root@morbidus:~# chkrootkitROOTDIR is `/'Checking `amd'...

1. root@morbidus:~# chkrootkit
2. ROOTDIR is `/'
3. Checking `amd'... not found
4. Checking `basename'... not infected
5. Checking `biff'... not found
6. Checking `chfn'... not infected
7. Checking `chsh'... not infected
8. Checking `cron'... not infected
9. Checking `crontab'... not infected
10. Checking `date'... not infected
11. Checking `du'... not infected
12. Checking `dirname'... not infected
13. Checking `echo'... not infected
14. Checking `egrep'... not infected
15. Checking `env'... not infected
16. Checking `find'... not infected
17. Checking `fingerd'... not found
18. Checking `gpm'... not found
19. Checking `grep'... not infected
20. Checking `hdparm'... not found
21. Checking `su'... not infected
22. Checking `ifconfig'... INFECTED
23. Checking `inetd'... Unknown HZ value! (176) Assume 100.
24. Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
25. not infected
26. Checking `inetdconf'... not found
27. Checking `identd'... not found
28. Checking `init'... not infected
29. Checking `killall'... not infected
30. Checking `ldsopreload'... not infected
31. Checking `login'... not infected
32. Checking `ls'... not infected
33. Checking `lsof'... not infected
34. Checking `mail'... not infected
35. Checking `mingetty'... not found
36. Checking `netstat'... INFECTED
37. Checking `named'... not found
38. Checking `passwd'... not infected
39. Checking `pidof'... not infected
40. Checking `pop2'... not found
41. Checking `pop3'... not found
42. Checking `ps'... not infected
43. Checking `pstree'... INFECTED
44. Checking `rpcinfo'... not infected
45. Checking `rlogind'... not found
46. Checking `rshd'... not found
47. Checking `slogin'... not infected
48. Checking `sendmail'... not infected
49. Checking `sshd'... Unknown HZ value! (176) Assume 100.
50. Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
51. not infected
52. Checking `syslogd'... not tested
53. Checking `tar'... not infected
54. Checking `tcpd'... Unknown HZ value! (176) Assume 100.
55. Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
56. not infected
57. Checking `tcpdump'... not infected
58. Checking `top'... INFECTED
59. Checking `telnetd'... not found
60. Checking `timed'... not found
61. Checking `traceroute'... not infected
62. Checking `vdir'... not infected
63. Checking `w'... not infected
64. Checking `write'... not infected
65. Checking `aliens'... no suspect files
66. Searching for sniffer's logs, it may take a while... nothing found
67. Searching for rootkit HiDrootkit's default files... nothing found
68. Searching for rootkit t0rn's default files... nothing found
69. Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit installed
70. Searching for rootkit Lion's default files... nothing found
71. Searching for rootkit RSHA's default files... nothing found
72. Searching for rootkit RH-Sharpe's default files... nothing found
73. Searching for Ambient's rootkit (ark) default files and dirs... nothing found
74. Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
75. /lib/init/rw/.ramfs
76.  
77. Searching for LPD Worm files and dirs... nothing found
78. Searching for Ramen Worm files and dirs... nothing found
79. Searching for Maniac files and dirs... nothing found
80. Searching for RK17 files and dirs... nothing found
81. Searching for Ducoci rootkit... nothing found
82. Searching for Adore Worm... nothing found
83. Searching for ShitC Worm... nothing found
84. Searching for Omega Worm... nothing found
85. Searching for Sadmind/IIS Worm... nothing found
86. Searching for MonKit... nothing found
87. Searching for Showtee... Warning: Possible Showtee Rootkit installed
88. Searching for OpticKit... nothing found
89. Searching for T.R.K... nothing found
90. Searching for Mithra... nothing found
91. Searching for LOC rootkit... nothing found
92. Searching for Romanian rootkit... /usr/include/file.h /usr/include/proc.h
93. Searching for Suckit rootkit... nothing found
94. Searching for Volc rootkit... nothing found
95. Searching for Gold2 rootkit... nothing found
96. Searching for TC2 Worm default files and dirs... nothing found
97. Searching for Anonoying rootkit default files and dirs... nothing found
98. Searching for ZK rootkit default files and dirs... nothing found
99. Searching for ShKit rootkit default files and dirs... nothing found
100. Searching for AjaKit rootkit default files and dirs... nothing found
101. Searching for zaRwT rootkit default files and dirs... nothing found
102. Searching for Madalin rootkit default files... nothing found
103. Searching for Fu rootkit default files... nothing found
104. Searching for ESRK rootkit default files... nothing found
105. Searching for rootedoor... nothing found
106. Searching for ENYELKM rootkit default files... nothing found
107. Searching for common ssh-scanners default files... nothing found
108. Searching for suspect PHP files... nothing found
109. Searching for anomalies in shell history files... nothing found
110. Checking `asp'... not infected
111. Checking `bindshell'... not infected
112. Checking `lkm'... find: /proc/kcore: Value too large for defined data type
113. Unknown HZ value! (176) Assume 100.
114. Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
115. You have 13 process hidden for readdir command
116. You have 17 process hidden for ps command
117. chkproc: Warning: Possible LKM Trojan installed
118. chkdirs: nothing detected
119. Checking `rexedcs'... not found
120. Checking `sniffer'... lo: not promisc and no packet sniffer sockets
121. eth0: not promisc and no packet sniffer sockets
122. Checking `w55808'... not infected
123. Checking `wted'... chkwtmp: nothing deleted
124. Checking `scalper'... not infected
125. Checking `slapper'... not infected
126. Checking `z2'... chklastlog: nothing deleted
127. Checking `chkutmp'... Unknown HZ value! (176) Assume 100.
128. ERROR: Obsolete k option not supported.
129. ********* simple selection ********* ********* selection by list *********
130. -A all processes -C by command name
131. -N negate selection -G by real group ID (supports names)
132. -a all w/ tty except session leaders -U by real user ID (supports names)
133. -d all except session leaders -g by session leader OR by group name
134. -e all processes -p by process ID
135. T all processes on this terminal -s processes in the sessions given
136. a all w/ tty, including other users -t by tty
137. g all, even group leaders! -u by effective user ID (supports names)
138. r only running processes U processes for specified users
139. x processes w/o controlling ttys t by tty
140. *********** output format ********** *********** long options ***********
141. -o,o user-defined -f full --Group --User --pid --cols
142. -j,j job control s signal --group --user --sid --rows
143. -O,O preloaded -o v virtual memory --cumulative --format --deselect
144. -l,l long u user-oriented --sort --tty --forest --version
145. X registers --heading --no-heading
146. ********* misc options *********
147. -V,V show version L list format codes f ASCII art forest
148. -m,m show threads S children in sum -y change -l format
149. -n,N set namelist file c true command name n numeric WCHAN,UID
150. -w,w wide output e show environment -H process heirarchy
151. chkutmp: nothing deleted
152. Checking `OSX_RSPLUG'... not infected