Re: Do I have an infected init file?

From: Matt Piechota (piechota_at_argolis.org)
Date: 05/12/05

  • Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-05:09.htt"
    Date: Thu, 12 May 2005 16:57:30 -0400 (EDT)
    To: DH <dhutch9999@yahoo.com>
    
    

    On Thu, 12 May 2005, DH wrote:

    > I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 &
    > 0.45 report that my /sbin/init file is infected.

    I should mention that 4.10-release is up to p13. You should really think
    about patching up to current.

    > It appears as though the egrep for "UPX" in the output of "strings"
    > triggers the infected notice. When I copy the init file from an
    > uninfected box to this one chkrootkit continues to report it as
    > infected. Is chkrootkit reading a copy of the /sbin/init file stored in
    > active memory? If my machine is compromised, which rootkit is installed
    > / how can I find out which rootkit is installed?

    The easiest way to figure out if you are rooted is probably to download or
    create a clean version of /sbin/init, and compare the two files.
    Creating might take some work, you'd have to install a clean 4.10, patch
    it to p2, and make world.

    -- 
    Matt Piechota
    Key Available from pgp.mit.edu
    PGP Key fingerprint = FC90 4D65 2F8A 38E9 D1A8  FABB 7AE8 C194 5EC8 9CAD
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-05:09.htt"

    Relevant Pages

    • Re: SP2 download?
      ... > needed, install everything, before exposing the PC to the wild. ... Slipstream SP2 into the XP CD and then install from it. ... Once you make your new CD and use it to clean install the machine - clean it ... using Windows XP "prettifications". ...
      (microsoft.public.windowsxp.basics)
    • Re: old xp home computers
      ... > clean install ....i hope. ... utilities on the Internet for the type of BIOS you have. ... You also have hardware on your machine that requires drivers to interface ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Starting over
      ... Unless you learn to clean it and properly maintain it - welcome to the cycle ... I'll mainly work around Windows XP, as that is what the bulk of this ... Why you should use a computer firewall.. ... performing a full install of the operating system and all applications. ...
      (microsoft.public.windowsxp.general)
    • Re: xp in infected drive.
      ... First - why not clean it? ... Burn a free AntiVirus application to CD (I like Avast! ... What to Know Before You Download and Install Windows XP Service Pack 2 ... that most home users disable it! ...
      (microsoft.public.windowsxp.setup_deployment)
    • Re: Need help saving computer
      ... > I am trying to clean up and fix my cousin's girlfriend's computer. ... > This machine is a Dell Dimension with an OEM install of XP Home. ... Post-SP2 Windows Firewall Information/guidance: ... How to Manually Uninstall Norton: ...
      (microsoft.public.windowsxp.help_and_support)