Trojan

Jean-Pierre -  
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

Nous avons un Trojan sur notre machine qui, à chaque connexion SSH, vient écrire un "log" dans un fichier avec le user et le mot de passe....
Je ne parviens pas à détecter à quel endroit ces &àç°+ç biiiiiiiiip on placé leur procédure ni comment elle est appellée ?

Quelqu'un a t'il une idée ?

Merci infiniment....

16 réponses

Réponse 1 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Salut,

Peux tu afficher une partie de log?!
0
Réponse 2 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

J'ai supprimé ton message puisque tu as mis ton ip (si tu veux la sécurité alors il faut la préserver ;-)
Affiche le résultat de 
ls -l /dev/puila
0
Jean-Pierre
 
Tu as raison (mais bon, l'IP c'est celle de ma freebox....)

Ca donne :

-rw-r--r-- 1 root root 184 2008-12-21 15:17 /dev/puila

JP
0
Réponse 3 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Il n'y a pas des raisons qu'un fichier régulier soit créer dans /dev
Il contient quoi ce fichier?

Affiche le résultat de 
rgrep -H puila / 2>/dev/null
0
Jean-Pierre
 
En attendant la réponse (ça risque de prendre du temps !!!)

rkhunter me signale ceci :

Rootkit 'SHV5'... [ Warning! ]
0
Réponse 4 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Salut,

tape 
rkhunter -c --createlogfile rkhunter.log
et affiche ici ou mets sur cjoint.com le fichier rkhunter.log
0
Jean-Pierre
 
Le voici le voila...

[17:35:43] Running Rootkit Hunter 1.2.9 on ik55027
[17:35:43]
Rootkit Hunter 1.2.9, Copyright 2003-2006, Michael Boelen

Under active development by the Rootkit Hunter project team. For reporting
bugs, updates, patches, comments and questions see: rkhunter.sourceforge.net

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under the terms of the GNU General
Public License. See LICENSE for details.

