How To Repair Possible Rootkit (log Included) (Solved)

Home > Possible Rootkit > Possible Rootkit (log Included)

Possible Rootkit (log Included)

Otherwise I'm not quite sure why you brought those kernel versions up. I still got the usual > "please check your system as it may be infected" this morning after > the rkhunter cronjob was ran. Code: rkhunter -h for more Splat Double Splat Triple Splat Earn Your Keep Don't mind me, I'm only passing through. My command line for running rkhunter is: /usr/sbin/rkhunter --cronjob --update --syslog --createlogfile -c -- Chris KeyID 0xE372A7DA98E6705C Re: [Rkhunter-users] Warnings after upgrading to Mandriva 2010.1 and rkhunter 1.3.6 From: Helmut Hullen check over here

The Volc rootkit itself was not picked up by rkhunter, and if the system had been compromised (from http://sourceforge.net/apps/trac/rkhunter/wiki/SPRKH) Code: However, a scan on an existing install will still reveal rootkits. Please help me out!System concerned:Windows 7, 64bit on Bootcamp partition on MacBook pro. An avast scan upon reboot seems to breakoff quickly without producing output, also with a freshly installed Avast pro.Hitman pro finds tracking cookies on first scan (HitmanPro_20121103_1703) and suspicious python scripts Member of UNITE (Unified Network of Instructors and Trained Eliminators) Back to top #4 teacup61 teacup61 Bleepin' Texan! https://www.bleepingcomputer.com/forums/t/256584/possible-rootkit-log-included/

Questions, tips, system compromises, firewalls, etc. Notices Welcome to LinuxQuestions.org, a friendly and active Linux Community. This means you don't > have to whitelist the files from all rootkit checks.) > > At the moment you will have to whitelist the files from all rootkit > checks

Thread Tools Show Printable Version Subscribe to this Thread… Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode September 29th, 2013 #1 CCgirl6690 View Profile View Forum Posts Private Performing checks on the network ports Checking for backdoor ports [ None found ] Checking for hidden ports [ Skipped ] Performing checks on the network interfaces Checking for promiscuous interfaces Free Antivirus Internet Security Avast for Business Free Mac Security Free Mobile Security for Android About Us Avast recommends using the FREE Chrome™ internet browser. Warning: SHV4 Rootkit [ Warning ] File '/usr/include/file.h' found Warning: Checking for possible rootkit strings [ Warning ] Found string 'hdparm' in file '/etc/rc.d/init.d/bootlogd'.

as well. Several functions may not work. Quote: Originally Posted by TommyC7 I did not find evidence of either the file /usr/bin/volc or directory /usr/lib/volc by hand or via rkhunter. https://forums.malwarebytes.com/topic/78380-possible-rootkit-logs-included/?do=findComment&comment=403472 Possible > > rootkit: Xzibit Rootkit > > Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'.

Possible Rootkit (log included) Started by dscan , Sep 10 2009 12:35 AM This topic is locked 3 replies to this topic #1 dscan dscan Members 5 posts OFFLINE Local Possible > rootkit: Xzibit Rootkit That's perhaps a false alarm - using "hdparm" in these files is allowed. hello sandyd here is that log file , now what? LinuxQuestions.org > Forums > Linux Forums > Linux - Security [SOLVED] rkhunter 1.4.2 volc rootkit found & then gone?

  1. Regarding performance I think I recently noticed a slower start-up under OSX, could there be a connection?Please find the ComboFix log attached.Thanks for your expert advice.
  2. Last time I used a USB stick to download ComboFix from a clean OSX, this this I tried usign the web directly.
  3. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread.
  4. thorstenl Newbie Posts: 8 Re: Avast free warns for possible Rootkit, but does not remove or log. « Reply #2 on: November 04, 2012, 11:54:20 PM » Anti-Malware log attached...
  5. It's already fixed in the CVS version. > > > I'm also seeing this but I believe there was already an earlier thread > > on it: > > > >
  6. It's already fixed in the CVS version. > I'm also seeing this but I believe there was already an earlier thread > on it: > > Warning: SHV4 Rootkit > [
  7. I forgot that running rkhunter more than once will overwrite the /var/log/rkhunter.log file (and I overwrote rkhunter.log.old as well), so unfortunately I don't have the necessary rkhunter logs.
  8. This is on a Slackware system.
  9. Thank you very much.Best regards, Thorsten Logged essexboy Malware removal instructor Avast √úberevangelist Probably Bot Posts: 40699 Dragons by Sasha Re: Avast free warns for possible Rootkit, but does not remove
  10. Do your thing, and don't care if they like it.

