API tools faq
paste
Advertisement
Guest User

Chkrootkit output

a guest
Mar 22nd, 2017
383
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.55 KB | None | 0 0
raw download clone embed print report
  1. ROOTDIR is `/'
  2. Checking `amd'... not found
  3. Checking `basename'... not infected
  4. Checking `biff'... not found
  5. Checking `chfn'... not infected
  6. Checking `chsh'... not infected
  7. Checking `cron'... not infected
  8. Checking `crontab'... not infected
  9. Checking `date'... not infected
  10. Checking `du'... not infected
  11. Checking `dirname'... not infected
  12. Checking `echo'... not infected
  13. Checking `egrep'... not infected
  14. Checking `env'... not infected
  15. Checking `find'... not infected
  16. Checking `fingerd'... not found
  17. Checking `gpm'... not found
  18. Checking `grep'... not infected
  19. Checking `hdparm'... not infected
  20. Checking `su'... not infected
  21. Checking `ifconfig'... not infected
  22. Checking `inetd'... not infected
  23. Checking `inetdconf'... not found
  24. Checking `identd'... not found
  25. Checking `init'... not infected
  26. Checking `killall'... not infected
  27. Checking `ldsopreload'... not infected
  28. Checking `login'... not infected
  29. Checking `ls'... not infected
  30. Checking `lsof'... not infected
  31. Checking `mail'... not found
  32. Checking `mingetty'... not found
  33. Checking `netstat'... not infected
  34. Checking `named'... not infected
  35. Checking `passwd'... not infected
  36. Checking `pidof'... not infected
  37. Checking `pop2'... not found
  38. Checking `pop3'... not found
  39. Checking `ps'... not infected
  40. Checking `pstree'... not infected
  41. Checking `rpcinfo'... not found
  42. Checking `rlogind'... not found
  43. Checking `rshd'... not found
  44. Checking `slogin'... not infected
  45. Checking `sendmail'... not found
  46. Checking `sshd'... not infected
  47. Checking `syslogd'... not tested
  48. Checking `tar'... not infected
  49. Checking `tcpd'... not infected
  50. Checking `tcpdump'... not infected
  51. Checking `top'... not infected
  52. Checking `telnetd'... not found
  53. Checking `timed'... not found
  54. Checking `traceroute'... not infected
  55. Checking `vdir'... not infected
  56. Checking `w'... not infected
  57. Checking `write'... not infected
  58. Checking `aliens'... no suspect files
  59. Searching for sniffer's logs, it may take a while... nothing found
  60. Searching for rootkit HiDrootkit's default files... nothing found
  61. Searching for rootkit t0rn's default files... nothing found
  62. Searching for t0rn's v8 defaults... nothing found
  63. Searching for rootkit Lion's default files... nothing found
  64. Searching for rootkit RSHA's default files... nothing found
  65. Searching for rootkit RH-Sharpe's default files... nothing found
  66. Searching for Ambient's rootkit (ark) default files and dirs... nothing found
  67. Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
  68. /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/debug/.build-id /usr/lib/jvm/.java-1.7.0-openjdk-i386.jinfo /usr/lib/jvm/.java-1.8.0-openjdk-amd64.jinfo /usr/lib/jvm/.java-1.9.0-openjdk-i386.jinfo /usr/lib/jvm/.java-1.9.0-openjdk-amd64.jinfo /usr/lib/jvm/.java-1.8.0-openjdk-i386.jinfo /lib/modules/4.4.0-67-generic/vdso/.build-id /lib/modules/4.4.0-62-generic/vdso/.build-id /lib/modules/4.4.0-59-generic/vdso/.build-id /lib/modules/4.4.0-66-generic/vdso/.build-id /lib/modules/4.8.0-42-generic/vdso/.build-id /lib/modules/4.4.0-53-generic/vdso/.build-id /lib/modules/4.4.0-57-generic/vdso/.build-id
  69. /usr/lib/debug/.build-id /lib/modules/4.4.0-67-generic/vdso/.build-id /lib/modules/4.4.0-62-generic/vdso/.build-id /lib/modules/4.4.0-59-generic/vdso/.build-id /lib/modules/4.4.0-66-generic/vdso/.build-id /lib/modules/4.8.0-42-generic/vdso/.build-id /lib/modules/4.4.0-53-generic/vdso/.build-id /lib/modules/4.4.0-57-generic/vdso/.build-id
  70. Searching for LPD Worm files and dirs... nothing found
  71. Searching for Ramen Worm files and dirs... nothing found
  72. Searching for Maniac files and dirs... nothing found
  73. Searching for RK17 files and dirs... nothing found
  74. Searching for Ducoci rootkit... nothing found
  75. Searching for Adore Worm... nothing found
  76. Searching for ShitC Worm... nothing found
  77. Searching for Omega Worm... nothing found
  78. Searching for Sadmind/IIS Worm... nothing found
  79. Searching for MonKit... nothing found
  80. Searching for Showtee... nothing found
  81. Searching for OpticKit... nothing found
  82. Searching for T.R.K... nothing found
  83. Searching for Mithra... nothing found
  84. Searching for LOC rootkit... nothing found
  85. Searching for Romanian rootkit... nothing found
  86. Searching for Suckit rootkit... nothing found
  87. Searching for Volc rootkit... nothing found
  88. Searching for Gold2 rootkit... nothing found
  89. Searching for TC2 Worm default files and dirs... nothing found
  90. Searching for Anonoying rootkit default files and dirs... nothing found
  91. Searching for ZK rootkit default files and dirs... nothing found
  92. Searching for ShKit rootkit default files and dirs... nothing found
  93. Searching for AjaKit rootkit default files and dirs... nothing found
  94. Searching for zaRwT rootkit default files and dirs... nothing found
  95. Searching for Madalin rootkit default files... nothing found
  96. Searching for Fu rootkit default files... nothing found
  97. Searching for ESRK rootkit default files... nothing found
  98. Searching for rootedoor... nothing found
  99. Searching for ENYELKM rootkit default files... nothing found
  100. Searching for common ssh-scanners default files... nothing found
  101. Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
  102. Searching for 64-bit Linux Rootkit ... nothing found
  103. Searching for 64-bit Linux Rootkit modules... nothing found
  104. Searching for suspect PHP files... nothing found
  105. Searching for anomalies in shell history files... nothing found
  106. Checking `asp'... not infected
  107. Checking `bindshell'... not infected
  108. Checking `lkm'... chkproc: nothing detected
  109. chkdirs: nothing detected
  110. Checking `rexedcs'... not found
  111. Checking `sniffer'... lo: not promisc and no packet sniffer sockets
  112. wls1: PACKET SNIFFER(/sbin/wpa_supplicant[1652], /sbin/wpa_supplicant[1652], /sbin/dhclient[2632])
  113. Checking `w55808'... not infected
  114. Checking `wted'... 4 deletion(s) between Sun Mar 5 16:19:14 2017 and Sun Mar 5 16:21:30 2017
  115. 1 deletion(s) between Wed Mar 8 14:59:35 2017 and Wed Mar 8 19:57:44 2017
  116. 3 deletion(s) between Fri Mar 10 15:39:23 2017 and Fri Mar 10 16:22:56 2017
  117. Checking `scalper'... not infected
  118. Checking `slapper'... not infected
  119. Checking `z2'... user root deleted or never logged from lastlog!
  120. Checking `chkutmp'... The tty of the following user process(es) were not found
  121. in /var/run/utmp !
  122. ! RUID PID TTY CMD
  123. ! --disable-accelerated-video-decode--service-request-channel-token=0147A5FA3B6C4C399B2E888AA16742C3 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=0147A5FA3B6C4C399B2E888AA16742C3 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=0147A5FA3B6C4C399B2E888AA16742C3 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  124. ! --disable-accelerated-video-decode--service-request-channel-token=EA07D48CDDFC5A6E7D2D5E170B0C171E --renderer-client-id=4 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=EA07D48CDDFC5A6E7D2D5E170B0C171E --renderer-client-id=4 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=EA07D48CDDFC5A6E7D2D5E170B0C171E --renderer-client-id=4 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  125. ! --disable-accelerated-video-decode--service-request-channel-token=2B4358532C81F36CD0420FAE2AA988E1 --renderer-client-id=5 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=2B4358532C81F36CD0420FAE2AA988E1 --renderer-client-id=5 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=2B4358532C81F36CD0420FAE2AA988E1 --renderer-client-id=5 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  126. ! --disable-accelerated-video-decode--service-request-channel-token=098EF7CD748DC5CC6597B52DE4FE03F7 --renderer-client-id=6 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=098EF7CD748DC5CC6597B52DE4FE03F7 --renderer-client-id=6 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=098EF7CD748DC5CC6597B52DE4FE03F7 --renderer-client-id=6 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  127. ! --disable-accelerated-video-decode--service-request-channel-token=D8051D9BB147AA67714315D7B73B334B --renderer-client-id=7 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=D8051D9BB147AA67714315D7B73B334B --renderer-client-id=7 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=D8051D9BB147AA67714315D7B73B334B --renderer-client-id=7 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  128. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=ABEE2ABB30D8147830E81231953B6F8F --renderer-client-id=13 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  129. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=2E9D9C9330848F589B6601CA6587A033 --renderer-client-id=11 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  130. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=5B1417236782574030314D1D14BB33AE --renderer-client-id=10 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  131. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=38957D244CB1B455ACA98BB98A414FC5 --renderer-client-id=32 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  132. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=27B73335BCABF68096451E1C7B49B242 --renderer-client-id=35 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  133. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=046D49D33BDE76336900FD02786D1BE6 --renderer-client-id=21 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  134. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=F3C0E4CF4675BCD003EC4D8967E54D1B --renderer-client-id=23 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  135. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=BBDD8199204777DE5DFE71D565E7A193 --renderer-client-id=25 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  136. ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=E9EE385DFC824826CAB52119995C1EDF --renderer-client-id=28 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
  137. ! haxalic+ 2848 pts/0 bash
  138. ! root 10891 pts/0 /bin/sh /usr/sbin/chkrootkit
  139. ! root 11840 pts/0 ./chkutmp
  140. ! root 11842 pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
  141. ! root 11841 pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
  142. ! root 10890 pts/0 sudo chkrootkit
  143. ! haxalic+ 6334 pts/1 bash
  144. chkutmp: nothing deleted
  145. Checking `OSX_RSPLUG'... not infected
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!