Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Do I have a rootkit?

  1. November 9th, 2018 #11
    feliixx
    feliixx is offline First Cup of Ubuntu
    Join Date
    Nov 2018
    Beans
    7

    Re: Do I have a rootkit?

    Thank you. Yes "user@latop" are my real ids. I wanted something neutral.

    OK, I will process these further checks and see what happens. I understand the best would be to wipe the system.It's probably time to move to Ubuntu 18.04 as I was still on the 16.04.
    Advanced reply Adv Reply  
  2. November 9th, 2018 #12
    TheFu's Avatar
    TheFu
    TheFu is offline <--- Run xman to see that window.
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Do I have a rootkit?

    I'm on 16.04. 18.04 just isn't ready for my needs yet. Support for 16.04 has 3 more years. No hurry.

    I'm not gonna try to figure out that command. Sorry.

    Did you check the different crontab locations? There are 6+ places that a task can be started by cron or anacron.
    Advanced reply Adv Reply  
  3. November 9th, 2018 #13
    feliixx
    feliixx is offline First Cup of Ubuntu
    Join Date
    Nov 2018
    Beans
    7

    Re: Do I have a rootkit?

    Thanks. Anyway I'm going to reinstall everything. Unfortunately, I'm on Kubuntu, so it is only supported for 3 years. I will check these contrabs but I'd like to try first something on ufw before wiping the system.

    Do you have any rule to suggest to add to ufw?

    It is probably my last message here so thanks for your help!
    Advanced reply Adv Reply  
  4. November 21st, 2018 #14
    cam17
    cam17 is offline Frothy Coffee!
    Join Date
    Feb 2016
    Beans
    210

    Re: Do I have a rootkit?

    I have noticed that my /tmp directory has the following files, note the highlight red. This file occurs after a reboot.

    -rw------- 1 mac mac 0 Nov 21 06:53 config-err-W58x71    drwx------ 2 mac mac 4096 Nov 21 06:53 ssh-YMOUArFgSVPF
    drwx------ 3 root root 4096 Nov 21 06:52 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-bolt.service-YjdSfv
    drwx------ 3 root root 4096 Nov 21 06:52 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-colord.service-aXkyZU
    drwx------ 3 root root 4096 Nov 21 06:52 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-rtkit-daemon.service-eoSBC4
    drwx------ 3 root root 4096 Nov 21 06:53 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-systemd-hostnamed.service-4as32V
    drwx------ 3 root root 4096 Nov 21 06:53 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-systemd-localed.service-03Rqrv
    drwx------ 3 root root 4096 Nov 21 06:52 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-systemd-resolved.service-2UKwWN
    drwx------ 3 root root 4096 Nov 21 06:52 systemd-private-d2c674aa69a948ec8a8a3d39aaeca4bf-systemd-timesyncd.service-4SLui4
    drwx------ 2 mac mac 4096 Nov 21 06:54 Temp-4d891332-0501-4a43-bf11-9c68a50bfae1
    Advanced reply Adv Reply  
  5. November 21st, 2018 #15
    howefield
    howefield is offline Ultimate Coffee Grinder
    Join Date
    Oct 2006
    Beans
    58,286

    Re: Do I have a rootkit?

    ....rtkit-daemon.service...
    https://www.mankier.com/package/rtkit
    https://www.mankier.com/8/rtkitctl
    Advanced reply Adv Reply  
  6. November 22nd, 2018 #16
    jay-marm
    jay-marm is offline First Cup of Ubuntu
    Join Date
    Nov 2018
    Beans
    2

    Re: Do I have a rootkit?

    A quick check on that address via virus total: https://www.virustotal.com/#/ip-address/145.14.145.231 Lots of hits detected.
    Advanced reply Adv Reply  
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct