Highest Voted 'rootkit' Questions

30

votes

2 answers

chkrootkit says /sbin/init is infected, what does that mean?

I recently ran chkrootkit and got the following line: Searching for Suckit rootkit... Warning: /sbin/init INFECTED What does this mean exactly? I heard this was a false positive, what is exactly happening. Please and thank you.

10.04 security rootkit

asked Feb 07 '11 at 16:56

myusuf3

35,659

25

votes

4 answers

chkrootkit shows "tcpd" as INFECTED. Is it a false positive?

Scan by chkrootkit shows "tcpd" as being INFECTED. Although a scan by rkhunter shows ok,(except for regular false positives) Shall I be worried? (I'm on Ubuntu 16.10 with 4.8.0-37-generic)

security malware rootkit tcpdump chkrootkit

asked Feb 15 '17 at 05:59

user633620

253

20

votes

2 answers

Signature-based rootkit scanner?

Currently the only rootkit scanners I know of have to be installed on the machine before the rootkit so that they can compare file changes etc (e.g.: chkrootkit and rkhunter), but what I really need to do is to be able to scan my machine and other…

software-recommendation security malware rootkit signature

asked Jul 02 '16 at 10:51

user364819

19

votes

3 answers

Chkrootkit says "Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd", should I be worried?

I recently ran sudo chkrootkit and this was one of the results: Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd In my research on this I discovered this thread, so I tried running the…

ssh security rootkit chkrootkit

asked Dec 14 '15 at 20:58

user364819

13

votes

2 answers

chkrootkit scanner detected possible KLM Trojan

Today I scanned my machine with the chkrootkit tool by running: sudo chkrootkit And this was some of the output: Checking `lkm'... You have 2 process hidden for readdir command You have 2 process…

antivirus rootkit

asked Feb 20 '15 at 18:34

user364819

12

votes

1 answer

If I have clamav do I need to install rootkit hunter

So I have clamav the antivirus but is that a protection against rootkits or do I need to install rootkit hunter as well with clamav?

antivirus clamav rootkit rkhunter clamtk

asked Jan 08 '16 at 16:43

Henry WH Hack v3.1.0a

826

10

votes

6 answers

Popup ad virus on both chrome and firefox

A pop-up ad box appears whatever site I am opening. Tried resetting settings, disabling extensions, removing all users on chrome. It seems it is not about chrome since same thing happens on Firefox too which I hadn't even opened before. I suspect it…

14.04 malware rootkit popup-ads

asked Oct 28 '14 at 16:22

mumi

133

9

votes

5 answers

Preventing BIOS rootkit on Ubuntu Linux

Other than standard security "best practices" like having a good firewall, strong admin password, ensuring the latest security patches, and upping router security, is there anything more specific that can help prevent (specifically) a BIOS rootkit…

kernel security bios rootkit

asked Jan 14 '17 at 20:26

user637251

417

9

votes

4 answers

Got a virus on Windows and Ubuntu

TLTR: I've encountered a virus what affects both Windows 8.1 and Ubuntu 14.04. This virus was proven to be impossible to be detected/removed by 50+ most popular antivirus programs/rootkits. What to do? Any alternatives to a complete hd wipe? Here's…

antivirus rootkit

asked Nov 30 '14 at 10:04

Newbie1

107

8

votes

1 answer

Rootkits: Should I be concerned?

I was reading some texts about rootkits and the tools used to remove them. I have Ubuntu 12.04.1 and rkhunter reported various warnings. I'm wondering what those are. BTW I install only original software, no suspicious programs except…

security rootkit

asked Jan 31 '13 at 20:53

Amanda

1,037
1
11
13

8

votes

2 answers

How do I remove rootkits?

To my understanding, rootkits on linux infect the kernel to get root privileges and there are many scanners (I use rkhunter) to scan for rootkits in the kernel, but I have yet to find a program that would remove rootkits. How would I remove a…

kernel rootkit

asked Aug 08 '12 at 13:57

Franz Payer

197

7

votes

2 answers

Best rootkit removal tool for a server?

and what schedule/sysadmin routine is recommended?

server security software-recommendation tools rootkit

asked Jul 30 '10 at 17:20

Aviah Laor

572

6

votes

1 answer

rkhunter psswd and group file changes warning

Today I did a scan of my machine with rkhunter: sudo rkhunter --checkall And these were the warnings that I got: Checking for passwd file changes [ Warning ] Checking for group file changes [ Warning…

rootkit rkhunter

asked Mar 05 '15 at 20:23

user364819

6

votes

1 answer

Rkhunter still relevant in 2022?

I tried using the RKHunter 1.4.6 (http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz) in Ubuntu20.04 , it is around 4 years old , running it did not find any rootkits on my desktop. But i want to know if it is…

malware rkhunter rootkit

asked Mar 06 '22 at 07:03

rkte

61

5

votes

1 answer

Rootkit on port 60001 !? Tiger says so - how do I verify?

My system is an up-to-date Ubuntu 13.10 I've installed Tiger and I'm getting this # Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks... OLD: --ALERT-- [rootkit005a] Chkrootkit has found a file which seems to be infected because of…

security rootkit

asked Mar 13 '14 at 17:37

David

372

Questions tagged [rootkit]