Chkrootkit LKM Trojan installed warning - What now?

Discussion in 'all things UNIX' started by Mrkvonic, Dec 14, 2011.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    More turbo geekiness: This be an article explaining how to properly react to chkrootkit scanner warning messages about malware infections by understanding how the system works, correlating results, testing with different kernels, examining services, startup scripts and the shell login, and more.

    http://www.dedoimedo.com/computers/chkrootkit-lkm-warning.html


    Cheers,
    Mrk
     
  2. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    "Your coffee mug resting by the keyboard is a greater threat to the longevity of your data than any evil virus." :thumb:
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Thanks for the info on these tools.
     
  4. tlu

    tlu Guest

    Good, useful article! Thank you, Mrk :thumb:
     
  5. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Nice read, Mrk.

    Thanks.

    Later...
     
  6. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Yes, nice write up; Nietzsche would be pleased :D

    Soon after having switched from Windows I thought it a good defensive measure to install rkhunter. Ran it and received several warnings, hidden files etc.

    After some google research I soon found that they were all false positives and so whitelisted them in the rkhunter.conf file

    There are usually none or very few database updates, but every new version throws up one or two new warnings - I make a point of googling them, and yes, false positives. I now only run it about once every other month - more for the thrill of seeing everything green/OK after whitelisting. :p
     
  7. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    great job mrk :thumb: keep writing :))))


    soon we see your name for Nobel Prize and IMPAC Dublin Award, Pulitzer Prize, for linux tweaks and turbo geekiness :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.