[17:35:44] Info: Shell /bin/bash
[17:35:44] ------------------------ Configuration check --------------------------
[17:35:44] Parsing configuration file (/etc/rkhunter.conf)
[17:35:44] Info: No mail-on-warning address configured
[17:35:44] Info: Using /var/lib/rkhunter/tmp as temporary directory
[17:35:46] Info: Using /var/lib/rkhunter/db as database directory
[17:35:46] Info: Using '/usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /bin /sbin /sw/bin /usr/local/libexec /usr/libexec' as binary directory
[17:35:46] -------------------------- Application scan ---------------------------
[17:35:46] Found /usr/bin/find
[17:35:46] Found /usr/bin/lsattr
[17:35:46] Found /usr/bin/lsof
[17:35:46] Found /usr/bin/md5sum
[17:35:46] Found /usr/bin/stat
[17:35:46] Found /usr/bin/strings
[17:35:46] Found /usr/bin/wget
[17:35:46] Found /usr/bin/perl (version 5.8.8)
[17:35:46] Found /bin/ip
[17:35:46] Found /bin/ls
[17:35:46] Found /bin/lsmod
[17:35:46] Found /bin/ps
[17:35:46] Found /bin/readlink
[17:35:46] Found /sbin/ip
[17:35:46] Found /sbin/ifconfig
[17:35:46] Found /sbin/lsmod
[17:35:46] Info: WGET found
[17:35:46] Info: NMAP not found
[17:35:47] Info: LSOF found
[17:35:47] Info: ip found
[17:35:47] Application scan ended
[17:35:47] ---------------------------- System checks ----------------------------
[17:35:51] Info: kernel is 2.6
[17:35:52] Info: Found /etc/debian_version
[17:35:53] Info: Full OS name = Debian 4.0 (i386)
[17:35:53] Info: OS ID = 730
[17:35:53] Info: Found MD5 command /usr/bin/md5sum
[17:35:53] Info: Perl version 5.8.8 found
[17:35:55] Info: Perl module Digest::MD5 installed (version 2.36).
[17:35:55] Info: Perl module Digest::SHA1 installed (version 2.11).
[17:35:56] Info: Using perl module Digest::MD5 to verify MD5 hashes
[17:35:56] Info: using /var/lib/rkhunter/tmp as temporary directory
[17:35:56] Info: UID is zero (root)
[17:35:56] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)
[17:35:56] ---------------------------- File checks -----------------------------
[17:35:56] Checking /var/lib/rkhunter/db/md5blacklist.dat... OK
[17:35:56] Checking /var/lib/rkhunter/db/mirrors.dat... OK
[17:35:56] Checking /var/lib/rkhunter/db/programs_bad.dat... OK
[17:35:56] Checking /var/lib/rkhunter/db/programs_good.dat... OK
[17:36:02] ------------------------------ Selftests ------------------------------
[17:36:02] Strings selftest: scanning for string /usr/sbin/ntpsx... OK
[17:36:03] Strings selftest: scanning for string /usr/lib/.../ls... OK
[17:36:04] Strings selftest: scanning for string /usr/lib/.../netstat... OK
[17:36:04] Strings selftest: scanning for string /usr/lib/.../lsof... OK
[17:36:04] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg... OK
[17:36:05] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shhk... OK
[17:36:05] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-pw... OK
[17:36:06] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shrs... OK
[17:36:06] Strings selftest: scanning for string /usr/lib/.../uconf.inv... OK
[17:36:07] Strings selftest: scanning for string /usr/lib/.../psr... OK
[17:36:07] Strings selftest: scanning for string /usr/lib/.../find... OK
[17:36:08] Strings selftest: scanning for string /usr/lib/.../pstree... OK
[17:36:08] Strings selftest: scanning for string /usr/lib/.../slocate... OK
[17:36:08] Strings selftest: scanning for string /usr/lib/.../du... OK
[17:36:09] Strings selftest: scanning for string /usr/lib/.../top... OK
[17:36:09] Strings selftest: scanning for string /usr/lib/...... OK
[17:36:10] Strings selftest: scanning for string /usr/lib/.../bkit-ssh... OK
[17:36:10] Strings selftest: scanning for string /usr/lib/.bkit-... OK
[17:36:10] Strings selftest: scanning for string /tmp/.bkp... OK
[17:36:11] Strings selftest: scanning for string /tmp/.cinik... OK
[17:36:12] Strings selftest: scanning for string /tmp/.font-unix/.cinik... OK
[17:36:12] Strings selftest: scanning for string /lib/.sso... OK
[17:36:12] Strings selftest: scanning for string /lib/.so... OK
[17:36:13] Strings selftest: scanning for string /var/run/...dica/clean... OK
[17:36:14] Strings selftest: scanning for string /var/run/...dica/xl... OK
[17:36:14] Strings selftest: scanning for string /var/run/...dica/xdr... OK
[17:36:15] Strings selftest: scanning for string /var/run/...dica/psg... OK
[17:36:16] Strings selftest: scanning for string /var/run/...dica/secure... OK
[17:36:17] Strings selftest: scanning for string /var/run/...dica/rdx... OK
[17:36:17] Strings selftest: scanning for string /var/run/...dica/va... OK
[17:36:18] Strings selftest: scanning for string /var/run/...dica/cl.sh... OK
[17:36:18] Strings selftest: scanning for string /usr/bin/.etc... OK
[17:36:18] Strings selftest: scanning for string /usr/lib/.fx/sched_host.2... OK
[17:36:19] Strings selftest: scanning for string /usr/lib/.fx/random_d.2... OK
[17:36:20] Strings selftest: scanning for string /usr/lib/.fx/set_pid.2... OK
[17:36:20] Strings selftest: scanning for string /usr/lib/.fx/cons.saver... OK
[17:36:21] Strings selftest: scanning for string /usr/lib/.fx/adore/adore/adore.ko... OK
[17:36:22] Strings selftest: scanning for string /bin/sysback... OK
[17:36:22] Strings selftest: scanning for string /usr/local/bin/sysback... OK
[17:36:22] Strings selftest: scanning for string /usr/lib/.tbd... OK
[17:36:23] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rns... OK
[17:36:24] Strings selftest: scanning for string /dev/.lib/lib/lib/du... OK
[17:36:24] Strings selftest: scanning for string /dev/.lib/lib/lib/ls... OK
[17:36:24] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnsb... OK
[17:36:24] Strings selftest: scanning for string /dev/.lib/lib/lib/ps... OK
[17:36:25] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnp... OK
[17:36:25] Strings selftest: scanning for string /dev/.lib/lib/lib/find... OK
[17:36:26] Strings selftest: scanning for string /dev/.lib/lib/lib/ifconfig... OK
[17:36:26] Strings selftest: scanning for string /dev/.lib/lib/lib/pg... OK
[17:36:26] Strings selftest: scanning for string /dev/.lib/lib/lib/ssh.tgz... OK
[17:36:27] Strings selftest: scanning for string /dev/.lib/lib/lib/top... OK
[17:36:27] Strings selftest: scanning for string /dev/.lib/lib/lib/sz... OK
[17:36:27] Strings selftest: scanning for string /dev/.lib/lib/lib/login... OK
[17:36:28] Strings selftest: scanning for string /dev/.lib/lib/lib/in.fingerd... OK
[17:36:28] Strings selftest: scanning for string /dev/.lib/lib/lib/1i0n.sh... OK
[17:36:29] Strings selftest: scanning for string /dev/.lib/lib/lib/pstree... OK
[17:36:29] Strings selftest: scanning for string /dev/.lib/lib/lib/in.telnetd... OK
[17:36:29] Strings selftest: scanning for string /dev/.lib/lib/lib/mjy... OK
[17:36:30] Strings selftest: scanning for string /dev/.lib/lib/lib/sush... OK
[17:36:30] Strings selftest: scanning for string /dev/.lib/lib/lib/tfn... OK
[17:36:31] Strings selftest: scanning for string /dev/.lib/lib/lib/name... OK
[17:36:31] Strings selftest: scanning for string /dev/.lib/lib/lib/getip.sh... OK
[17:36:31] Strings selftest: scanning for string /usr/info/.torn/sh*... OK
[17:36:32] Strings selftest: scanning for string /usr/src/.puta/... OK
[17:36:32] Strings selftest: scanning for string /usr/src/.puta/.1addr... OK
[17:36:33] Strings selftest: scanning for string /usr/src/.puta/.1file... OK
[17:36:33] Strings selftest: scanning for string /usr/src/.puta/.1proc... OK
[17:36:34] Strings selftest: scanning for string /usr/src/.puta/.1logz... OK
[17:36:35] Strings selftest: scanning for string /usr/info/.t0rn/... OK
[17:36:35] Strings selftest: scanning for string /dev/.lib/... OK
[17:36:36] Strings selftest: scanning for string /dev/.lib/lib/... OK
[17:36:36] Strings selftest: scanning for string /dev/.lib/lib/lib/... OK
