Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@morbidus:~# chkrootkit
- ROOTDIR is `/'
- Checking `amd'... not found
- Checking `basename'... not infected
- Checking `biff'... not found
- Checking `chfn'... not infected
- Checking `chsh'... not infected
- Checking `cron'... not infected
- Checking `crontab'... not infected
- Checking `date'... not infected
- Checking `du'... not infected
- Checking `dirname'... not infected
- Checking `echo'... not infected
- Checking `egrep'... not infected
- Checking `env'... not infected
- Checking `find'... not infected
- Checking `fingerd'... not found
- Checking `gpm'... not found
- Checking `grep'... not infected
- Checking `hdparm'... not found
- Checking `su'... not infected
- Checking `ifconfig'... INFECTED
- Checking `inetd'... Unknown HZ value! (176) Assume 100.
- Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
- not infected
- Checking `inetdconf'... not found
- Checking `identd'... not found
- Checking `init'... not infected
- Checking `killall'... not infected
- Checking `ldsopreload'... not infected
- Checking `login'... not infected
- Checking `ls'... not infected
- Checking `lsof'... not infected
- Checking `mail'... not infected
- Checking `mingetty'... not found
- Checking `netstat'... INFECTED
- Checking `named'... not found
- Checking `passwd'... not infected
- Checking `pidof'... not infected
- Checking `pop2'... not found
- Checking `pop3'... not found
- Checking `ps'... not infected
- Checking `pstree'... INFECTED
- Checking `rpcinfo'... not infected
- Checking `rlogind'... not found
- Checking `rshd'... not found
- Checking `slogin'... not infected
- Checking `sendmail'... not infected
- Checking `sshd'... Unknown HZ value! (176) Assume 100.
- Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
- not infected
- Checking `syslogd'... not tested
- Checking `tar'... not infected
- Checking `tcpd'... Unknown HZ value! (176) Assume 100.
- Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
- not infected
- Checking `tcpdump'... not infected
- Checking `top'... INFECTED
- Checking `telnetd'... not found
- Checking `timed'... not found
- Checking `traceroute'... not infected
- Checking `vdir'... not infected
- Checking `w'... not infected
- Checking `write'... not infected
- Checking `aliens'... no suspect files
- Searching for sniffer's logs, it may take a while... nothing found
- Searching for rootkit HiDrootkit's default files... nothing found
- Searching for rootkit t0rn's default files... nothing found
- Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit installed
- Searching for rootkit Lion's default files... nothing found
- Searching for rootkit RSHA's default files... nothing found
- Searching for rootkit RH-Sharpe's default files... nothing found
- Searching for Ambient's rootkit (ark) default files and dirs... nothing found
- Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
- /lib/init/rw/.ramfs
- Searching for LPD Worm files and dirs... nothing found
- Searching for Ramen Worm files and dirs... nothing found
- Searching for Maniac files and dirs... nothing found
- Searching for RK17 files and dirs... nothing found
- Searching for Ducoci rootkit... nothing found
- Searching for Adore Worm... nothing found
- Searching for ShitC Worm... nothing found
- Searching for Omega Worm... nothing found
- Searching for Sadmind/IIS Worm... nothing found
- Searching for MonKit... nothing found
- Searching for Showtee... Warning: Possible Showtee Rootkit installed
- Searching for OpticKit... nothing found
- Searching for T.R.K... nothing found
- Searching for Mithra... nothing found
- Searching for LOC rootkit... nothing found
- Searching for Romanian rootkit... /usr/include/file.h /usr/include/proc.h
- Searching for Suckit rootkit... nothing found
- Searching for Volc rootkit... nothing found
- Searching for Gold2 rootkit... nothing found
- Searching for TC2 Worm default files and dirs... nothing found
- Searching for Anonoying rootkit default files and dirs... nothing found
- Searching for ZK rootkit default files and dirs... nothing found
- Searching for ShKit rootkit default files and dirs... nothing found
- Searching for AjaKit rootkit default files and dirs... nothing found
- Searching for zaRwT rootkit default files and dirs... nothing found
- Searching for Madalin rootkit default files... nothing found
- Searching for Fu rootkit default files... nothing found
- Searching for ESRK rootkit default files... nothing found
- Searching for rootedoor... nothing found
- Searching for ENYELKM rootkit default files... nothing found
- Searching for common ssh-scanners default files... nothing found
- Searching for suspect PHP files... nothing found
- Searching for anomalies in shell history files... nothing found
- Checking `asp'... not infected
- Checking `bindshell'... not infected
- Checking `lkm'... find: /proc/kcore: Value too large for defined data type
- Unknown HZ value! (176) Assume 100.
- Warning: /boot/System.map-2.6.32-5-amd64 has an incorrect kernel version.
- You have 13 process hidden for readdir command
- You have 17 process hidden for ps command
- chkproc: Warning: Possible LKM Trojan installed
- chkdirs: nothing detected
- Checking `rexedcs'... not found
- Checking `sniffer'... lo: not promisc and no packet sniffer sockets
- eth0: not promisc and no packet sniffer sockets
- Checking `w55808'... not infected
- Checking `wted'... chkwtmp: nothing deleted
- Checking `scalper'... not infected
- Checking `slapper'... not infected
- Checking `z2'... chklastlog: nothing deleted
- Checking `chkutmp'... Unknown HZ value! (176) Assume 100.
- ERROR: Obsolete k option not supported.
- ********* simple selection ********* ********* selection by list *********
- -A all processes -C by command name
- -N negate selection -G by real group ID (supports names)
- -a all w/ tty except session leaders -U by real user ID (supports names)
- -d all except session leaders -g by session leader OR by group name
- -e all processes -p by process ID
- T all processes on this terminal -s processes in the sessions given
- a all w/ tty, including other users -t by tty
- g all, even group leaders! -u by effective user ID (supports names)
- r only running processes U processes for specified users
- x processes w/o controlling ttys t by tty
- *********** output format ********** *********** long options ***********
- -o,o user-defined -f full --Group --User --pid --cols
- -j,j job control s signal --group --user --sid --rows
- -O,O preloaded -o v virtual memory --cumulative --format --deselect
- -l,l long u user-oriented --sort --tty --forest --version
- X registers --heading --no-heading
- ********* misc options *********
- -V,V show version L list format codes f ASCII art forest
- -m,m show threads S children in sum -y change -l format
- -n,N set namelist file c true command name n numeric WCHAN,UID
- -w,w wide output e show environment -H process heirarchy
- chkutmp: nothing deleted
- Checking `OSX_RSPLUG'... not infected
Add Comment
Please, Sign In to add comment