is appreciated, thanks,
Kinetic Being
Warning: `//home/matt/.local/share/Trash/files/sysbackup092808/home/matt/.civserver_history
//home/matt/.local/share/Trash/files/sysbackup092808/home/matt/Desktop/sysbackup092808/home/matt/.civserver_history
//home/matt/.civserver_history' file size is zero
/usr/bin/find: //home/matt/.gvfs: Permission denied
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient3[5761])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user matt deleted or never logged from lastlog!
The first part, where the file name is 4 lines long (at least that's what I think it is) is because I started a backup, stopped it, then started another, and ended that, so that's why it's got the really long file name. At least, I think that's why, it looks like that's the reason.
But, I don't know why its empty, is the freeciv server file supposed to be empty? I've gone onto servers and observed before, but never actually played online.
Also, I don't know what the z2 thing is. From what I could find out, it says that the user "matt" was created since the last time I ran chkrootkit, which it wasn't, that was the one I started Ubuntu with, and I never created any other users.
And the thing that worries me most is the eth0: PACKET SNIFFER(/sbin/dhclient3[5761]) line.
Everything else before this section came up nothing found.
I am worried about a rootkit because last night I was trying to set up tor to use some proxies from a howto on this forum, and I was trying to see if the ip's on the list worked. I "ping"'ed them, which in foresight might not have been the best idea, but I thought it would tell me if they were up and fast or not. I think someone mistook that for a malicious attempt (BTW, none of them came back to me within a minute and I ctrl-c'd) and tried to exact revenge on me. My computer started acting up a bit, so I shut off the internet and ran chkrootkit. I didn't know what to do from there, so here I am. My computer so far has not been acting weird, and I ran chkrootkit again a few times and got the same results.
All help is appreciated, thanks,
Kinetic Being