Highest Voted 'rootkit' Questions - Server Fault Stack Exchange

21

votes

6 answers

Putting a whole linux server under source control (git)

I am thinking about putting my whole linux server under version control using git. The reason behind it being that that might be the easiest way to detect malicious modifications/rootkits. All I would naively think is necessary to check the…

asked Mar 17 '11 at 15:40

Tobias Hertkorn

359
5
12

12

votes

5 answers

how to find out what created a file?

I have some virus files being randomly created on root of a c: disk of one of my servers. How can I find out what created it? Some 3rd party software maybe?

windows malware rootkit

asked Jun 05 '09 at 17:14

Boris Vezmar

163
2
2
8

11

votes

10 answers

Pull network or power? (for contianing a rooted server)

When a server gets rooted (e.g. a situation like this), one of the first things that you may decide to do is containment. Some security specialists advise not to enter remediation immediately and to keep the server online until forensics are…

rootkit security

asked Jan 03 '11 at 20:36

Aleksandr Levchuk

2,415
3
21
41

10

votes

8 answers

How to check if a Linux server is clean from rootkits/backdoors/botnets etc.?

In case a Linux server was exposed to the internet with extreme low security policy (r/w anonymous Samba folders, Firebird database server with default admin password, no firewall, etc.) for a week, then how do I make sure the system is not…

linux ubuntu security rootkit botnet

asked Jul 08 '10 at 21:05

Ivan

3,288
19
48
70

8

votes

8 answers

A list of Windows rootkit detection and removal tools

A list of rootkit detection and/or removal tools from publicly trusted sources: Name, Vendor, Latest release RootkitRevealer, Sysinternals, November 1 2006 Rootkit Unhooker, ep_x0ff (now working at Microsoft according to Rootkit.com), December…

windows anti-virus rootkit

asked May 08 '09 at 07:02

Jonathan Parker

131
2
8

8

votes

5 answers

Pain removing a perl rootkit

So, we host a geoservice webserver thing at the office. Someone apparently broke into this box (probably via ftp or ssh), and put some kind of irc-managed rootkit thing. Now I'm trying to clean the whole thing up, I found the process pid who tries…

linux security perl process rootkit

asked Nov 11 '10 at 16:23

paul.ago

201
2
7

6

votes

2 answers

RtKit on my ubuntu?

Hi I just updated my ubuntu karmic Koala to Lucid Lynx and found sth strange on my file /etc/passwd. rtkit:x:120:130:RealtimeKit,,,:/proc:/bin/false Can someone tell me what it is?

ubuntu passwd rootkit

asked Jun 03 '10 at 13:35

Dimitri

181
1
1
5

6

votes

6 answers

Check integrity of Debian system after possible rootkit?

I have a system that was possibly rootkited (the IRC bot was installed and +ai attributes were set on /usr/bin, /usr/sbin, /bin, /sbin). The IRC bots were deleted and system was upgraded to 5.0.4 from 4.0. I'm afraid that something in the folders…

debian rootkit

asked Mar 19 '10 at 06:45

artvolk

309
2
10

5

votes

2 answers

Rootkit Revealer is failing to run, why?

On a user's laptop (Windows 7 x64), terrible performance led me to suspect a rootkit after ruling almost everything else out. I checked boot entries with Autoruns and ran a full scan with Malwarebytes, and both came up more or less clean. I…

malware rootkit

asked May 10 '13 at 13:19

Bigbio2002

2,763
11
34
51

5

votes

6 answers

Anti-Rootkit programs

What program do you use for detecting Rootkits? How do you know what to trust?

linux security rootkit

asked May 04 '09 at 16:28

Terry

1,073
1
11
17

5

votes

8 answers

Identifying changed files on *nix webserver

Looking for some (*nix) software which will build an index of "interesting" files on a server and notify when certain of those files contents are modified, or new files appear. Similar to rkhunter et al, but less focussed on system binaries and more…

linux security unix exploit rootkit

asked Jun 09 '09 at 21:29

Chris Burgess

165
7

5

votes

3 answers

Weird set of shell commands in root's .bash_history

I have probably just detected that a user on a server of mine has rooted my server, but that's not what I'm asking. Has anyone ever seen command like these: echo _EoT_0.249348813417008_; id; echo _EoT_0.12781402577841_; echo $PATH && a=`env |grep…

linux security exploit rootkit hacking

asked Nov 22 '10 at 18:57

mr.b

583
10
25

5

votes

2 answers

ifconfig showing wrong RX/TX byte count

ifconfig tells for eth0 some RX = 2,8GB, TX = 1,3GB value that cannot be real, since I recently transmitted many 10GB+ files over eth0. I would like to know if that's just some ordinary integer overflow (4GB limit) or if that's an indicator that…

ifconfig rootkit

asked Jul 23 '10 at 13:44

nils

3

votes

1 answer

How to detect Bios Rootkits on a server mainboard?

I recently read about a talk by Corey Kallenberg and Xeno Kovah given at the CanSecWest-conference which describes how the firmware of a server mainboard can be reprogrammed to include malicious software. This has left me really worried! I'm now…

security bios rootkit

asked Mar 24 '15 at 11:07

pefu

629
6
20

2

votes

1 answer

What to do if rkhunter finds a possible rootkit?

ran rkhunter tonight, and I got this for the results: [04:17:34] System checks summary [04:17:34] ===================== [04:17:34] [04:17:34] File properties checks... [04:17:34] Files checked: 133 [04:17:34] Suspect files: 16 [04:17:34] [04:17:34]…

linux ubuntu rootkit rkhunter

asked Jul 12 '14 at 06:13

Alex Douglas

323
1
4
11

Questions tagged [rootkit]