They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own. https://ubuntuforums.org/showthread.php?t=2177662 here is my new log Code: [email protected]:~$ sudo rkhunter -c [ Rootkit Hunter version 1.4.0 ] Checking system commands... Please re-enable javascript to access full functionality. Possible rootkit: > > Xzibit Rootkit > > > Fixed in the CVS version, where it is possible to whitelist specific > strings in specific files. (In your case it would

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? http://computersciencehomeworkhelp.net/possible-rootkit/possible-rootkit-from-lan-party.html Do not mouse-click Combofix's window while it is running. Best regards, Thorsten Logged essexboy Malware removal instructor Avast √úberevangelist Probably Bot Posts: 40699 Dragons by Sasha Re: Avast free warns for possible Rootkit, but does not remove or log. « Required commands check failed Files checked: 137 Suspect files: 137 Rootkit checks...

Error code: 2S136/C Contact Us Existing user? Lo and behold that program now becomes the "problem" and the possible rootkit is detected. i mark this as solved but plz if anyone else know what is these 3 warnings i get plz lemme know thanks again ..... this content Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

Files checked: 136 Suspect files: 1 Rootkit checks... Logged thorstenl Newbie Posts: 8 Re: Avast free warns for possible Rootkit, but does not remove or log. « Reply #13 on: November 08, 2012, 08:27:02 AM » Right after posting THENDownload the latest version of TDSSKiller from here and save it to your Desktop.

Please don't fill out this field.

thorstenl Newbie Posts: 8 Avast free warns for possible Rootkit, but does not remove or log. « on: November 04, 2012, 11:45:45 PM » Dear Avast, Avast free warns for possible Search this Thread 05-01-2014, 11:45 PM #1 TommyC7 Member Registered: Mar 2012 Distribution: Slackware, CentOS, OpenBSD, FreeBSD Posts: 454 Rep: rkhunter 1.4.2 volc rootkit found & then gone? Re-scanning (twice, hence my lack of the necessary log) produced 0 rootkit results. 5. Contact Us | Hack Forums | Lite (Archive) Mode | Staff | Awards | Legal Policies | Top FAQ Forum Quick Links Unanswered Posts New Posts View Forum Leaders FAQ Contact

Are you trying to access administrative pages or a resource that you shouldn't be? Terms Privacy Opt Out Choices Advertise Get latest updates about Open Source Projects, Conferences and News. Logged thorstenl Newbie Posts: 8 Re: Avast free warns for possible Rootkit, but does not remove or log. « Reply #12 on: November 08, 2012, 08:07:32 AM » I ran ComboFix http://computersciencehomeworkhelp.net/possible-rootkit/possible-rootkit-infection.html The only thing worrying me: Is it possible that "Parallels tools" or "Bootcamp assistant" could contain the infection?

and im on ubuntu 13.4 and here is my log , thank you Code: Checking system commands... Click here to Register a free account now! It even does the same thing in safe mode. any suggestion please?

Register now! Anyone have a suggestion? are all included here. Back to top #3 sempai sempai noypi Malware Response Team 5,288 posts OFFLINE Gender:Male Location:3 stars and a sun Local time:09:55 AM Posted 24 September 2009 - 08:28 AM Hello

All Rights Reserved. If we have ever helped you in the past, please consider helping us. Possible > rootkit: Xzibit Rootkit > Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Login Username/Email: Password: Gauth/2FA: Ignore if you have not enabled this feature on your account. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Unable to logon to the system in normal boot mode (Windows XP - sp3). Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside