Re: Chkrootkit - can't find 'strings'

From: Sam Miller (svekan_at_mindspring.com)
Date: 10/08/04

  • Next message: Bit Twister: "Re: Chkrootkit - can't find 'strings'" 
    Date: Fri, 08 Oct 2004 04:03:51 GMT

    On Fri, 08 Oct 2004 03:05:15 +0000, Bit Twister wrote:

    > On Fri, 08 Oct 2004 02:31:12 GMT, Sam Miller wrote:
    >> On Fri, 08 Oct 2004 00:55:41 +0000, Bit Twister wrote:
    >>
    >>> On Fri, 08 Oct 2004 00:28:05 GMT, Sam Miller wrote:
    >>>> Header says it all.
    >>>
    >>> guessing it cannot find /usr/bin/strings
    >>
    >> Correct. Tried deleting and reinstalling chkrootkit, same answer.
    >
    > Yep, you would have to install /usr/bin/strings
    >
    >> Ran F.I.R.E. and tried chkrootkit from CD.
    >
    > Good, you cannot use anything on an infected box to try to find/test
    > for an infection/mailware.
    >
    >> Received answer that 'ps' was infected.
    >> Checked MD5SUM for ps against this machine and it checked out.
    >
    > Any machine on the same network could be infected or if same
    > passwords, any machine on your lan.
    >
    >> What should I try now?
    >
    > I would take the box off the network and do a clean install. :(
    >
    >
    The two boxes are not on a network. I've never gotten around to hooking
    them together. I just unhook the DSL modem from one and switch to the
    other. So I'm guessing the md5sums from the same kernel should be the
    same. By the way, booting from Knoppix said ps was okay but ifconfig was
    not. Md5sums checked again.

    Thanks.

    Sam

  • Next message: Bit Twister: "Re: Chkrootkit - can't find 'strings'"