Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: How to get rid of crackers?

  1. #11
    Join Date
    Jun 2009
    Location
    SW Forida
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How to get rid of crackers?

    Are you sure you do not have a feature - Intel SRT?
    You mention Windows 8 and a small drive. That usually is a SSD used as cache for Windows. And is configured from Windows & UEFI as Intel SRT. It may have RAID meta data still on drive. Many that use Ubuntu primarily, just install / (root) to the SSD and put data or /home on the rotating drive.

    Intel Smart Response Technology
    http://www.intel.com/p/en_US/support...ts/chpsts/imsm
    Some general info in post #3
    http://ubuntuforums.org/showthread.php?t=2071242
    ubuntu 12.10 & Windows 8 oem Sony T & Intel SRT
    http://ubuntuforums.org/showthread.php?t=2090605
    Intel SRT - Dell XPS Screen shots of Intel SRT screens & lots of details
    http://ubuntuforums.org/showthread.php?t=2038121
    http://ubuntuforums.org/showthread.php?t=2036204
    Details in post #10 on an install that worked
    http://ubuntuforums.org/showthread.php?t=2020155
    Dell XPS Intel SRT issue on hibernating post #25
    http://ubuntuforums.org/showthread.php?t=1932965
    Some info on re-instating details in post #9 Dell 14z
    http://ubuntuforums.org/showthread.php?t=2038121
    http://ubuntuforums.org/showthread.php?t=2070491
    Ubuntu on hard drive, re-enable SRT post #19 details
    http://ubuntuforums.org/showthread.php?t=2129157
    Disable the RAID, it was using the Intel rapid management thingy and telling it to disable the acceleration or the use of the SSD. If you have a different system, just disable the RAID system then install Ubuntu. Once installed you can then re-enable it.
    sudo dmraid -E -r /dev/sda
    sudo dmraid -E -r /dev/sdb
    You will need to use the dmraid command prior to running the Ubuntu Installer so that it will be able to see the partitions on the drive because otherwise with the raid metadata in place it will see the drive as part of a raid set and ignore its partitions.
    For more info on UEFI boot install & repair - Regularly Updated :
    http://ubuntuforums.org/showthread.php?t=2147295
    Please use Thread Tools above first post to change to [Solved] when/if answered completely.

  2. #12
    Join Date
    Apr 2013
    Beans
    8

    Re: How to get rid of crackers?

