Re: [Rkhunter-users] Possible Rootkit

Mon, 07 Dec 2009 08:56:39 -0800 

Mark Misulich wrote:
> Hi,
> I recently installed rkhunter-1.3.6 on my laptop computer on two
> linux operating systems.  On this laptop I have opensuse 11.1 and
> Elive development version 1.9.51 installed, along with Win7. I just
> purchased the laptop so both linux instalations are fresh installs.

Why would you suspect that a computer with a fresh install would
have a rootkit? I'd use this to build experience with the tool,
not to suspect the install.

> When I ran rkhunter -c --sk to check for rootkits on the Elive
> installation, I got a positive result.
> 
> when checking for rootkits...
> 
> Performing check of known rootkit files and directories
> 
> Xzibit Rootkit              {Not found}
> 
> Performing additional rootkit checks
> 
> Checking for possible rootkit strings   {Warning}
> 
> Rootkit checks...
>       Possible rootkits: 2
>       Rootkit names:  Xzibit Rootkit, Xzibit Rootkit

This looks like a false positive to me. The rootkit was
explicitly stated as not found. There are some possible
indications, that's all. I'd investigate further before...

[...]

> fix since it was a fresh install anyways.  So I reformatted the root
> and home partitions several times and then reinstalled Elive.

... doing something like this. In any case, it's never necessary to
reformat a drive.

> Before I got to far into the installation and use of Elive after the
> fresh install, I downloaded rkhunter and ran a scan again.  It showed
> the same results on the fresh install of Elive, same rootkit.  I

This confirms in my mind that you have a false positive.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to