[17:36:36] Strings selftest: scanning for string /dev/.lib/lib/lib/dev/... OK
[17:36:37] Strings selftest: scanning for string /dev/.lib/lib/scan/... OK
[17:36:37] Strings selftest: scanning for string /usr/src/.puta/... OK
[17:36:38] Strings selftest: scanning for string /usr/man/man1/man1/... OK
[17:36:38] Strings selftest: scanning for string /usr/man/man1/man1/lib/... OK
[17:36:38] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/... OK
[17:36:38] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/.backup/... OK
[17:36:40] ---------------------------- MD5 hash tests ---------------------------
[17:36:41] Starting MD5 checksum test (/usr/share/rkhunter/scripts/filehashmd5.pl)
[17:39:28] Info: Check skipped - no hashes available
[17:39:34] ------------------------------ Rootkits ------------------------------
[17:39:36] *** Start scan 55808 Trojan - Variant A ***
[17:39:36] - File /tmp/.../r... OK. Not found.
[17:39:36] - File /tmp/.../a... OK. Not found.
[17:39:39] Checking /etc/passwd for presence of ADM worm
OK
[17:39:41] *** Start scan AjaKit ***
[17:39:41] - File /dev/tux/.addr... OK. Not found.
[17:39:41] - File /dev/tux/.proc... OK. Not found.
[17:39:41] - File /dev/tux/.file... OK. Not found.
[17:39:41] - File /lib/.libgh-gh/cleaner... OK. Not found.
[17:39:41] - File /lib/.libgh-gh/Patch/patch... OK. Not found.
[17:39:41] - File /lib/.libgh-gh/sb0k... OK. Not found.
[17:39:41] - Directory /dev/tux... OK. Not found.
[17:39:41] - Directory /lib/.libgh-gh... OK. Not found.
[17:39:44] *** Start scan aPa Kit ***
[17:39:45] - File /usr/share/.aPa... OK. Not found.
[17:39:47] *** Start scan Apache Worm ***
[17:39:47] - File /bin/.log... OK. Not found.
[17:39:49] *** Start scan Ambient (ark) Rootkit ***
[17:39:49] - File /usr/lib/.ark?... OK. Not found.
[17:39:49] - File /dev/ptyxx/.log... OK. Not found.
[17:39:50] - File /dev/ptyxx/.file... OK. Not found.
[17:39:50] - Directory /dev/ptyxx... OK. Not found.
[17:39:52] *** Start scan Balaur Rootkit ***
[17:39:52] - File /usr/lib/liblog.o... OK. Not found.
[17:39:52] - Directory /usr/lib/.kinetic... OK. Not found.
[17:39:52] - Directory /usr/lib/.egcs... OK. Not found.
[17:39:52] - Directory /usr/lib/.wormie... OK. Not found.
[17:39:54] *** Start scan BeastKit ***
[17:39:54] - File /usr/sbin/arobia... OK. Not found.
[17:39:54] - File /usr/sbin/idrun... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm/hk... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm/hk.pub... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm/sc... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm/sd.pp... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm/sdco... OK. Not found.
[17:39:54] - File /usr/lib/elm/arobia/elm/srsd... OK. Not found.
[17:39:54] - Directory /lib/ldd.so/bktools... OK. Not found.
[17:39:57] *** Start scan beX2 ***
[17:39:57] - Directory //usr/include/bex... OK. Not found.
[17:39:59] *** Start scan BOBKit ***
[17:39:59] - File /usr/sbin/ntpsx... OK. Not found.
[17:39:59] - File /usr/lib/.../ls... OK. Not found.
[17:40:00] - File /usr/lib/.../netstat... OK. Not found.
[17:40:00] - File /usr/lib/.../lsof... OK. Not found.
[17:40:00] - File /usr/lib/.../bkit-ssh/bkit-shdcfg... OK. Not found.
[17:40:00] - File /usr/lib/.../bkit-ssh/bkit-shhk... OK. Not found.
[17:40:00] - File /usr/lib/.../bkit-ssh/bkit-pw... OK. Not found.
[17:40:01] - File /usr/lib/.../bkit-ssh/bkit-shrs... OK. Not found.
[17:40:01] - File /usr/lib/.../uconf.inv... OK. Not found.
[17:40:01] - File /usr/lib/.../psr... OK. Not found.
[17:40:01] - File /usr/lib/.../find... OK. Not found.
[17:40:01] - File /usr/lib/.../pstree... OK. Not found.
[17:40:01] - File /usr/lib/.../slocate... OK. Not found.
[17:40:01] - File /usr/lib/.../du... OK. Not found.
[17:40:01] - File /usr/lib/.../top... OK. Not found.
[17:40:01] - Directory /usr/lib/...... OK. Not found.
[17:40:02] - Directory /usr/lib/.../bkit-ssh... OK. Not found.
[17:40:02] - Directory /usr/lib/.bkit-... OK. Not found.
[17:40:02] - Directory /tmp/.bkp... OK. Not found.
[17:40:04] *** Start scan CiNIK Worm (Slapper.B variant) ***
[17:40:04] - File /tmp/.cinik... OK. Not found.
[17:40:06] *** Start scan Danny-Boy's Abuse Kit ***
[17:40:08] *** Start scan Devil RootKit ***
[17:40:08] - File /var/lib/games/.src... OK. Not found.
[17:40:08] - File /dev/dsx... OK. Not found.
[17:40:08] - File /dev/caca... OK. Not found.
[17:40:11] *** Start scan Dica ***
[17:40:11] - File /lib/.sso... OK. Not found.
[17:40:11] - File /lib/.so... OK. Not found.
[17:40:11] - File /var/run/...dica/clean... OK. Not found.
[17:40:11] - File /var/run/...dica/xl... OK. Not found.
[17:40:11] - File /var/run/...dica/xdr... OK. Not found.
[17:40:11] - File /var/run/...dica/psg... OK. Not found.
[17:40:11] - File /var/run/...dica/secure... OK. Not found.
[17:40:12] - File /var/run/...dica/rdx... OK. Not found.
[17:40:12] - File /var/run/...dica/va... OK. Not found.
[17:40:12] - File /var/run/...dica/cl.sh... OK. Not found.
[17:40:12] - File /usr/bin/.etc... OK. Not found.
[17:40:12] - Directory /var/run/...dica... OK. Not found.
[17:40:12] - Directory /var/run/...dica/mh... OK. Not found.
[17:40:12] - Directory /var/run/...dica/scan... OK. Not found.
[17:40:14] *** Start scan Dreams Rootkit ***
[17:40:14] - File /dev/ttyoa... OK. Not found.
[17:40:14] - File /dev/ttyof... OK. Not found.
[17:40:14] - File /dev/ttyop... OK. Not found.
[17:40:14] - File /usr/bin/sense... OK. Not found.
[17:40:14] - File /usr/bin/sl2... OK. Not found.
[17:40:15] - File /usr/bin/logclear... OK. Not found.
[17:40:15] - File /usr/bin/(swapd)... OK. Not found.
[17:40:15] - File /usr/bin/snfs... OK. Not found.
[17:40:15] - File /usr/lib/libsss... OK. Not found.
[17:40:15] - Directory /dev/ida/.hpd... OK. Not found.
[17:40:17] *** Start scan Duarawkz ***
[17:40:17] - File /usr/bin/duarawkz/loginpass... OK. Not found.
[17:40:17] - Directory /usr/bin/duarawkz... OK. Not found.
[17:40:20] *** Start scan Flea Linux Rootkit ***
[17:40:20] - File /etc/ld.so.hash... OK. Not found.
[17:40:20] - File /lib/security/.config/ssh/ssh_host_key... OK. Not found.
[17:40:20] - File /lib/security/.config/ssh/ssh_host_key.pub... OK. Not found.
[17:40:20] - File /lib/security/.config/ssh/ssh_random_seed... OK. Not found.
[17:40:20] - File /usr/bin/ssh2d... OK. Not found.
[17:40:20] - File /usr/lib/ldlibns.so... OK. Not found.
[17:40:21] - File /usr/lib/ldlibpst.so... OK. Not found.
[17:40:22] - File /usr/lib/ldlibdu.so... OK. Not found.
[17:40:22] - File /usr/lib/ldlibct.so... OK. Not found.
[17:40:22] - Directory /lib/security/.config/ssh... OK. Not found.
[17:40:22] - Directory /dev/..0... OK. Not found.
[17:40:22] - Directory /dev/..0/backup... OK. Not found.
[17:40:23] *** Start scan FreeBSD Rootkit ***
[17:40:23] - File /usr/lib/.fx/sched_host.2... OK. Not found.
[17:40:23] - File /usr/lib/.fx/random_d.2... OK. Not found.
[17:40:24] - File /usr/lib/.fx/set_pid.2... OK. Not found.
[17:40:24] - File /usr/lib/.fx/cons.saver... OK. Not found.
[17:40:24] - File /usr/lib/.fx/adore/adore/adore.ko... OK. Not found.
[17:40:24] - File /bin/sysback... OK. Not found.
[17:40:24] - File /usr/local/bin/sysback... OK. Not found.
[17:40:24] - Directory /usr/lib/.fx... OK. Not found.
[17:40:24] - Directory /usr/lib/.fx/adore... OK. Not found.
[17:40:26] *** Start scan Fuck`it Rootkit ***
[17:40:27] - File /dev/proc/fuckit/hax0r... OK. Not found.
[17:40:27] - File /dev/proc/fuckit/hax0rshell... OK. Not found.
[17:40:27] - File /dev/proc/fuckit/config/lports... OK. Not found.
[17:40:27] - File /dev/proc/fuckit/config/rports... OK. Not found.
[17:40:27] - File /dev/proc/fuckit/config/rkconf... OK. Not found.
[17:40:27] - File /dev/proc/fuckit/config/password... OK. Not found.
[17:40:27] - File /dev/proc/fuckit/config/progs... OK. Not found.
[17:40:27] - File /dev/proc/system-bins/init... OK. Not found.
[17:40:29] *** Start scan GasKit ***
[17:40:30] - File /dev/dev/gaskit/sshd/sshdd... OK. Not found.
[17:40:31] - Directory /dev/dev... OK. Not found.
[17:40:31] - Directory /dev/dev/gaskit... OK. Not found.
[17:40:31] - Directory /dev/dev/gaskit/sshd... OK. Not found.
[17:40:33] *** Start scan Heroin LKM ***
[17:40:35] *** Start scan HjC Kit ***
[17:40:35] - Directory /dev/.hijackerz... OK. Not found.
[17:40:37] *** Start scan ignoKit ***
[17:40:37] - File /lib/defs/p... OK. Not found.
[17:40:37] - File /lib/defs/q... OK. Not found.
[17:40:37] - File /lib/defs/r... OK. Not found.
[17:40:37] - File /lib/defs/s... OK. Not found.
[17:40:37] - File /lib/defs/t... OK. Not found.
[17:40:37] - File /usr/lib/defs/p... OK. Not found.
[17:40:37] - File /usr/lib/defs/p... OK. Not found.
[17:40:37] - File /usr/lib/defs/p... OK. Not found.
[17:40:38] - File /usr/lib/defs/p... OK. Not found.
[17:40:38] - File /usr/lib/defs/p... OK. Not found.
[17:40:38] - File /usr/lib/.libigno/pkunsec... OK. Not found.
[17:40:38] - File /usr/lib/.libigno/.igno/psybnc/psybnc... OK. Not found.
[17:40:38] - Directory /usr/lib/.libigno... OK. Not found.
[17:40:38] - Directory /usr/lib/.libigno/.igno/... OK. Not found.
[17:40:40] *** Start scan ImperalsS-FBRK ***
[17:40:40] - Directory /dev/fd/.88... OK. Not found.
[17:40:40] - Directory /dev/fd/.99... OK. Not found.
[17:40:43] *** Start scan Irix Rootkit ***
[17:40:43] - Directory /dev/pts/01... OK. Not found.
[17:40:43] - Directory /dev/pts/01/backup... OK. Not found.
[17:40:43] - Directory /dev/pts/01/etc... OK. Not found.
[17:40:43] - Directory /dev/pts/01/tmp... OK. Not found.
[17:40:45] *** Start scan Kitko ***
[17:40:45] - Directory /usr/src/redhat/SRPMS/...... OK. Not found.
[17:40:47] *** Start scan Knark ***
[17:40:47] - File /proc/knark/pids... OK. Not found.
[17:40:47] - Directory /proc/knark... OK. Not found.
[17:40:49] *** Start scan Li0n Worm ***
[17:40:49] - File /bin/in.telnetd... OK. Not found.
[17:40:49] - File /bin/mjy... OK. Not found.
[17:40:49] - File /usr/man/man1/man1/lib/.lib/mjy... OK. Not found.
[17:40:49] - File /usr/man/man1/man1/lib/.lib/in.telnetd... OK. Not found.
[17:40:49] - File /usr/man/man1/man1/lib/.lib/.x... OK. Not found.
[17:40:50] - File /dev/.lib/lib/scan/1i0n.sh... OK. Not found.
[17:40:50] - File /dev/.lib/lib/scan/hack.sh... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/bind... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/randb... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/scan.sh... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/pscan... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/star.sh... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/bindx.sh... OK. Not found.
[17:40:51] - File /dev/.lib/lib/scan/bindname.log... OK. Not found.
[17:40:51] - File /dev/.lib/lib/1i0n.sh... OK. Not found.
[17:40:52] - File /dev/.lib/lib/lib/netstat... OK. Not found.
[17:40:52] - File /dev/.lib/lib/lib/dev/.1addr... OK. Not found.
[17:40:52] - File /dev/.lib/lib/lib/dev/.1logz... OK. Not found.
[17:40:52] - File /dev/.lib/lib/lib/dev/.1proc... OK. Not found.
[17:40:52] - File /dev/.lib/lib/lib/dev/.1file... OK. Not found.
[17:40:54] *** Start scan Lockit / LJK2 ***
[17:40:54] - File /usr/lib/libmen.oo/.LJK2/ssh_config... OK. Not found.
[17:40:54] - File /usr/lib/libmen.oo/.LJK2/ssh_host_key... OK. Not found.
[17:40:54] - File /usr/lib/libmen.oo/.LJK2/ssh_host_key.pub... OK. Not found.
[17:40:54] - File /usr/lib/libmen.oo/.LJK2/ssh_random_seed*... OK. Not found.
[17:40:54] - File /usr/lib/libmen.oo/.LJK2/sshd_config... OK. Not found.
[17:40:54] - File /usr/lib/libmen.oo/.LJK2/backdoor/RK1bd... OK. Not found.
