Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: replacing /sbin/init

  1. #1
    Join Date
    Mar 2010
    Beans
    46

    replacing /sbin/init

    How common is it to find a rootkit on my ubuntu system? How would it have gotten there? Is it more likely that some one with acess to my machine put it there via the same network?

  2. #2
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    4,587
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Rootkit found on my system

    Firstly, which one is it?
    What tool did you use to find it?

    And as far as someone else using your computer, that'll be one way of getting infected.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  3. #3
    Join Date
    Mar 2010
    Beans
    46

    Re: Rootkit found on my system

    I used chkrootkit and rthunter. I think it found something called "suckit rootkit"

  4. #4
    Join Date
    Mar 2010
    Beans
    46

    Re: Rootkit found on my system

    oh sorry and the infected file was /sbin/init
    also 2 java files were marked suspicious.

    I delete the java files... then the /sbin/init.. im sure just by reading this you know my ubuntu wont start anymore.
    how do I get a new /sbin/init file?

  5. #5
    Join Date
    Nov 2013
    Location
    Nomadic life
    Beans
    548
    Distro
    Ubuntu

    Re: Rootkit found on my system

    You need to post more details for anyone to be able to answer your question.


    I've been haunting various Linux forums for several years and I can't remember anyone actually finding a rootkit. There have been tons of false positives though.


    Compare your output to these, see if it's the same: http://ubuntuforums.org/showthread.php?t=1554553
    https://bugs.launchpad.net/ubuntu/+s...it/+bug/454566
    Knock knock.
    Race condition.
    Who's there?

  6. #6
    Join Date
    Nov 2013
    Location
    Nomadic life
    Beans
    548
    Distro
    Ubuntu

    Re: Rootkit found on my system

    We posted nearly simultaneously. Research the possibility that it's a false positive (using the links in my previous post) before you replace the file.
    Knock knock.
    Race condition.
    Who's there?

  7. #7
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Rootkit found on my system

    Quote Originally Posted by bashiergui View Post
    We posted nearly simultaneously. Research the possibility that it's a false positive (using the links in my previous post) before you replace the file.
    Quote Originally Posted by REMIX8604 View Post
    ...

    I delete the java files... then the /sbin/init.. im sure just by reading this you know my ubuntu wont start anymore.
    how do I get a new /sbin/init file?
    Too late ...

  8. #8
    Join Date
    Nov 2013
    Location
    Nomadic life
    Beans
    548
    Distro
    Ubuntu

    Re: Rootkit found on my system



    Ugh. I think this has turned into a General Support problem now. But does it boot to grub? Start reading this https://help.ubuntu.com/12.10/instal...86/rescue.html
    Knock knock.
    Race condition.
    Who's there?

  9. #9
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: replacing /sbin/init

    Thread moved to General Help.

    Retitled - you've got bigger issues now than a false positive.

  10. #10
    Join Date
    Mar 2010
    Beans
    46

    Re: replacing /sbin/init

    ok so I got it to boot once again. I made a live usb and copied the init file used on the USB to where my init used to be. I did the little .mem .xrk test described in the link you gave and both file types did show up.

    It looks like a false positive. sorry to be a bother. I have a programmer family member who thinks no one deserves privacy but him.

    whats not normal was the 2 java files that were suspicious.
    Last edited by REMIX8604; February 10th, 2014 at 11:25 AM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •