From owner-freebsd-questions Thu Feb 20 19: 5:50 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F27F037B401 for ; Thu, 20 Feb 2003 19:05:48 -0800 (PST) Received: from web41114.mail.yahoo.com (web41114.mail.yahoo.com [66.218.93.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 818B943FAF for ; Thu, 20 Feb 2003 19:05:48 -0800 (PST) (envelope-from silent_secrets@yahoo.com) Message-ID: <20030221030548.74409.qmail@web41114.mail.yahoo.com> Received: from [12.253.26.117] by web41114.mail.yahoo.com via HTTP; Thu, 20 Feb 2003 19:05:48 PST Date: Thu, 20 Feb 2003 19:05:48 -0800 (PST) From: Silent Secrets Subject: Root Kits? To: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG We've done a freash installation of FreeBSD 5.0 on our system, downloaded a root kit checker from www.chkrootkit.com & found that a few things were infected. The files include chfn, chsh, date, ls, and ps. We made sure the system was compleatly isolated by installing from the cd's & burning the root kit checker to cd & installing it from there. If you could let me know if this is an error on the root kit checker or something else is causing it to look infected, that'd be great. Thanks, Ron __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message