Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ROOTDIR is `/'
- Checking `amd'... not found
- Checking `basename'... not infected
- Checking `biff'... not found
- Checking `chfn'... not infected
- Checking `chsh'... not infected
- Checking `cron'... not infected
- Checking `crontab'... not infected
- Checking `date'... not infected
- Checking `du'... not infected
- Checking `dirname'... not infected
- Checking `echo'... not infected
- Checking `egrep'... not infected
- Checking `env'... not infected
- Checking `find'... not infected
- Checking `fingerd'... not found
- Checking `gpm'... not found
- Checking `grep'... not infected
- Checking `hdparm'... not infected
- Checking `su'... not infected
- Checking `ifconfig'... not infected
- Checking `inetd'... not infected
- Checking `inetdconf'... not found
- Checking `identd'... not found
- Checking `init'... not infected
- Checking `killall'... not infected
- Checking `ldsopreload'... not infected
- Checking `login'... not infected
- Checking `ls'... not infected
- Checking `lsof'... not infected
- Checking `mail'... not found
- Checking `mingetty'... not found
- Checking `netstat'... not infected
- Checking `named'... not infected
- Checking `passwd'... not infected
- Checking `pidof'... not infected
- Checking `pop2'... not found
- Checking `pop3'... not found
- Checking `ps'... not infected
- Checking `pstree'... not infected
- Checking `rpcinfo'... not found
- Checking `rlogind'... not found
- Checking `rshd'... not found
- Checking `slogin'... not infected
- Checking `sendmail'... not found
- Checking `sshd'... not infected
- Checking `syslogd'... not tested
- Checking `tar'... not infected
- Checking `tcpd'... not infected
- Checking `tcpdump'... not infected
- Checking `top'... not infected
- Checking `telnetd'... not found
- Checking `timed'... not found
- Checking `traceroute'... not infected
- Checking `vdir'... not infected
- Checking `w'... not infected
- Checking `write'... not infected
- Checking `aliens'... no suspect files
- Searching for sniffer's logs, it may take a while... nothing found
- Searching for rootkit HiDrootkit's default files... nothing found
- Searching for rootkit t0rn's default files... nothing found
- Searching for t0rn's v8 defaults... nothing found
- Searching for rootkit Lion's default files... nothing found
- Searching for rootkit RSHA's default files... nothing found
- Searching for rootkit RH-Sharpe's default files... nothing found
- Searching for Ambient's rootkit (ark) default files and dirs... nothing found
- Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
- /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/debug/.build-id /usr/lib/jvm/.java-1.7.0-openjdk-i386.jinfo /usr/lib/jvm/.java-1.8.0-openjdk-amd64.jinfo /usr/lib/jvm/.java-1.9.0-openjdk-i386.jinfo /usr/lib/jvm/.java-1.9.0-openjdk-amd64.jinfo /usr/lib/jvm/.java-1.8.0-openjdk-i386.jinfo /lib/modules/4.4.0-67-generic/vdso/.build-id /lib/modules/4.4.0-62-generic/vdso/.build-id /lib/modules/4.4.0-59-generic/vdso/.build-id /lib/modules/4.4.0-66-generic/vdso/.build-id /lib/modules/4.8.0-42-generic/vdso/.build-id /lib/modules/4.4.0-53-generic/vdso/.build-id /lib/modules/4.4.0-57-generic/vdso/.build-id
- /usr/lib/debug/.build-id /lib/modules/4.4.0-67-generic/vdso/.build-id /lib/modules/4.4.0-62-generic/vdso/.build-id /lib/modules/4.4.0-59-generic/vdso/.build-id /lib/modules/4.4.0-66-generic/vdso/.build-id /lib/modules/4.8.0-42-generic/vdso/.build-id /lib/modules/4.4.0-53-generic/vdso/.build-id /lib/modules/4.4.0-57-generic/vdso/.build-id
- Searching for LPD Worm files and dirs... nothing found
- Searching for Ramen Worm files and dirs... nothing found
- Searching for Maniac files and dirs... nothing found
- Searching for RK17 files and dirs... nothing found
- Searching for Ducoci rootkit... nothing found
- Searching for Adore Worm... nothing found
- Searching for ShitC Worm... nothing found
- Searching for Omega Worm... nothing found
- Searching for Sadmind/IIS Worm... nothing found
- Searching for MonKit... nothing found
- Searching for Showtee... nothing found
- Searching for OpticKit... nothing found
- Searching for T.R.K... nothing found
- Searching for Mithra... nothing found
- Searching for LOC rootkit... nothing found
- Searching for Romanian rootkit... nothing found
- Searching for Suckit rootkit... nothing found
- Searching for Volc rootkit... nothing found
- Searching for Gold2 rootkit... nothing found
- Searching for TC2 Worm default files and dirs... nothing found
- Searching for Anonoying rootkit default files and dirs... nothing found
- Searching for ZK rootkit default files and dirs... nothing found
- Searching for ShKit rootkit default files and dirs... nothing found
- Searching for AjaKit rootkit default files and dirs... nothing found
- Searching for zaRwT rootkit default files and dirs... nothing found
- Searching for Madalin rootkit default files... nothing found
- Searching for Fu rootkit default files... nothing found
- Searching for ESRK rootkit default files... nothing found
- Searching for rootedoor... nothing found
- Searching for ENYELKM rootkit default files... nothing found
- Searching for common ssh-scanners default files... nothing found
- Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
- Searching for 64-bit Linux Rootkit ... nothing found
- Searching for 64-bit Linux Rootkit modules... nothing found
- Searching for suspect PHP files... nothing found
- Searching for anomalies in shell history files... nothing found
- Checking `asp'... not infected
- Checking `bindshell'... not infected
- Checking `lkm'... chkproc: nothing detected
- chkdirs: nothing detected
- Checking `rexedcs'... not found
- Checking `sniffer'... lo: not promisc and no packet sniffer sockets
- wls1: PACKET SNIFFER(/sbin/wpa_supplicant[1652], /sbin/wpa_supplicant[1652], /sbin/dhclient[2632])
- Checking `w55808'... not infected
- Checking `wted'... 4 deletion(s) between Sun Mar 5 16:19:14 2017 and Sun Mar 5 16:21:30 2017
- 1 deletion(s) between Wed Mar 8 14:59:35 2017 and Wed Mar 8 19:57:44 2017
- 3 deletion(s) between Fri Mar 10 15:39:23 2017 and Fri Mar 10 16:22:56 2017
- Checking `scalper'... not infected
- Checking `slapper'... not infected
- Checking `z2'... user root deleted or never logged from lastlog!
- Checking `chkutmp'... The tty of the following user process(es) were not found
- in /var/run/utmp !
- ! RUID PID TTY CMD
- ! --disable-accelerated-video-decode--service-request-channel-token=0147A5FA3B6C4C399B2E888AA16742C3 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=0147A5FA3B6C4C399B2E888AA16742C3 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=0147A5FA3B6C4C399B2E888AA16742C3 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! --disable-accelerated-video-decode--service-request-channel-token=EA07D48CDDFC5A6E7D2D5E170B0C171E --renderer-client-id=4 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=EA07D48CDDFC5A6E7D2D5E170B0C171E --renderer-client-id=4 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=EA07D48CDDFC5A6E7D2D5E170B0C171E --renderer-client-id=4 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! --disable-accelerated-video-decode--service-request-channel-token=2B4358532C81F36CD0420FAE2AA988E1 --renderer-client-id=5 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=2B4358532C81F36CD0420FAE2AA988E1 --renderer-client-id=5 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=2B4358532C81F36CD0420FAE2AA988E1 --renderer-client-id=5 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! --disable-accelerated-video-decode--service-request-channel-token=098EF7CD748DC5CC6597B52DE4FE03F7 --renderer-client-id=6 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=098EF7CD748DC5CC6597B52DE4FE03F7 --renderer-client-id=6 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=098EF7CD748DC5CC6597B52DE4FE03F7 --renderer-client-id=6 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! --disable-accelerated-video-decode--service-request-channel-token=D8051D9BB147AA67714315D7B73B334B --renderer-client-id=7 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd 3 ,3553;3,12,3553;3,13,3553;3,14,355--disable-accelerated-video-decode--service-request-channel-token=D8051D9BB147AA67714315D7B73B334B --renderer-client-id=7 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd --service-request-channel-token=D8051D9BB147AA67714315D7B73B334B --renderer-client-id=7 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=ABEE2ABB30D8147830E81231953B6F8F --renderer-client-id=13 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=2E9D9C9330848F589B6601CA6587A033 --renderer-client-id=11 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=5B1417236782574030314D1D14BB33AE --renderer-client-id=10 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=38957D244CB1B455ACA98BB98A414FC5 --renderer-client-id=32 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=27B73335BCABF68096451E1C7B49B242 --renderer-client-id=35 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=046D49D33BDE76336900FD02786D1BE6 --renderer-client-id=21 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=F3C0E4CF4675BCD003EC4D8967E54D1B --renderer-client-id=23 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=BBDD8199204777DE5DFE71D565E7A193 --renderer-client-id=25 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! lerated-video-decode 0 ,3553;3,14,3553;3,15,3553 --service-request-channel-token=E9EE385DFC824826CAB52119995C1EDF --renderer-client-id=28 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
- ! haxalic+ 2848 pts/0 bash
- ! root 10891 pts/0 /bin/sh /usr/sbin/chkrootkit
- ! root 11840 pts/0 ./chkutmp
- ! root 11842 pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
- ! root 11841 pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
- ! root 10890 pts/0 sudo chkrootkit
- ! haxalic+ 6334 pts/1 bash
- chkutmp: nothing deleted
- Checking `OSX_RSPLUG'... not infected
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement