From owner-freebsd-questions Thu Feb 6 22:31:52 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E6DA37B401 for ; Thu, 6 Feb 2003 22:31:52 -0800 (PST) Received: from windmill-en0.garlic.com (windmill-en0.garlic.com [208.195.160.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A20AD43F93 for ; Thu, 6 Feb 2003 22:31:51 -0800 (PST) (envelope-from madriax@garlic.com) Received: from SHMOOPIE (159.sm7.dialup.garlic.net [216.139.3.159]) by windmill-en0.garlic.com (8.11.1/8.11.1) with ESMTP id h176Vnj15218 for ; Thu, 6 Feb 2003 22:31:49 -0800 From: "Remington L." To: Subject: **CHHROOTKIT INFECTED** Date: Thu, 6 Feb 2003 22:31:34 -0800 Message-ID: <000501c2ce72$949e2160$0100a8c0@SHMOOPIE> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm using 5.0 release OK I was just going through and I found that chkrootkit found that chfn, chsh, date, and ls are infected. I'm not sure if it's lying or not. I attempted to fix ls by recompiling from /usr/src/bin/ls and redoing but chkrootkit still says infected. That's all the information I can provide at this time. Has anyone come across this problem? Any suggestions? Could be 5.0 causing this or is there some validity to it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message