View Single Post
  #4  
Old 17th August 2007, 10:19
tristanlee85 tristanlee85 is offline
Senior Member
 
Join Date: Apr 2006
Posts: 199
Thanks: 3
Thanked 2 Times in 2 Posts
Default

Code:
Rootkit Hunter 1.2.9 is running

Determining OS... Ready


Checking binaries
* Selftests
     Strings (command)                                        [ OK ]


* System tools
Info: prelinked files found
  Performing 'known good' check...
   /bin/cat                                                   [ BAD ]
   /bin/chmod                                                 [ BAD ]
   /bin/chown                                                 [ BAD ]
   /bin/date                                                  [ BAD ]
   /bin/dmesg                                                 [ OK ]
   /bin/env                                                   [ BAD ]
   /bin/grep                                                  [ OK ]
   /bin/kill                                                  [ OK ]
   /bin/login                                                 [ OK ]
   /bin/ls                                                    [ BAD ]
   /bin/more                                                  [ OK ]
   /bin/mount                                                 [ OK ]
   /bin/netstat                                               [ BAD ]
   /bin/ps                                                    [ BAD ]
   /bin/su                                                    [ BAD ]
   /sbin/chkconfig                                            [ OK ]
   /sbin/depmod                                               [ OK ]
   /sbin/ifconfig                                             [ BAD ]
   /sbin/init                                                 [ OK ]
   /sbin/insmod                                               [ OK ]
   /sbin/ip                                                   [ OK ]
   /sbin/lsmod                                                [ OK ]
   /sbin/modinfo                                              [ OK ]
   /sbin/modprobe                                             [ OK ]
   /sbin/rmmod                                                [ OK ]
   /sbin/runlevel                                             [ OK ]
   /sbin/sulogin                                              [ OK ]
   /sbin/sysctl                                               [ OK ]
   /sbin/syslogd                                              [ OK ]
   /usr/bin/chattr                                            [ OK ]
   /usr/bin/du                                                [ BAD ]
   /usr/bin/file                                              [ OK ]
   /usr/bin/find                                              [ BAD ]
   /usr/bin/head                                              [ BAD ]
   /usr/bin/killall                                           [ OK ]
   /usr/bin/lsattr                                            [ OK ]
   /usr/bin/md5sum                                            [ BAD ]
   /usr/bin/passwd                                            [ OK ]
   /usr/bin/pstree                                            [ BAD ]
   /usr/bin/sha1sum                                           [ BAD ]
   /usr/bin/stat                                              [ BAD ]
   /usr/bin/top                                               [ BAD ]
   /usr/bin/users                                             [ BAD ]
   /usr/bin/vmstat                                            [ OK ]
   /usr/bin/w                                                 [ OK ]
   /usr/bin/watch                                             [ OK ]
   /usr/bin/wc                                                [ BAD ]
   /usr/bin/wget                                              [ BAD ]
   /usr/bin/whereis                                           [ OK ]
   /usr/bin/who                                               [ BAD ]
   /usr/bin/whoami                                            [ BAD ]
--------------------------------------------------------------------------------
Rootkit Hunter has found some bad or unknown hashes. This can happen due to replaced
binaries or updated packages (which give other hashes). Be sure your hashes are
up-to-date (rkhunter --update). If you're in doubt about these hashes, contact
us through the Rootkit Hunter mailinglist at rkhunter-users@lists.sourceforge.net.
--------------------------------------------------------------------------------

[Press <ENTER> to continue]

Check rootkits
* Default files and directories
   Rootkit '55808 Trojan - Variant A'...                      [ OK ]
   ADM Worm...                                                [ OK ]
   Rootkit 'AjaKit'...                                        [ OK ]
   Rootkit 'aPa Kit'...                                       [ OK ]
   Rootkit 'Apache Worm'...                                   [ OK ]
   Rootkit 'Ambient (ark) Rootkit'...                         [ OK ]
   Rootkit 'Balaur Rootkit'...                                [ OK ]
   Rootkit 'BeastKit'...                                      [ OK ]
   Rootkit 'beX2'...                                          [ OK ]
   Rootkit 'BOBKit'...                                        [ OK ]
   Rootkit 'CiNIK Worm (Slapper.B variant)'...                [ OK ]
   Rootkit 'Danny-Boy's Abuse Kit'...                         [ OK ]
   Rootkit 'Devil RootKit'...                                 [ OK ]
   Rootkit 'Dica'...                                          [ OK ]
   Rootkit 'Dreams Rootkit'...                                [ OK ]
   Rootkit 'Duarawkz'...                                      [ OK ]
   Rootkit 'Flea Linux Rootkit'...                            [ OK ]
   Rootkit 'FreeBSD Rootkit'...                               [ OK ]
   Rootkit 'Fuck`it Rootkit'...                               [ OK ]
   Rootkit 'GasKit'...                                        [ OK ]
   Rootkit 'Heroin LKM'...                                    [ OK ]
   Rootkit 'HjC Kit'...                                       [ OK ]
   Rootkit 'ignoKit'...                                       [ OK ]
   Rootkit 'ImperalsS-FBRK'...                                [ OK ]
   Rootkit 'Irix Rootkit'...                                  [ OK ]
   Rootkit 'Kitko'...                                         [ OK ]
   Rootkit 'Knark'...                                         [ OK ]
   Rootkit 'Li0n Worm'...                                     [ OK ]
   Rootkit 'Lockit / LJK2'...                                 [ OK ]
   Rootkit 'MRK'...                                           [ OK ]
   Rootkit 'Ni0 Rootkit'...                                   [ OK ]
   Rootkit 'RootKit for SunOS / NSDAP'...                     [ OK ]
   Rootkit 'Optic Kit (Tux)'...                               [ OK ]
   Rootkit 'Oz Rootkit'...                                    [ OK ]
   Rootkit 'Portacelo'...                                     [ OK ]
   Rootkit 'R3dstorm Toolkit'...                              [ OK ]
   Rootkit 'RH-Sharpe's rootkit'...                           [ OK ]
   Rootkit 'RSHA's rootkit'...                                [ OK ]
   Sebek LKM...                                               [ OK ]
   Rootkit 'Scalper Worm'...                                  [ OK ]
   Rootkit 'Shutdown'...                                      [ OK ]
   Rootkit 'SHV4'...                                          [ Warning! ]

             --------------------------------------------------------------------------------
             Found parts of this rootkit/trojan by checking the default files and directories
             Please inspect the available files, by running this check with the parameter
             --createlogfile and check the log file (current file: /dev/null).
             --------------------------------------------------------------------------------


[Press <ENTER> to continue]

   Rootkit 'SHV5'...                                          [ Warning! ]

             --------------------------------------------------------------------------------
             Found parts of this rootkit/trojan by checking the default files and directories
             Please inspect the available files, by running this check with the parameter
             --createlogfile and check the log file (current file: /dev/null).
             --------------------------------------------------------------------------------


[Press <ENTER> to continue]
Reply With Quote