    Here's just the output of chkrootkit:
    Code:
      chkrootkit
    ROOTDIR is `/'
    Checking `amd'...                                           not found
    Checking `basename'...                                      not infected
    Checking `biff'...                                          not found
    Checking `chfn'...                                          not infected
    Checking `chsh'...                                          not infected
    Checking `cron'...                                          not infected
    Checking `crontab'...                                       not infected
    Checking `date'...                                          not infected
    Checking `du'...                                            not infected
    Checking `dirname'...                                       not infected
    Checking `echo'...                                          not infected
    Checking `egrep'...                                         not infected
    Checking `env'...                                           not infected
    Checking `find'...                                          not infected
    Checking `fingerd'...                                       not found
    Checking `gpm'...                                           not found
    Checking `grep'...                                          not infected
    Checking `hdparm'...                                        not infected
    Checking `su'...                                            not infected
    Checking `ifconfig'...                                      not infected
    Checking `inetd'...                                         not infected
    Checking `inetdconf'...                                     not found
    Checking `identd'...                                        not found
    Checking `init'...                                          not infected
    Checking `killall'...                                       not infected
    Checking `ldsopreload'...                                   not infected
    Checking `login'...                                         not infected
    Checking `ls'...                                            not infected
    Checking `lsof'...                                          not infected
    Checking `mail'...                                          not found
    Checking `mingetty'...                                      not found
    Checking `netstat'...                                       not infected
    Checking `named'...                                         not found
    Checking `passwd'...                                        not infected
    Checking `pidof'...                                         not infected
    Checking `pop2'...                                          not found
    Checking `pop3'...                                          not found
    Checking `ps'...                                            not infected
    Checking `pstree'...                                        not infected
    Checking `rpcinfo'...                                       not found
    Checking `rlogind'...                                       not found
    Checking `rshd'...                                          not found
    Checking `slogin'...                                        not infected
    Checking `sendmail'...                                      not infected
    Checking `sshd'...                                          not found
    Checking `syslogd'...                                       not tested
    Checking `tar'...                                           not infected
    Checking `tcpd'...                                          not infected
    Checking `tcpdump'...                                       not infected
    Checking `top'...                                           not infected
    Checking `telnetd'...                                       not found
    Checking `timed'...                                         not found
    Checking `traceroute'...                                    not found
    Checking `vdir'...                                          not infected
    Checking `w'...                                             not infected
    Checking `write'...                                         not infected
    Checking `aliens'...                                        no suspect files
    Searching for sniffer's logs, it may take a while...        nothing found
    Searching for rootkit HiDrootkit's default files...         nothing found
    Searching for rootkit t0rn's default files...               nothing found
    Searching for t0rn's v8 defaults...                         nothing found
    Searching for rootkit Lion's default files...               nothing found
    Searching for rootkit RSHA's default files...               nothing found
    Searching for rootkit RH-Sharpe's default files...          nothing found
    Searching for Ambient's rootkit (ark) default files and dirs... nothing found
    Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:  
    /usr/lib/debug/.build-id /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/jvm/.java-1.7.0-openjdk-amd64.jinfo /usr/lib/pymodules/python2.7/.path
    /usr/lib/debug/.build-id
    Searching for LPD Worm files and dirs...                    nothing found
    Searching for Ramen Worm files and dirs...                  nothing found
    Searching for Maniac files and dirs...                      nothing found
    Searching for RK17 files and dirs...                        nothing found
    Searching for Ducoci rootkit...                             nothing found
    Searching for Adore Worm...                                 nothing found
    Searching for ShitC Worm...                                 nothing found
    Searching for Omega Worm...                                 nothing found
    Searching for Sadmind/IIS Worm...                           nothing found
    Searching for MonKit...                                     nothing found
    Searching for Showtee...                                    nothing found
    Searching for OpticKit...                                   nothing found
    Searching for T.R.K...                                      nothing found
    Searching for Mithra...                                     nothing found
    Searching for LOC rootkit...                                nothing found
    Searching for Romanian rootkit...                           nothing found
    Searching for Suckit rootkit...                             nothing found
    Searching for Volc rootkit...                               nothing found
    Searching for Gold2 rootkit...                              nothing found
    Searching for TC2 Worm default files and dirs...            nothing found
    Searching for Anonoying rootkit default files and dirs...   nothing found
    Searching for ZK rootkit default files and dirs...          nothing found
    Searching for ShKit rootkit default files and dirs...       nothing found
    Searching for AjaKit rootkit default files and dirs...      nothing found
    Searching for zaRwT rootkit default files and dirs...       nothing found
    Searching for Madalin rootkit default files...              nothing found
    Searching for Fu rootkit default files...                   nothing found
    Searching for ESRK rootkit default files...                 nothing found
    Searching for rootedoor...                                  nothing found
    Searching for ENYELKM rootkit default files...              nothing found
    Searching for common ssh-scanners default files...          nothing found
    Searching for suspect PHP files...                          nothing found
    Searching for anomalies in shell history files...           nothing found
    Checking `asp'...                                           not infected
    Checking `bindshell'...                                     not infected
    Checking `lkm'...                                           You have     2 process hidden for readdir command
    You have     2 process hidden for ps command
    chkproc: Warning: Possible LKM Trojan installed
    chkdirs: nothing detected
    Checking `rexedcs'...                                       not found
    Checking `sniffer'...                                       lo: not promisc and no packet sniffer sockets
    wlan0: PACKET SNIFFER(/sbin/wpa_supplicant[1222], /sbin/dhclient (deleted)[14094])
    Checking `w55808'...                                        not infected
    Checking `wted'...                                          chkwtmp: nothing deleted
    Checking `scalper'...                                       not infected
    Checking `slapper'...                                       not infected
    Checking `z2'...                                            user nick deleted or never logged from lastlog!
    Checking `chkutmp'...                                        The tty of the following user process(es) were not found
     in /var/run/utmp !
    ! RUID          PID TTY    CMD
    ! root        20972 pts/5  synaptic
    ! root        21984 pts/7  /usr/bin/dpkg --status-fd 82 --configure libyaml-0-2:amd64 rkhunter:all chkrootkit:amd64 libruby1.9.1:amd64 postfix:amd64 ruby1.9.1:amd64 ruby:all unhide.rb:all
    ! root        29763 pts/7  /bin/sh /var/lib/dpkg/info/menu.postinst triggered /usr/share/menu
    ! root        29764 pts/7  update-menus --trigger
    ! root        29794 pts/7  /usr/bin/install-menu /etc/menu-methods/xdg-desktop-entry-spec-apps
    chkutmp: nothing deleted
    Checking `OSX_RSPLUG'...                                    not infected

  3. #13
    Join Date
    Dec 2005
    Location
    Western Australia
    Beans
    11,480
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How to get rid of crackers?

    I don't think the hidden files are anything to worry about. Hidden processes are a bit more irregular, but I think it's highly unlikely you have a rootkit, especially if you get the same warning messages from a live CD.

    Anti-rootkit programs turn up a lot of false positives. They are only avenues for investigation, not definite identification.

    Also, it is normal to have Samba and SSH installed by default. They are only the client software though, not the servers. If you are not running servers, it is almost impossible for you to get a rootkit.
    I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.

  4. #14
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 17.10 Artful Aardvark

    Re: How to get rid of crackers?

    Quote Originally Posted by 3rdalbum View Post
    Anti-rootkit programs turn up a lot of false positives. They are only avenues for investigation, not definite identification.
    +1
    Ergo, to use a rootkit checker properly, the user should have a specific issue or occurrence in mind. Did we do something stupid recently, like install an unknown app from i-own-you.com? Do we suspect someone of physically accessing our system and installing something nasty while we weren't around? Did we run our system for a time with all ports open? Have we neglected to update our system for months? Did we visit questionable web sites with all scripts enabled and clicked "yes" to whatever it was the site asked us to do?

    If you are not running servers, it is almost impossible for you to get a rootkit.
    I think I understand what @3rdalbum is trying to say here, but this is not quite accurate. Ubuntu/Linux is not a magic wand. It cannot protect people from their own foolishness or stupidity. New users on these forums constantly ask for instructions on how to:

    1. nerf password challenge at login.
    2. nerf authentication altogether.
    3. activate root account.
    4. run as root by default.
    5. install every scripting language in creation on their browser, including stuff they've never heard of.
    6. install the I-swear-I'm-not-a-trojan package that they downloaded from gotcha-now.ru
    7. disable apparmor
    8. disable Linux file and system privileges because they are "too complicated" to learn.

    A user who does all of the above will have successfully turned Linux into Windows and would then be fully justified in worrying about malware.

    @putStrLnNick

    If there is a theme to what I'm trying to say, it is this:

    Learning about chkrootkit, snort, or tripwire is all very good when the time comes, but is definitely secondary to learning about good primary practices like firewall and apparmor configuration; hardening your browser with noscript, adblock, better privacy and a cookie manager; encrypting sensitive data; and most of all, changing our security mindset from the Windows "install anti-virus and forget about it" to the far more secure "be knowledgeable and act responsibly" mindset of Linux. My advice would be to put chkrootkit aside for a time, until you are more familiar with the workings of Linux and can differentiate the false positives from the real threats. Instead, start implementing the primary security practices I've linked to in post #9. If you execute what is contained in them, I suspect that you will then greatly diminish your concerns about rootkits at all.

  5. #15
    Join Date
    Apr 2013
    Beans
    8

    Re: How to get rid of crackers?

    Thanks to all for the advice. Will apply it as best I can.

  6. #16
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 17.10 Artful Aardvark

    Re: How to get rid of crackers?

    In all of the back-and-forth, forgot to welcome you to the forums and to Ubuntu/Linux--a place where you can forget about anti-virus and enjoy computing again.

    Good luck and Happy Ubuntuing!

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •