Highest Voted 'rootkit' Questions - Server Fault Stack Exchange

0

votes

0 answers

chkrootkit awk not found

I am using chkrootkit 0.53 on my ubuntu dekstop 18.04 When I was doing scan with ` ./chkrootkit -p /folder it give me error chkrootkit: can't find 'awk' . Could anyone help? Thank you

ubuntu-18.04 awk rootkit

asked Mar 27 '19 at 02:04

rosada

16
3

0

votes

1 answer

Unknown device: detected open ports on server that should not exist?

While running a network scan I found open tcp ports reported for a linux machine (port 22-Openssh debian; ports 5124/5127/7582/8282 - Tunnel is OpenSSL) but we only have one linux box and this was not it. When I traced the mac address back to the…

networking windows-server-2012-r2 malware port-scanning rootkit

asked May 01 '17 at 03:31

user1840734

111
3

0

votes

0 answers

rkhunter reports suspicious activity /bin/usr/wget and killall permissions changed

Sorry about the long post but please bear with me. I'm wondering if my system has been compromised. I've had issues in the past on this VM server with a Linux.BackDoor.Gates.5 Trojan that was DDoSing other servers. I have multiple backups of the VM…

security iptables rootkit rkhunter malware

asked Aug 17 '14 at 09:51

D.Mill

379
5
15

0

votes

1 answer

Strange ports on default install of W7

I have a base new install of windows 7, and when I went to look for something else I saw the attached netstat output. What concerns me is that this is Windows + Truecrypt + drivers, nothing else installed. The sequential high ranged ports belonging…

windows-7 anti-virus netstat malware rootkit

asked Oct 28 '13 at 15:37

Sabre

283
1
10

0

votes

1 answer

How can I remove SHV4 / SHV5 rootkits?

I've seen that my system has a two kind of rootkits: SHV4 / SHV5. (I'm going to add a log here) I tried to remove it but I could not. Can anybody recommend me any way to do it? [ Rootkit Hunter version 1.3.8 ] Checking system…

ubuntu rootkit

asked Jul 19 '13 at 11:59

jask

301
1
3
13

0

votes

2 answers

Could it be that "chkrootkit" just doesn't like .hmac, .packlist, and .relocation-tag files?

I just cleaned up my hacked CentOS server (due to not updating since versino 5.3). But still, "chkrootkit" says this: Possible t0rn v8 \(or variation\) rootkit installed /usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libgcrypt.so.11.hmac…

centos security rootkit

asked Oct 08 '12 at 16:58

Danijel

256
5
18

0

votes

2 answers

How to replace infected `/lib/libsh.so` and `/etc/sh.conf` files?

Possible Duplicate: My server’s been hacked EMERGENCY Which package does the file /lib/libsh.so belong to? I need to replace it since it was infected. Same for /etc/sh.conf. For now I have moved it to /temp/libsh.so.infected. Can I just delete…

linux rootkit

asked Oct 05 '12 at 10:57

Danijel

256
5
18

0

votes

1 answer

Hacked CentOS 5 server - possible rootkit installed?

Possible Duplicate: How do I know if my Linux server has been hacked? My server's been hacked EMERGENCY I am running CentOS 5.3 and here is the result of "chkrootkit": Possible t0rn v8 \(or variation\) rootkit installed Warning: Possible…

centos rootkit

asked Oct 04 '12 at 11:09

Danijel

256
5
18

0

votes

1 answer

Scripted install of Debian backdoor/rootkit

We have a number of servers (100+) that we need to increase a certain type of security on. (sortof internal, sorry NDA). We have thought about using a rootkit of some sort that would be able to keep us access if the main root password has been…

debian scripting rootkit

asked Nov 17 '11 at 11:37

Joshua D'Alton

428
2
13

0

votes

1 answer

rootkit exploit on centos server

I have recenrly found a file in my folder called wunderbar_emporium its details is here What is that , how it came here and what should i check to make sure what arong has been done to system

centos hacking rootkit

asked Oct 06 '10 at 06:47

John

-1

votes

2 answers

How trustworthy are Arch's official repositories?

I have a server with Arch Linux installed and for some reason, it gets infected after a period of inactivity. I reinstall, remain inactive for some time and it gets infected again. Every time I reinstall the server, I run a script that also installs…

ddos arch-linux rootkit

asked Sep 30 '16 at 09:33

Albêr

1
2

-1

votes

3 answers

Entries in `/etc/inittab` below last line - possible hack?

Possible Duplicate: My server's been hacked EMERGENCY My Linux machine has been hacked lately. There are a few entires in /etc/inittab below the #end of /etc/inittab Something like: #Loading standard ttys 0:2345:once:/usr/sbin/ttyload I also…

linux hacking rootkit

asked Oct 05 '12 at 11:59

Danijel

256
5
18

-3

votes

2 answers

Rootkit scanning

Are there any good services or ways to scan for rootkits and backdoors? I know there are rkhunter and chkrootkit but are they even ideal anymore? They never seem updated and look more like they were good in the early 2000's

linux security anti-virus malware rootkit

asked Jun 13 '12 at 20:39

Tiffany Walker

6,541
13
53
77

-3

votes

1 answer

How do I remove a rootkit without an anti-rootkit program?

Possible Duplicate: My server's been hacked EMERGENCY Windows 2000 Server. I believe I have a rootkit. But, nothing will remove it. I've tried everything. Even tools that are merely for scanning fail or bsod the computer. Since nothing works,…

malware windows-2000 rootkit

asked May 14 '12 at 14:45

johnny

2,268
9
35
54

Questions tagged [rootkit]