Results 1 to 4 of 4

Thread: Is my computer compromised?

  1. #1
    Join Date
    Feb 2009
    Beans
    6
    Distro
    Ubuntu 9.10 Karmic Koala

    Is my computer compromised?

    On my computer I've had random input from mouse (movement), keyboard (up, down, left, right) and scroll (haven't got a mouse with scroll so its a bit weird). I use Linux Mint (don't like the Unity interface, but its basically ubuntu) so I don't get the regular update reminder I used to get using ubuntu and it had been a long time since last update. After the update I decided to check with RootKit Hunter and I got a few warnings:

    Code:
    [14:52:36] Info: Starting test name 'filesystem'
    [14:52:36] Performing filesystem checks
    [14:52:36] Info: SCAN_MODE_DEV set to 'THOROUGH'
    [14:52:36]   Checking /dev for suspicious file types         [ Warning ]
    [14:52:36] Warning: Suspicious file types found in /dev:
    [14:52:36]          /dev/.udev/rules.d/root.rules: ASCII text
    [14:52:36]   Checking for hidden files and directories       [ Warning ]
    [14:52:37] Warning: Hidden directory found: '/etc/.java'
    [14:52:37] Warning: Hidden directory found: '/dev/.udev'
    [14:52:37] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
    So I wonder if I still got viruses and if I could get an advise of how to fix it?

  2. #2
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Is my computer compromised?

    would you please take a look at this documentation: https://help.ubuntu.com/community/RKhunter
    And "run" rkhunter again.

  3. #3
    Join Date
    Sep 2009
    Location
    MGRS 18T UK 52232 51616
    Beans
    528
    Distro
    Ubuntu

    Re: Is my computer compromised?

    Code:
    [14:52:36] Warning: Suspicious file types found in /dev:
    [14:52:36]          /dev/.udev/rules.d/root.rules: ASCII text
    [14:52:37] Warning: Hidden directory found: '/dev/.udev'
    These can be ignored, most if not all Ubuntu systems have that hidden directory. The data inside that directory is therefore to be ignored, because the /dev/.udev directory is included in the "What to Ignore" list.

    Code:
    [14:52:37] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
    This one should also be fine, that's a common one I see on a lot of Ubuntu systems.

    Code:
    [14:52:37] Warning: Hidden directory found: '/etc/.java'
    I've not checked my system, but that may be a problem directory. I"ll get back to you about this dir, i'm checking on Ubuntu 12.04.

    And mint is not Ubuntu by the way. Sorry, have to say it. It may be a derivative, but its not truly Ubuntu.

  4. #4
    Join Date
    Jan 2008
    Location
    Manchester UK
    Beans
    13,636
    Distro
    Ubuntu

    Re: Is my computer compromised?

    Thread moved to Other OS/Distro Talk.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •