chkrootkit
Kris Kennaway
kris at obsecurity.org
Sun Apr 9 18:12:00 UTC 2006
On Sun, Apr 09, 2006 at 08:39:51PM +0300, Vitaliy K wrote:
> ??, questions!
>
> I badly know english, beforehand I apologize for the illiteracy.
>
> I ask the help you in the decision of my problem.
>
> I have loaded program stock-takings rootkit from a site
> http://www.chkrootkit.org/.
>
> Has started, and has received below resulted result. I am disturbed
> with a line Checking `date'... INFECTED
>
> # ./chkrootkit
> ROOTDIR is `/'
> Checking `amd'... not infected
> Checking `basename'... not infected
> Checking `biff'... not infected
> Checking `chfn'... not infected
> Checking `chsh'... not infected
> Checking `cron'... not infected
> Checking `date'... INFECTED
> How to me to be? It is a mistake of developers of the program or yours?
Most likely the program is wrong, this kind of utility really only
makes wild guesses. But you never know, so if you have other reason
to believe your system was compromised you should still consider
taking action.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060409/873d4a45/attachment.pgp
More information about the freebsd-questions
mailing list