Virus / Root Kit Found

Discussion in 'General' started by alexillsley, Mar 25, 2007.

  1. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    Hello,
    I have just discorverd i have got a rootkit on my server, how can i remove it?
    Code:
    OSSEC HIDS Notification.
    2007 Mar 25 17:31:20
    
    Received From: server1->rootcheck
    Rule: 14 fired (level 8) -> "Rootkit detection engine message"
    Portion of the log(s):
    
    Rootkit 'ZK' detected by the presence of file '/etc/sysconfig/console/load.zk'.
    Please help,
    Alex
     
  2. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    I did a quick search on google and appears that files isnt actually a virus
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Which scanner do you used to detect that? rkhunter or chkrootkit?
     
  4. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe you should check your system with rkhunter too to be sure everything is ok. rkhunter can be downloaded here:

    http://www.rootkit.nl
     
  6. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    Hi,
    Thanks, i just installed rkhunter through yast, and it came out with no virus or root kits, looks safe:)
    Alex
     

Share This Page