Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   Fedora 15 INFECTED Help Please! (http://www.linux-archive.org/fedora-user/537257-fedora-15-infected-help-please.html)

Manuel Escudero 06-09-2011 08:58 AM

Fedora 15 INFECTED Help Please!
 
Hi, Some days ago, I noticed a BIG DECREASE of the performance
in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions)
and, as part of my maintenance plan, I ran a rootkit search, because


it was awful! reeeeally slow...

My Surprise was, I'm ACTUALLY infected with the "Suckit rootkit"
and god knows what else... For Now, I will run a Virus Search with
Avast! free in Fedora, but I was hoping somebody tell me what to


do in this situations, and why that happened, also I want to know
what the suckit rootkit does and if I have more problems, here's
the output of chkrootkit:

http://pastebin.com/qqFT2QuH



P.S. As you can see in the output, I might also have a Trojan installed (Line 111)
and no matter how many times I run the tool, I get the same results, "suckit rootkit"
(Line 89) and the trojan, (I do not see other problems, can you?)



I've been using Fedora since F12 and running chkrootkit since F14, NEVER HAD A PROBLEM
BEFORE or Decreasing of performance, Why now? is it because of BTRFS? is it because of F15 updates?

Thanks!


--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick@googlewave.com
@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)


PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Michael Schwendt 06-09-2011 09:22 AM

Fedora 15 INFECTED Help Please!
 
On Thu, 9 Jun 2011 03:58:21 -0500, ME wrote:

> Hi, Some days ago, I noticed a BIG DECREASE of the performance
> in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions)
> and, as part of my maintenance plan, I ran a rootkit search, because
> it was awful! reeeeally slow...
>
> My Surprise was, I'm ACTUALLY infected with the "Suckit rootkit"
> and god knows what else... For Now, I will run a Virus Search with
> Avast! free in Fedora, but I was hoping somebody tell me what to
> do in this situations, and why that happened, also I want to know
> what the suckit rootkit does and if I have more problems, here's
> the output of chkrootkit:
>
> http://pastebin.com/qqFT2QuH

Please don't jump to conclusions.
How about reading the chkrootkit documentation files first?
Especially the one added by Fedora.

The warning about /sbin/init is a false positive:
http://bugz.fedoraproject.org/chkrootkit

The other one may need further investigation, but as chkrootkit is just an
old shell script that isn't 100%, it could be a false positive, too. It's
meant to help you, not to take over all of the work.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Ed Greshko 06-09-2011 09:24 AM

Fedora 15 INFECTED Help Please!
 
On 06/09/2011 04:58 PM, Manuel Escudero wrote:
> Hi, Some days ago, I noticed a BIG DECREASE of the performance
> in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions)
> and, as part of my maintenance plan, I ran a rootkit search, because
> it was awful! reeeeally slow...
>
> My Surprise was, I'm ACTUALLY infected with the "Suckit rootkit"
> and god knows what else... For Now, I will run a Virus Search with
> Avast! free in Fedora, but I was hoping somebody tell me what to
> do in this situations, and why that happened, also I want to know
> what the suckit rootkit does and if I have more problems, here's
> the output of chkrootkit:
>
> http://pastebin.com/qqFT2QuH
>
> P.S. As you can see in the output, I might also have a Trojan
> installed (Line 111)
> and no matter how many times I run the tool, I get the same results,
> "suckit rootkit"
> (Line 89) and the trojan, (I do not see other problems, can you?)
>
> I've been using Fedora since F12 and running chkrootkit since F14,
> NEVER HAD A PROBLEM
> BEFORE or Decreasing of performance, Why now? is it because of BTRFS?
> is it because of F15 updates?

You should run rkhunter as well.... A quick google of the issue you
mention shows others have determined this to be a "false positive".

Also see....

https://bugzilla.redhat.com/show_bug.cgi?id=636231


Ed


* Unknown - detected
* English
* Chinese (Simplified)
* Chinese (Traditional)
* Japanese
* Korean

* English
* Chinese (Simplified)
* Chinese (Traditional)
* Japanese
* Korean

<javascript:void(0);><#>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 04:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.