Re: Output from chkrootkit

From: Peter Chant (pete_at_petezilla.co.uk)
Date: 06/10/05


Date: Fri, 10 Jun 2005 18:11:37 +0100

Ransom wrote:

>> /usr/lib/php/.registry /usr/lib/qt-3.3.3/examples/toplevel/.ui
>> /usr/lib/qt-3.3.3/examples/helpdemo/.ui INFECTED (PORTS:  600)

>
> Chkrootkit found something suspicious
> in /usr/lib/qt-3.3.3/examples/helpdemo/.ui accessing port 600
> which is strange because this should be an empty directory.
>

Hmm

root@phoenix:/usr/lib/qt-3.3.3/examples/helpdemo# ls -al
total 42
drwxr-xr-x 4 root root 304 2004-10-14 04:19 ./
drwxr-xr-x 78 root root 2104 2004-10-14 04:19 ../
drwxr-xr-x 2 root root 48 2004-10-14 04:09 .ui/
-rw-r--r-- 1 root root 4789 2004-10-14 04:09 Makefile
-rw-r--r-- 1 root root 38 2003-04-07 10:40 about.txt
drwxr-xr-x 2 root root 200 2004-08-05 16:12 doc/
-rw-r--r-- 1 root root 3110 2003-07-17 13:20 helpdemo.cpp
-rw-r--r-- 1 root root 757 2003-07-17 13:20 helpdemo.h
-rw-r--r-- 1 root root 234 2003-11-27 10:06 helpdemo.pro
-rw-r--r-- 1 root root 8948 2003-07-14 09:09 helpdemobase.ui
-rw-r--r-- 1 root root 250 2003-04-07 10:40 main.cpp

Directory .ui is listed as empty.

-- 
http://www.petezilla.co.uk


Relevant Pages

  • Re: Output from chkrootkit
    ... >> Chkrootkit found something suspicious in ... >> strange because this should be an empty directory. ... >> don't get this warning, so probably you really have problem. ...
    (comp.os.linux.security)
  • Re: Output from chkrootkit
    ... > Chkrootkit found something suspicious in ... > strange because this should be an empty directory. ... > don't get this warning, so probably you really have problem. ...
    (comp.os.linux.security)
  • Re: Output from chkrootkit
    ... which is strange because this should be an empty directory. ... I also use slack 10.1 with qt installed and chkrootkit 0.45 ...
    (comp.os.linux.security)
  • Re: Output from chkrootkit
    ... > Ransom wrote: ... >>Chkrootkit found something suspicious ... >>which is strange because this should be an empty directory. ...
    (comp.os.linux.security)