FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-09-2011, 10:02 AM
JB
 
Default Fedora 15 INFECTED Help Please!

Manuel Escudero <Jmlevick <at> gmail.com> writes:

> ...

Get a live-cd like Knoppix or other (security) distro with:
chkrootkit
rkhunter

(check its repo for actual presence of these sec tools before).

Download and burn the cd on a separate machine.

Then run it (obviously in read-only mode) on your suspect machine, executing
both sec tools.

JB



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 12:14 PM
"Garry T. Williams"
 
Default Fedora 15 INFECTED Help Please!

On Thursday, June 09, 2011 04:58:21 Manuel Escudero wrote:
> Hi, Some days ago, I noticed a BIG DECREASE of the performance
> in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions)

Try an update to kernel-2.6.38.7-30.fc15 . This helped with my
performance problem using btrfs.

--
Garry Williams
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 03:37 PM
Manuel Escudero
 
Default Fedora 15 INFECTED Help Please!

2011/6/9 Garry T. Williams <gtwilliams@gmail.com>


On Thursday, June 09, 2011 04:58:21 Manuel Escudero wrote:

> Hi, Some days ago, I noticed a BIG DECREASE of the performance

> in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions)



Try an update to kernel-2.6.38.7-30.fc15 . *This helped with my

performance problem using btrfs.



--

Garry Williams

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


@Michael, Ed: Yep. Found the bug doing a google search,it turns out I can discard "suckit rootkit".*
@Everyone: I ran a scan with rkhunter, all was clear.

also in the Avast! scan, all things were clear, (a false positiveof a trojan in my Windows 7 VM's HDD) but that was all...
This only leave 3 doubts... What about the Trojan mentioned

in line 111 of chkrootkit's output? and the "deletions" mentionedon line 117, what does that mean?
My last doubt is: If there's no virus/security issue in the machine,

why am I experiencing a very poor performance in comparison withThe time when the machine use to Have F14 + KDE? the CPU sometimesgo up to 100% usage without doing anything and the PC looses "responsiveness"

The worst part is when running a VirtualBox VM, it's so slow, and it crashes andforces the system a lot, that didn't happened in F14, the VM is the same one.
@Garry: My "uname -r" shows:*2.6.38.7-30.fc15.x86_64


So, Why the performance decrease? Everything is configured the exactsame way I had it in F14, Thanks.
--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick@googlewave.com


@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 03:37 PM
Manuel Escudero
 
Default Fedora 15 INFECTED Help Please!

2011/6/9 Garry T. Williams <gtwilliams@gmail.com>


On Thursday, June 09, 2011 04:58:21 Manuel Escudero wrote:

> Hi, Some days ago, I noticed a BIG DECREASE of the performance

> in my Fedora 15 System (64 Bits, KDE encrypted BTRFS partitions)



Try an update to kernel-2.6.38.7-30.fc15 . *This helped with my

performance problem using btrfs.



--

Garry Williams

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


@Michael, Ed: Yep. Found the bug doing a google search,it turns out I can discard "suckit rootkit".*
@Everyone: I ran a scan with rkhunter, all was clear.

also in the Avast! scan, all things were clear, (a false positiveof a trojan in my Windows 7 VM's HDD) but that was all...
This only leave 3 doubts... What about the Trojan mentioned

in line 111 of chkrootkit's output? and the "deletions" mentionedon line 117, what does that mean?
My last doubt is: If there's no virus/security issue in the machine,

why am I experiencing a very poor performance in comparison withThe time when the machine use to Have F14 + KDE? the CPU sometimesgo up to 100% usage without doing anything and the PC looses "responsiveness"

The worst part is when running a VirtualBox VM, it's so slow, and it crashes andforces the system a lot, that didn't happened in F14, the VM is the same one.
@Garry: My "uname -r" shows:*2.6.38.7-30.fc15.x86_64


So, Why the performance decrease? Everything is configured the exactsame way I had it in F14, Thanks.
--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick@googlewave.com


@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 07:17 PM
Michael Schwendt
 
Default Fedora 15 INFECTED Help Please!

On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote:

> This only leave 3 doubts... What about the Trojan mentioned
> in line 111 of chkrootkit's output?

Run this:

/usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib

It if isn't silent, it believes something is wrong with the link count of
the directories and it concludes that there could be hidden directories.
This may be because you're using "btrfs" instead of ext4. Could be a bug
in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno.
Somebody might want to investigate it.

> and the "deletions" mentioned
> on line 117, what does that mean?

It's the result of running

/usr/lib64/chkrootkit-0.49/chkwtmp

and it may be necessary to examine whether the chkwtmp tool still does
what it's supposed to do (check for deletions). Perhaps it's just broken
on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in
the past, their C code isn't pretty, and not all bug-fixes have been
applied in upstream chkrootkit yet either.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 11:50 PM
Manuel Escudero
 
Default Fedora 15 INFECTED Help Please!

2011/6/9 Michael Schwendt <mschwendt@gmail.com>


On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote:



> This only leave 3 doubts... What about the Trojan mentioned

> in line 111 of chkrootkit's output?



Run this:



*/usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib



It if isn't silent, it believes something is wrong with the link count of

the directories and it concludes that there could be hidden directories.

This may be because you're using "btrfs" instead of ext4. Could be a bug

in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno.

Somebody might want to investigate it.



> and the "deletions" mentioned

> on line 117, what does that mean?



It's the result of running



*/usr/lib64/chkrootkit-0.49/chkwtmp



and it may be necessary to examine whether the chkwtmp tool still does

what it's supposed to do (check for deletions). Perhaps it's just broken

on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in

the past, their C code isn't pretty, and not all bug-fixes have been

applied in upstream chkrootkit yet either.

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


@Michael: Thanks for all the info and the tips, I'm more*paceful now...
Did some performance Tweaks in the machine and Everythingworks just fine, discovered that the issue with the VM was fault

of Virtualbox 4.0.8 and had to downgrade to 4.0.6, Now I can workas fast as always... (I reported the issue in Vbox Forums)
is good to have a community to talk to.


Thanks to everyone!!
Have a nice day.
--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick@googlewave.com


@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664* 3E22 88C8 DFC9 4D7C 1B35



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 07:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org