Do I have an infected init file?
DH
dhutch9999 at yahoo.com
Thu May 12 09:38:07 PDT 2005
Hello;
I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected.
It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the /sbin/init file stored in active memory? If my machine is compromised, which rootkit is installed / how can I find out which rootkit is installed?
As a side note, neither Kaspersky AV nor rkhunter report any infections. Attached is some of the debug output.
Thanks in advance to any respondents.
Sincerely;
David Hutchens III
---------------------------------
Discover Yahoo!
Find restaurants, movies, travel & more fun for the weekend. Check it out!
More information about the freebsd-security
mailing list