Fedora 15 INFECTED Help Please!
Manuel Escudero <Jmlevick <at> gmail.com> writes:
> ... Get a live-cd like Knoppix or other (security) distro with: chkrootkit rkhunter (check its repo for actual presence of these sec tools before). Download and burn the cd on a separate machine. Then run it (obviously in read-only mode) on your suspect machine, executing both sec tools. JB -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Fedora 15 INFECTED Help Please!
On Thursday, June 09, 2011 04:58:21 Manuel Escudero wrote:
> Hi, Some days ago, I noticed a BIG DECREASE of the performance > in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions) Try an update to kernel-2.6.38.7-30.fc15 . This helped with my performance problem using btrfs. -- Garry Williams -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Fedora 15 INFECTED Help Please!
2011/6/9 Garry T. Williams <gtwilliams@gmail.com>
On Thursday, June 09, 2011 04:58:21 Manuel Escudero wrote: > Hi, Some days ago, I noticed a BIG DECREASE of the performance > in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions) Try an update to kernel-2.6.38.7-30.fc15 . *This helped with my performance problem using btrfs. -- Garry Williams -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines @Michael, Ed: Yep. Found the bug doing a google search,it turns out I can discard "suckit rootkit".* @Everyone: I ran a scan with rkhunter, all was clear. also in the Avast! scan, all things were clear, (a false positiveof a trojan in my Windows 7 VM's HDD) but that was all... This only leave 3 doubts... What about the Trojan mentioned in line 111 of chkrootkit's output? and the "deletions" mentionedon line 117, what does that mean? My last doubt is: If there's no virus/security issue in the machine, why am I experiencing a very poor performance in comparison withThe time when the machine use to Have F14 + KDE? the CPU sometimesgo up to 100% usage without doing anything and the PC looses "responsiveness" The worst part is when running a VirtualBox VM, it's so slow, and it crashes andforces the system a lot, that didn't happened in F14, the VM is the same one. @Garry: My "uname -r" shows:*2.6.38.7-30.fc15.x86_64 :) So, Why the performance decrease? Everything is configured the exactsame way I had it in F14, Thanks. -- <-Manuel Escudero-> Linux User #509052 @GWave: jmlevick@googlewave.com @Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog) PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Fedora 15 INFECTED Help Please!
2011/6/9 Garry T. Williams <gtwilliams@gmail.com>
On Thursday, June 09, 2011 04:58:21 Manuel Escudero wrote: > Hi, Some days ago, I noticed a BIG DECREASE of the performance > in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions) Try an update to kernel-2.6.38.7-30.fc15 . *This helped with my performance problem using btrfs. -- Garry Williams -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines @Michael, Ed: Yep. Found the bug doing a google search,it turns out I can discard "suckit rootkit".* @Everyone: I ran a scan with rkhunter, all was clear. also in the Avast! scan, all things were clear, (a false positiveof a trojan in my Windows 7 VM's HDD) but that was all... This only leave 3 doubts... What about the Trojan mentioned in line 111 of chkrootkit's output? and the "deletions" mentionedon line 117, what does that mean? My last doubt is: If there's no virus/security issue in the machine, why am I experiencing a very poor performance in comparison withThe time when the machine use to Have F14 + KDE? the CPU sometimesgo up to 100% usage without doing anything and the PC looses "responsiveness" The worst part is when running a VirtualBox VM, it's so slow, and it crashes andforces the system a lot, that didn't happened in F14, the VM is the same one. @Garry: My "uname -r" shows:*2.6.38.7-30.fc15.x86_64 :) So, Why the performance decrease? Everything is configured the exactsame way I had it in F14, Thanks. -- <-Manuel Escudero-> Linux User #509052 @GWave: jmlevick@googlewave.com @Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog) PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Fedora 15 INFECTED Help Please!
On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote:
> This only leave 3 doubts... What about the Trojan mentioned > in line 111 of chkrootkit's output? Run this: /usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib It if isn't silent, it believes something is wrong with the link count of the directories and it concludes that there could be hidden directories. This may be because you're using "btrfs" instead of ext4. Could be a bug in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno. Somebody might want to investigate it. > and the "deletions" mentioned > on line 117, what does that mean? It's the result of running /usr/lib64/chkrootkit-0.49/chkwtmp and it may be necessary to examine whether the chkwtmp tool still does what it's supposed to do (check for deletions). Perhaps it's just broken on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in the past, their C code isn't pretty, and not all bug-fixes have been applied in upstream chkrootkit yet either. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Fedora 15 INFECTED Help Please!
2011/6/9 Michael Schwendt <mschwendt@gmail.com>
On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote: > This only leave 3 doubts... What about the Trojan mentioned > in line 111 of chkrootkit's output? Run this: */usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib It if isn't silent, it believes something is wrong with the link count of the directories and it concludes that there could be hidden directories. This may be because you're using "btrfs" instead of ext4. Could be a bug in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno. Somebody might want to investigate it. > and the "deletions" mentioned > on line 117, what does that mean? It's the result of running */usr/lib64/chkrootkit-0.49/chkwtmp and it may be necessary to examine whether the chkwtmp tool still does what it's supposed to do (check for deletions). Perhaps it's just broken on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in the past, their C code isn't pretty, and not all bug-fixes have been applied in upstream chkrootkit yet either. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines @Michael: Thanks for all the info and the tips, I'm more*paceful now... Did some performance Tweaks in the machine and Everythingworks just fine, discovered that the issue with the VM was fault of Virtualbox 4.0.8 and had to downgrade to 4.0.6, Now I can workas fast as always... (I reported the issue in Vbox Forums) is good to have a community to talk to. Thanks to everyone!! Have a nice day. -- <-Manuel Escudero-> Linux User #509052 @GWave: jmlevick@googlewave.com @Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog) PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
| All times are GMT. The time now is 04:58 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.