Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Desktop Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd December 2009, 02:54
ensens ensens is offline
Member
 
Join Date: Mar 2007
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
Default chkrootkit indicates Suckit Rootkit. Rootkit Hunter does not.

Hello,

I'm using:
-chkrootkit version 0.48
-Rootkit Hunter version 1.3.4
-Ubuntu 9.10

I don't know much about computers.

A) Yesterday I ran 'chkrootkit' and it indicated:
- Searching for Suckit rootkit... Warning: /sbin/init INFECTED
Then, I ran 'rkhunter -c' and it said my PC did not have Suckit:
- Suckit Rootkit [ Not found ]

B) So, I thought my PC might be infected. So I reinstalled from scratch. After re-installing Ubuntu I installed 'chkrootkit' and ran it and it said:
- Searching for Suckit rootkit... nothing found

C) Next, I updated the system with Synaptic Package Manager. And I re-ran 'chkrootkit'. This time it found it again and said:
- Searching for Suckit rootkit... Warning: /sbin/init INFECTED
I also re-ran 'rkhunter -c'
- Suckit Rootkit [ Not found ]

D) What would you suggest the next step be? Should I ignore this?
Reply With Quote
Sponsored Links
  #2  
Old 23rd December 2009, 13:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by ensens View Post
C) Next, I updated the system with Synaptic Package Manager. And I re-ran 'chkrootkit'. This time it found it again and said:
- Searching for Suckit rootkit... Warning: /sbin/init INFECTED
I also re-ran 'rkhunter -c'
- Suckit Rootkit [ Not found ]
That's strange. It seems as if /sbin/init got updated, and chkrootkit doesn't know it and therefore thinks it's malware. Did you search Google if others have the same problem as well?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd December 2009, 19:03
ensens ensens is offline
Member
 
Join Date: Mar 2007
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

Thanks for your help. I just found out that it's a known issue:
- https://bugs.launchpad.net/ubuntu/+s...it/+bug/454566
- http://forums.gentoo.org/viewtopic-t...ht-suckit.html

Last edited by ensens; 23rd December 2009 at 19:15.
Reply With Quote
Reply

Bookmarks

Tags
chkrootkit, hunter, rootkit, suckit

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter Tripple Installation/Configuration 22 13th May 2014 23:03
Debian 5.0 'hangs' GHz Installation/Configuration 5 1st October 2009 12:57
domains not accessible gillesdevals Installation/Configuration 3 17th June 2009 09:12
Server Randomly Kills ALL Internet Connectivity for ALL Devices giganet Server Operation 5 11th June 2009 17:33
Possible hack attempt? tristanlee85 General 18 31st October 2007 15:05


All times are GMT +2. The time now is 10:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.