Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 39

Thread: rootkit found system compromised

  1. #21
    Join Date
    Jan 2011
    Location
    127.0.0.1
    Beans
    145
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: rootkit found system compromised

    my system was hardened (not saying it was perfect but it was reasonably safe)

    i installed apparmor,selinux, harded the kernel, encrypted huge partions of my hardrive with truecrypt, used a password safe, only used aes encryption, setup firewalls (software firewall and physical firewall), used strong passwords, installed snort, installed 2 anti virus programs, checked all ports (all were steathed none were open) ~ updated my system often, i only downloaded programs from the ubuntu software center.


    i found out before my system was scanned that something was wrong, i was using nmap and was seeing odd packet traffic activity yes from 3 ports (failed to write it down) and had higher then normal cpu usage

    the only thing i would change is connect to the internet with a secure encrypted vpn. ya ill power down now...
    Youtube/user/unguidedone

  2. #22
    Join Date
    Dec 2005
    Location
    Tucson, AZ
    Beans
    1,365

    Re: rootkit found system compromised

    Maybe look into bastille to further lock down the system. Its in the repos.

  3. #23
    Join Date
    Jan 2011
    Location
    127.0.0.1
    Beans
    145
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: rootkit found system compromised

    the rootkit is back....

    the only thing i did not install was bastille (because it failed to run in terminal)

    3 ports are infected and there is +1 users on the system..... (same ports to)
    i am running port senetry so it could be a false positive.

    ill have to reinstall (5th time in total)


    the system is locked down pertty well and remote access is disabled i dont know if they are using ssh. There is a security hole somewhere in here that i have yet to find. ill keep working....
    Youtube/user/unguidedone

  4. #24
    Join Date
    Jun 2006
    Location
    /dev/null
    Beans
    71

    Re: rootkit found system compromised

    I'm no security pro... but...

    What non-default programs are you installing?
    Do you have a backup that you're restoring from?
    Is the drive/partition you're installing to the only one in the system? (And if not, have you tried scanning the other partitions or reinstalling without all the other drives hooked up?)

    Are you installing from a burned ISO, or are you installing from an external drive (and if you are installing from an external drive, has that drive been scanned)?

    The fact that it comes back (and comes back so quick) says to me that either someone is really dedicated and you're being targeted, or there's something snuck into something you're installing, or there's something that found its way onto a backup. If you're using backups, or have stuff outside the repos that you install, try holding off on all that for a while and see if it comes back.

  5. #25
    Join Date
    Jan 2011
    Location
    127.0.0.1
    Beans
    145
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: rootkit found system compromised

    i have the following on my system:

    last fm squabbler
    skype
    diablo 2 lod (tested and its safe)
    codelite
    truecrypt
    wine
    apparmor
    selinux
    codexs to run dvds/mp3's

    i only install stuff from the repository but i was thinking what ever it is that is installed to the boot sector because thats the only area that does not get wiped with i wipe the drives and reinstall.

    but heres something really odd:

    http://ubuntuforums.org/showthread.php?t=1362074

    same problem what i have 100%

    heres the terminal readout :

    julio@julio-ThinkCentre-M52:~$ sudo chkrootkit
    ROOTDIR is `/'
    Checking `amd'... not found
    Checking `basename'... not infected
    Checking `biff'... not found
    Checking `chfn'... not infected
    Checking `chsh'... not infected
    Checking `cron'... not infected
    Checking `crontab'... not infected
    Checking `date'... not infected
    Checking `du'... not infected
    Checking `dirname'... not infected
    Checking `echo'... not infected
    Checking `egrep'... not infected
    Checking `env'... not infected
    Checking `find'... not infected
    Checking `fingerd'... not found
    Checking `gpm'... not found
    Checking `grep'... not infected
    Checking `hdparm'... not infected
    Checking `su'... not infected
    Checking `ifconfig'... not infected
    Checking `inetd'... not infected
    Checking `inetdconf'... not found
    Checking `identd'... not found
    Checking `init'... not infected
    Checking `killall'... not infected
    Checking `ldsopreload'... not infected
    Checking `login'... not infected
    Checking `ls'... not infected
    Checking `lsof'... not infected
    Checking `mail'... not found
    Checking `mingetty'... not found
    Checking `netstat'... not infected
    Checking `named'... not found
    Checking `passwd'... not infected
    Checking `pidof'... not infected
    Checking `pop2'... not found
    Checking `pop3'... not found
    Checking `ps'... not infected
    Checking `pstree'... not infected
    Checking `rpcinfo'... not infected
    Checking `rlogind'... not found
    Checking `rshd'... not found
    Checking `slogin'... not infected
    Checking `sendmail'... not infected
    Checking `sshd'... not found
    Checking `syslogd'... not tested
    Checking `tar'... not infected
    Checking `tcpd'... not infected
    Checking `tcpdump'... not infected
    Checking `top'... not infected
    Checking `telnetd'... not found
    Checking `timed'... not found
    Checking `traceroute'... not found
    Checking `vdir'... not infected
    Checking `w'... not infected
    Checking `write'... not infected
    Checking `aliens'... no suspect files
    Searching for sniffer's logs, it may take a while... nothing found
    Searching for rootkit HiDrootkit's default files... nothing found
    Searching for rootkit t0rn's default files... nothing found
    Searching for t0rn's v8 defaults... nothing found
    Searching for rootkit Lion's default files... nothing found
    Searching for rootkit RSHA's default files... nothing found
    Searching for rootkit RH-Sharpe's default files... nothing found
    Searching for Ambient's rootkit (ark) default files and dirs... nothing found
    Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
    /usr/lib/pymodules/python2.6/.path /usr/lib/firefox-3.6.18/.autoreg /usr/lib/xulrunner-1.9.2.18/.autoreg

    Searching for LPD Worm files and dirs... nothing found
    Searching for Ramen Worm files and dirs... nothing found
    Searching for Maniac files and dirs... nothing found
    Searching for RK17 files and dirs... nothing found
    Searching for Ducoci rootkit... nothing found
    Searching for Adore Worm... nothing found
    Searching for ShitC Worm... nothing found
    Searching for Omega Worm... nothing found
    Searching for Sadmind/IIS Worm... nothing found
    Searching for MonKit... nothing found
    Searching for Showtee... nothing found
    Searching for OpticKit... nothing found
    Searching for T.R.K... nothing found
    Searching for Mithra... nothing found
    Searching for LOC rootkit... nothing found
    Searching for Romanian rootkit... nothing found
    Searching for Suckit rootkit... Warning: /sbin/init INFECTED
    Searching for Volc rootkit... nothing found
    Searching for Gold2 rootkit... nothing found
    Searching for TC2 Worm default files and dirs... nothing found
    Searching for Anonoying rootkit default files and dirs... nothing found
    Searching for ZK rootkit default files and dirs... nothing found
    Searching for ShKit rootkit default files and dirs... nothing found
    Searching for AjaKit rootkit default files and dirs... nothing found
    Searching for zaRwT rootkit default files and dirs... nothing found
    Searching for Madalin rootkit default files... nothing found
    Searching for Fu rootkit default files... nothing found
    Searching for ESRK rootkit default files... nothing found
    Searching for rootedoor... nothing found
    Searching for ENYELKM rootkit default files... nothing found
    Searching for common ssh-scanners default files... nothing found
    Searching for suspect PHP files... nothing found
    Searching for anomalies in shell history files... nothing found
    Checking `asp'... not infected
    Checking `bindshell'... not infected
    Checking `lkm'... chkproc: nothing detected
    chkdirs: nothing detected
    Checking `rexedcs'... not found
    Checking `sniffer'... lo: not promisc and no packet sniffer sockets
    eth0: PACKET SNIFFER(/sbin/dhclient3[7853])
    Checking `w55808'... not infected
    Checking `wted'... chkwtmp: nothing deleted
    Checking `scalper'... not infected
    Checking `slapper'... not infected
    Checking `z2'... user julio deleted or never logged from lastlog!
    Checking `chkutmp'... chkutmp: nothing deleted
    Checking `OSX_RSPLUG'... not infected
    julio@julio-ThinkCentre-M52:~$ sudo rkhunter --check
    [ Rootkit Hunter version 1.3.6 ]

    Checking system commands...

    Performing 'strings' command checks
    Checking 'strings' command [ OK ]

    Performing 'shared libraries' checks
    Checking for preloading variables [ None found ]
    Checking for preloaded libraries [ None found ]
    Checking LD_LIBRARY_PATH variable [ Not found ]

    Performing file properties checks
    Checking for prerequisites [ OK ]
    /bin/bash [ OK ]
    /bin/cat [ OK ]
    /bin/chmod [ OK ]
    /bin/chown [ OK ]
    /bin/cp [ OK ]
    /bin/date [ OK ]
    /bin/df [ OK ]
    /bin/dmesg [ OK ]
    /bin/echo [ OK ]
    /bin/ed [ OK ]
    /bin/egrep [ OK ]
    /bin/fgrep [ OK ]
    /bin/fuser [ OK ]
    /bin/grep [ OK ]
    /bin/ip [ OK ]
    /bin/kill [ OK ]
    /bin/less [ OK ]
    /bin/login [ OK ]
    /bin/ls [ OK ]
    /bin/lsmod [ OK ]
    /bin/mktemp [ OK ]
    /bin/more [ OK ]
    /bin/mount [ OK ]
    /bin/mv [ OK ]
    /bin/netstat [ OK ]
    /bin/ps [ OK ]
    /bin/pwd [ OK ]
    /bin/readlink [ OK ]
    /bin/sed [ OK ]
    /bin/sh [ OK ]
    /bin/su [ OK ]
    /bin/touch [ OK ]
    /bin/uname [ OK ]
    /bin/which [ OK ]
    /bin/dash [ OK ]
    /usr/bin/awk [ OK ]
    /usr/bin/basename [ OK ]
    /usr/bin/chattr [ OK ]
    /usr/bin/cut [ OK ]
    /usr/bin/diff [ OK ]
    /usr/bin/dirname [ OK ]
    /usr/bin/dpkg [ OK ]
    /usr/bin/dpkg-query [ OK ]
    /usr/bin/du [ OK ]
    /usr/bin/env [ OK ]
    /usr/bin/file [ OK ]
    /usr/bin/find [ OK ]
    /usr/bin/GET [ OK ]
    /usr/bin/groups [ OK ]
    /usr/bin/head [ OK ]
    /usr/bin/id [ OK ]
    /usr/bin/killall [ OK ]
    /usr/bin/last [ OK ]
    /usr/bin/lastlog [ OK ]
    /usr/bin/ldd [ OK ]
    /usr/bin/less [ OK ]
    /usr/bin/locate [ OK ]
    /usr/bin/logger [ OK ]
    /usr/bin/lsattr [ OK ]
    /usr/bin/lsof [ OK ]
    /usr/bin/md5sum [ OK ]
    /usr/bin/mlocate [ OK ]
    /usr/bin/newgrp [ OK ]
    /usr/bin/passwd [ OK ]
    /usr/bin/perl [ OK ]
    /usr/bin/pgrep [ OK ]
    /usr/bin/pstree [ OK ]
    /usr/bin/rkhunter [ OK ]
    /usr/bin/runcon [ OK ]
    /usr/bin/sha1sum [ OK ]
    /usr/bin/sha224sum [ OK ]
    /usr/bin/sha256sum [ OK ]
    /usr/bin/sha384sum [ OK ]
    /usr/bin/sha512sum [ OK ]
    /usr/bin/size [ OK ]
    /usr/bin/sort [ OK ]
    /usr/bin/stat [ OK ]
    /usr/bin/strace [ OK ]
    /usr/bin/strings [ OK ]
    /usr/bin/sudo [ OK ]
    /usr/bin/tail [ OK ]
    /usr/bin/test [ OK ]
    /usr/bin/top [ OK ]
    /usr/bin/touch [ OK ]
    /usr/bin/tr [ OK ]
    /usr/bin/uniq [ OK ]
    /usr/bin/users [ OK ]
    /usr/bin/vmstat [ OK ]
    /usr/bin/w [ OK ]
    /usr/bin/watch [ OK ]
    /usr/bin/wc [ OK ]
    /usr/bin/wget [ OK ]
    /usr/bin/whatis [ OK ]
    /usr/bin/whereis [ OK ]
    /usr/bin/which [ OK ]
    /usr/bin/who [ OK ]
    /usr/bin/whoami [ OK ]
    /usr/bin/mawk [ OK ]
    /usr/bin/lwp-request [ OK ]
    /usr/bin/w.procps [ OK ]
    /sbin/depmod [ OK ]
    /sbin/ifconfig [ OK ]
    /sbin/ifdown [ OK ]
    /sbin/ifup [ OK ]
    /sbin/init [ OK ]
    /sbin/insmod [ OK ]
    /sbin/ip [ OK ]
    /sbin/lsmod [ OK ]
    /sbin/modinfo [ OK ]
    /sbin/modprobe [ OK ]
    /sbin/rmmod [ OK ]
    /sbin/runlevel [ OK ]
    /sbin/sulogin [ OK ]
    /sbin/sysctl [ OK ]
    /usr/sbin/adduser [ OK ]
    /usr/sbin/chroot [ OK ]
    /usr/sbin/cron [ OK ]
    /usr/sbin/groupadd [ OK ]
    /usr/sbin/groupdel [ OK ]
    /usr/sbin/groupmod [ OK ]
    /usr/sbin/grpck [ OK ]
    /usr/sbin/nologin [ OK ]
    /usr/sbin/pwck [ OK ]
    /usr/sbin/rsyslogd [ OK ]
    /usr/sbin/tcpd [ OK ]
    /usr/sbin/useradd [ OK ]
    /usr/sbin/userdel [ OK ]
    /usr/sbin/usermod [ OK ]
    /usr/sbin/vipw [ OK ]
    /usr/sbin/unhide-linux26 [ OK ]

    [Press <ENTER> to continue]


    Checking for rootkits...

    Performing check of known rootkit files and directories
    55808 Trojan - Variant A [ Not found ]
    ADM Worm [ Not found ]
    AjaKit Rootkit [ Not found ]
    Adore Rootkit [ Not found ]
    aPa Kit [ Not found ]
    Apache Worm [ Not found ]
    Ambient (ark) Rootkit [ Not found ]
    Balaur Rootkit [ Not found ]
    BeastKit Rootkit [ Not found ]
    beX2 Rootkit [ Not found ]
    BOBKit Rootkit [ Not found ]
    cb Rootkit [ Not found ]
    CiNIK Worm (Slapper.B variant) [ Not found ]
    Danny-Boy's Abuse Kit [ Not found ]
    Devil RootKit [ Not found ]
    Dica-Kit Rootkit [ Not found ]
    Dreams Rootkit [ Not found ]
    Duarawkz Rootkit [ Not found ]
    Enye LKM [ Not found ]
    Flea Linux Rootkit [ Not found ]
    FreeBSD Rootkit [ Not found ]
    Fu Rootkit [ Not found ]
    ****`it Rootkit [ Not found ]
    GasKit Rootkit [ Not found ]
    Heroin LKM [ Not found ]
    HjC Kit [ Not found ]
    ignoKit Rootkit [ Not found ]
    iLLogiC Rootkit [ Not found ]
    IntoXonia-NG Rootkit [ Not found ]
    Irix Rootkit [ Not found ]
    Kitko Rootkit [ Not found ]
    Knark Rootkit [ Not found ]
    ld-linuxv.so Rootkit [ Not found ]
    Li0n Worm [ Not found ]
    Lockit / LJK2 Rootkit [ Not found ]
    Mood-NT Rootkit [ Not found ]
    MRK Rootkit [ Not found ]
    Ni0 Rootkit [ Not found ]
    Ohhara Rootkit [ Not found ]
    Optic Kit (Tux) Worm [ Not found ]
    Oz Rootkit [ Not found ]
    Phalanx Rootkit [ Not found ]
    Phalanx2 Rootkit [ Not found ]
    Phalanx2 Rootkit (extended tests) [ Not found ]
    Portacelo Rootkit [ Not found ]
    R3dstorm Toolkit [ Not found ]
    RH-Sharpe's Rootkit [ Not found ]
    RSHA's Rootkit [ Not found ]
    Scalper Worm [ Not found ]
    Sebek LKM [ Not found ]
    Shutdown Rootkit [ Not found ]
    SHV4 Rootkit [ Not found ]
    SHV5 Rootkit [ Not found ]
    Sin Rootkit [ Not found ]
    Slapper Worm [ Not found ]
    Sneakin Rootkit [ Not found ]
    'Spanish' Rootkit [ Not found ]
    Suckit Rootkit [ Not found ]
    SunOS Rootkit [ Not found ]
    SunOS / NSDAP Rootkit [ Not found ]
    Superkit Rootkit [ Not found ]
    TBD (Telnet BackDoor) [ Not found ]
    TeLeKiT Rootkit [ Not found ]
    T0rn Rootkit [ Not found ]
    trNkit Rootkit [ Not found ]
    Trojanit Kit [ Not found ]
    Tuxtendo Rootkit [ Not found ]
    URK Rootkit [ Not found ]
    Vampire Rootkit [ Not found ]
    VcKit Rootkit [ Not found ]
    Volc Rootkit [ Not found ]
    Xzibit Rootkit [ Not found ]
    X-Org SunOS Rootkit [ Not found ]
    zaRwT.KiT Rootkit [ Not found ]
    ZK Rootkit [ Not found ]

    Performing additional rootkit checks
    Suckit Rookit additional checks [ OK ]
    Checking for possible rootkit files and directories [ None found ]
    Checking for possible rootkit strings [ None found ]

    Performing malware checks
    Checking running processes for suspicious files [ None found ]
    Checking for login backdoors [ None found ]
    Checking for suspicious directories [ None found ]
    Checking for sniffer log files [ None found ]

    Performing Linux specific checks
    Checking loaded kernel modules [ OK ]
    Checking kernel module names [ OK ]

    [Press <ENTER> to continue]


    Checking the network...

    Performing check for backdoor ports
    Checking for TCP port 1524 [ Not found ]
    Checking for TCP port 1984 [ Not found ]
    Checking for UDP port 2001 [ Not found ]
    Checking for TCP port 2006 [ Not found ]
    Checking for TCP port 2128 [ Not found ]
    Checking for TCP port 6666 [ Not found ]
    Checking for TCP port 6667 [ Not found ]
    Checking for TCP port 6668 [ Not found ]
    Checking for TCP port 6669 [ Not found ]
    Checking for TCP port 7000 [ Not found ]
    Checking for TCP port 13000 [ Not found ]
    Checking for TCP port 14856 [ Not found ]
    Checking for TCP port 25000 [ Not found ]
    Checking for TCP port 29812 [ Not found ]
    Checking for TCP port 31337 [ Not found ]
    Checking for TCP port 32982 [ Not found ]
    Checking for TCP port 33369 [ Not found ]
    Checking for TCP port 47107 [ Not found ]
    Checking for TCP port 47018 [ Not found ]
    Checking for TCP port 60922 [ Not found ]
    Checking for TCP port 62883 [ Not found ]
    Checking for TCP port 65535 [ Not found ]

    Performing checks on the network interfaces
    Checking for promiscuous interfaces [ None found ]

    [Press <ENTER> to continue]


    Checking the local host...

    Performing system boot checks
    Checking for local host name [ Found ]
    Checking for system startup files [ Found ]
    Checking system startup files for malware [ None found ]

    Performing group and account checks
    Checking for passwd file [ Found ]
    Checking for root equivalent (UID 0) accounts [ None found ]
    Checking for passwordless accounts [ None found ]
    Checking for passwd file changes [ None found ]
    Checking for group file changes [ None found ]
    Checking root account shell history files [ None found ]

    Performing system configuration file checks
    Checking for SSH configuration file [ Not found ]
    Checking for running syslog daemon [ Found ]
    Checking for syslog configuration file [ Found ]
    Checking if syslog remote logging is allowed [ Not allowed ]

    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ Warning ]

    [Press <ENTER> to continue]



    System checks summary
    =====================

    File properties checks...
    Files checked: 130
    Suspect files: 0

    Rootkit checks...
    Rootkits checked : 242
    Possible rootkits: 0

    Applications checks...
    All checks skipped

    The system checks took: 1 minute and 24 seconds

    All results have been written to the log file (/var/log/rkhunter.log)

    One or more warnings have been found while checking the system.
    Please check the log file (/var/log/rkhunter.log)

    julio@julio-ThinkCentre-M52:~$


    strange huh?


    from rkunter.log

    [18:22:38] Checking for running syslog daemon [ Found ]
    [18:22:38] Checking for syslog configuration file [ Found ]
    [18:22:38] Info: Found syslog configuration file: /etc/rsyslog.conf
    [18:22:38] Checking if syslog remote logging is allowed [ Not allowed ]
    [18:22:38]
    [18:22:38] Performing filesystem checks
    [18:22:38] Info: Starting test name 'filesystem'
    [18:22:38] Info: SCAN_MODE_DEV set to 'THOROUGH'
    [18:22:39] Checking /dev for suspicious file types [ Warning ]
    [18:22:39] Warning: Suspicious file types found in /dev:
    [18:22:39] /dev/shm/pulse-shm-2435996179: data
    [18:22:39] /dev/shm/pulse-shm-112226101: data
    [18:22:39] /dev/shm/pulse-shm-3764120937: data
    [18:22:39] /dev/shm/pulse-shm-3230137181: data
    [18:22:39] /dev/shm/pulse-shm-2994921804: data
    [18:22:39] /dev/shm/ecryptfs-julio-Private: ASCII text
    [18:22:39] Checking for hidden files and directories [ Warning ]
    [18:22:39] Warning: Hidden directory found: /dev/.udev
    [18:22:39] Warning: Hidden directory found: /dev/.initramfs
    [18:22:39] Warning: Hidden file found: /dev/.blkid.tab: ASCII text
    [18:22:39] Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text
    [18:22:43]
    [18:22:43] Info: Test 'apps' disabled at users request.
    [18:22:43]
    [18:22:43] System checks summary
    [18:22:43] =====================
    [18:22:43]
    [18:22:43] File properties checks...
    [18:22:43] Files checked: 130
    [18:22:43] Suspect files: 0
    [18:22:43]
    [18:22:43] Rootkit checks...
    [18:22:43] Rootkits checked : 242
    [18:22:43] Possible rootkits: 0
    [18:22:43]
    [18:22:43] Applications checks...
    [18:22:43] All checks skipped
    [18:22:43]
    [18:22:43] The system checks took: 1 minute and 24 seconds
    [18:22:43]
    [18:22:43] Info: End date is Wed Jun 29 18:22:43 MST 2011

    "data" is a 5 gb truecrypt container ment for holding secure files and its empty but the odd thing is "data" the file i made is in home folder so thats quite odd.
    Last edited by Unguidedone; June 30th, 2011 at 02:33 AM.
    Youtube/user/unguidedone

  6. #26
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: rootkit found system compromised

    Ok -- let's take it back to square 1.

    First , the above output does not show anything that leads me to believe there is a root-kit present on the system as of this moment.

    Second, chkrootkit really is not the best option for Ubuntu, it tends to return a lot of false positives because of how Ubuntu functions. In order to maintain compatibility with certain scripts Ubuntu uses symlinks in place of certain files that by default are not installed on this distribution. This makes chkrootkit crap its pants thinking something bad is happening when in reality it's nothing out of the ordinary.

    Third, if you're using nmap to scan your machine FROM your machine, any firewalling you have in place is going to be bypassed (due to UFW automatically allowing loopback traffic). So you're going to get different results then someone scanning your computer remotely. If you're really concerned about outbound traffic, I would use wireshark to monitor it and see what is going on. See what is connecting to where. Failing this use netstat to find out what is listening (discount things listening only on localhost). You are particularly interested in ESTABLISHED or LISTENING sockets.

    Fourth , SELinux and Apparmor don't play well together, I would advise using only one.

    Fifth, I highly doubt that you got a rootkit that is still residing on your hard drive. IF for some reason it has eluded your multiple reinstalls. You can wipe your entire hard drive from a liveCD prior to reinstalling. You can do something like this

    Code:
    sudo shred -n7 -v /dev/sda
    WARNING: THIS WILL DESTROY ALL DATA ON THE HARD DRIVE IT IS USED ON, IT IS HIGHLY IMPROBABLE THAT THIS DATA WILL EVER BE RECOVERED

    Then reinstall your OS.

    Sixth, I really think you're letting this get to you too much. If anything follow the above step, reinstall fresh, don't install anything from the previous installation, turn on UFW and just chill out for a little bit.

    Edit: Another suggestion would be once you have your OS back up install your programs in a VM instance 1 at a time and observe which one of them is backdoored.

    Good luck.
    Last edited by Dangertux; June 30th, 2011 at 02:52 AM.

  7. #27
    Join Date
    Jan 2011
    Location
    127.0.0.1
    Beans
    145
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: rootkit found system compromised

    ok just to be safe ill do a full wipe


    very useful command ^.^

    I am thinking of getting some thermite in a bag resting on top of the ssd (airtight so it does not dirty my computers system) and have a small glass bottle of kmn04/glycerin so i can break the bottle with a metal pin and have it leak. I can always test out that command instead but i dont have to type a sudo password : )

    Youtube/user/unguidedone

  8. #28
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: rootkit found system compromised

    Quote Originally Posted by Unguidedone View Post
    ok just to be safe ill do a full wipe


    very useful command ^.^

    I am thinking of getting some thermite in a bag resting on top of the ssd (airtight so it does not dirty my computers system) and have a small glass bottle of kmn04/glycerin so i can break the bottle with a metal pin and have it leak. I can always test out that command instead but i dont have to type a sudo password : )
    Or maybe you should just go out with friends and let the paranoia wear off? LOL

    The new Transformers movie was pretty cool , should go see that.

  9. #29
    Join Date
    Jun 2006
    Location
    /dev/null
    Beans
    71

    Re: rootkit found system compromised

    Yeah there always is the possibility of a false positive with any security scanner. If you know that you've been installing from scratch and have been using an uninfected install disk, I wouldn't worry about it. Try another anti-rootkit, and if that checks out OK then don't worry.

  10. #30
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: rootkit found system compromised

    Quote Originally Posted by Dangertux View Post
    Or maybe you should just go out with friends and let the paranoia wear off? LOL

    The new Transformers movie was pretty cool , should go see that.
    wait, so, the suggestion is to get out and be more sociable, but also to go see Michael Bay's latest crapfest? my guess is that will instill additional paranoia and agoraphobia.
    Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

Page 3 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •