POSSIBLE ROOTKIT Or Am I Just Paranoid?
Can you identify that a malicious hacker has broken through your security defenses quickly enough to prevent them from doing serious damage? Ubuntu Ubuntu Insights Planet Ubuntu Activity Page Please read before SSO login Advanced Search Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [ubuntu] Rootkit or paranoia?? Add My Comment Cancel [-] buzz1c1961 - 26 Apr 2016 9:31 PM good article as a basis for what I'm up against. Forgot your password? navigate here
Reading the rkhunter README file led me to believe that unhide might be a valuable tool so I thought I'd play around with it. __________________ Glenn The Bassinator © ® Last By using these tools, you'll likely be surprised to find what programs are doing and what's going in and out of your network adapter. So, if you need me to reconfigure to facilitate your work, just let me know and I will gladly do it. It hides almost everything from the user, but it is very fast and very easy to use. http://www.bleepingcomputer.com/forums/t/339791/possible-rootkit-or-am-i-just-paranoid/
Please check the log file (/var/log/rkhunter/rkhunter.log) Thought I'd pose the question here while I'm searching Google for a possible answer, what do I do about or how do I handle this? Cheeky [email protected][email protected]$. Never used it before Also your version is 3.11 the current one is 3.13 AverageJoe, Jun 30, 2008 #21 chaslang MajorGeeks Admin - Master Malware Expert Staff Member AverageJoe said:
- Final option to truly confirm the rootkit is in the firmware would be to do the following:1.
- I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread.
- Attached Files: ComboFix.txt File size: 28.8 KB Views: 2 MGlogs.zip File size: 90 KB Views: 3 AverageJoe, Jun 26, 2008 #6 chaslang MajorGeeks Admin - Master Malware Expert Staff Member AverageJoe
POSSIBLE ROOTKIT!! Apparently there was only one copy of it, in My DocsOwnerLocal SettingsTemp. And if it's too much to read then don't. Code: su - rkhunter --update Ky Yes.
not found Checking `identd'... However, the same code is on another Macbook Pro 1,1 that I have which I thought was immune for some reason. You can't open them because there is nothing to open. More about the author But even if my posts are exaggerated, which they're not, then you still haven't offered any helpful suggestion for solving the rootkit issue itself.
I hadn't thought about swapping out the hard drive altogether though. It has a much better Explorer interface built in so it is easy to hunt around thru folders. Sorry... Since Windows will not really be running from your hard disk but rather from the CD, you will be able to hunt around on your hard disk to see if the
CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). http://forums.debian.net/viewtopic.php?f=10&t=66438 Hopefully you get the idea.)On 13AUG, I decided I was tired of messing around with av scans, etc., and just wiped the entire hard drive, partition table, boot record, and all. AverageJoe said: ↑ But I am still worried I have malware left over from RBOT and maybe my system is compromised...Click to expand... nothing found Searching for Volc rootkit...
not infected Checking `mail'... http://ircdhelp.org/possible-rootkit/possible-rootkit-and-registry-changes.php the blank name/blank path startup entry attributed to AGOBOT-KU, among others, that I mentioned above. Even Apple's response that nothing was wrong didn't phase you. I hadn't heard about that one...
it could lie to the OS itself So am I okay then? When it finishes, a log will be produced named c:\combofix.txt I will ask for this log below Note: Do not mouseclick combofix's window while it is running. But another weird thing.... his comment is here Surf safely and be sure to check out the below.
Be extremely careful installing software. If we have ever helped you in the past, please consider helping us. And anything installed or downloaded is injected with self-protecting and/or self perpetuating code.
Please let me know when they are needed, and I will post new logs.EDIT: Posts merged again ~BP Attached Files ark.txt 3.49KB 5 downloads Attach.txt 5.1KB 6 downloads Edited by Budapest,
Assuming there's an option ROM installed that is making it possible to repurpose my PCI devices to run the installers and other processes, could a host drive with the master disk Drawing on the experience of CIOs, our latest handbook offers a step-by-step approach ... Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Just run Sophos AntiRootkit and you will see it show up.
It's also a 32 bit machine so I was hoping that might be a limitation too. To learn more and to read the lawsuit, click here. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List weblink That is true, i was thinking that i was finding patterns in those "random" letters...but why would explorer.exe ROT13 encode this stuff?
Please let me know what else you need. I'd still like to make that CD though..and then maybe you could tell me where to look and how to use it to find malware? It was binded with a legitimate file, and ran when i ran the other file. The second is that it may already be gone and all that the scanner is finding is regisrty information that is left over.
I don't generally click on links in e-mails, except for those in newsletters from trusted sources (TechRepublic, Ubuntu Forums and the like). Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.