Date: Sun, 9 Apr 2006 14:11:59 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Vitaliy K <vitaliy@vox.com.ua> Cc: questions@FreeBSD.org Subject: Re: chkrootkit Message-ID: <20060409181159.GA83895@xor.obsecurity.org> In-Reply-To: <1788496101.20060409203951@alf-ua.com> References: <1788496101.20060409203951@alf-ua.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 09, 2006 at 08:39:51PM +0300, Vitaliy K wrote: > ??, questions! >=20 > I badly know english, beforehand I apologize for the illiteracy. >=20 > I ask the help you in the decision of my problem. >=20 > I have loaded program stock-takings rootkit from a site > http://www.chkrootkit.org/. >=20 > Has started, and has received below resulted result. I am disturbed > with a line Checking `date'... INFECTED >=20 > # ./chkrootkit > ROOTDIR is `/' > Checking `amd'... not infected > Checking `basename'... not infected > Checking `biff'... not infected > Checking `chfn'... not infected > Checking `chsh'... not infected > Checking `cron'... not infected > Checking `date'... INFECTED > How to me to be? It is a mistake of developers of the program or yours? Most likely the program is wrong, this kind of utility really only makes wild guesses. But you never know, so if you have other reason to believe your system was compromised you should still consider taking action. Kris --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEOU5vWry0BWjoQKURAofjAKCexSr06WqnHWz9w5MWf1si6HyCgwCgvX9s bUzjdwTML9kjiwXUbxWuHh8= =G2/8 -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060409181159.GA83895>