[17:40:55] - File /usr/lib/libmen.oo/.LJK2/backup/du... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/ifconfig... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/inetd.conf... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/locate... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/login... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/ls... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/netstat... OK. Not found.
[17:40:58] - File /usr/lib/libmen.oo/.LJK2/backup/ps... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/backup/pstree... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/backup/rc.sysinit... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/backup/syslogd... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/backup/tcpd... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/backup/top... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/clean/RK1sauber... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/clean/RK1wted... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/hack/RK1parser... OK. Not found.
[17:40:59] - File /usr/lib/libmen.oo/.LJK2/hack/RK1sniff... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1addr... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1dir... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1log... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1proc... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/modules/README.modules... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c... OK. Not found.
[17:41:00] - File /usr/lib/libmen.oo/.LJK2/modules/RK1phide... OK. Not found.
[17:41:02] - File /usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh... OK. Not found.
[17:41:03] - Directory /usr/lib/libmen.oo/.LJK2... OK. Not found.
[17:41:08] *** Start scan MRK ***
[17:41:08] - File /dev/ida/.inet/pid... OK. Not found.
[17:41:08] - File /dev/ida/.inet/ssh_host_key... OK. Not found.
[17:41:08] - File /dev/ida/.inet/ssh_random_seed... OK. Not found.
[17:41:08] - File /dev/ida/.inet/tcp.log... OK. Not found.
[17:41:08] - Directory /dev/ida/.inet... OK. Not found.
[17:41:08] - Directory /var/spool/cron/.sh... OK. Not found.
[17:41:10] *** Start scan Ni0 Rootkit ***
[17:41:10] - File /var/lock/subsys/...datafile.../...net...... OK. Not found.
[17:41:10] - File /var/lock/subsys/...datafile.../...port...... OK. Not found.
[17:41:10] - File /var/lock/subsys/...datafile.../...ps...... OK. Not found.
[17:41:10] - File /var/lock/subsys/...datafile.../...file...... OK. Not found.
[17:41:11] - Directory /tmp/waza... OK. Not found.
[17:41:12] - Directory /var/lock/subsys/...datafile...... OK. Not found.
[17:41:12] - Directory /usr/sbin/es... OK. Not found.
[17:41:14] *** Start scan RootKit for SunOS / NSDAP ***
[17:41:14] - File /usr/lib/vold/nsdap/.kit... OK. Not found.
[17:41:14] - File /usr/lib/vold/nsdap/defines... OK. Not found.
[17:41:14] - File /usr/lib/vold/nsdap/patcher... OK. Not found.
[17:41:14] - File /usr/lib/vold/nsdap/pg... OK. Not found.
[17:41:14] - File /usr/lib/vold/nsdap/cleaner... OK. Not found.
[17:41:14] - File /usr/lib/vold/nsdap/utime... OK. Not found.
[17:41:15] - File /usr/lib/vold/nsdap/crypt... OK. Not found.
[17:41:15] - File /usr/lib/vold/nsdap/findkit... OK. Not found.
[17:41:15] - File /usr/lib/vold/nsdap/sn2... OK. Not found.
[17:41:15] - File /usr/lib/vold/nsdap/sniffload... OK. Not found.
[17:41:15] - File /usr/lib/vold/nsdap/runsniff... OK. Not found.
[17:41:15] - File /usr/lib/lpset... OK. Not found.
[17:41:15] - Directory /usr/lib/vold/nsdap... OK. Not found.
[17:41:18] *** Start scan Optic Kit (Tux) ***
[17:41:18] - Directory /dev/tux... OK. Not found.
[17:41:18] - Directory /usr/bin/xchk... OK. Not found.
[17:41:18] - Directory /usr/bin/xsf... OK. Not found.
[17:41:18] - Directory /usr/bin/ssh2d... OK. Not found.
[17:41:20] *** Start scan Oz Rootkit ***
[17:41:20] - File /dev/.oz/.nap/rkit/terror... OK. Not found.
[17:41:20] - Directory /dev/.oz... OK. Not found.
[17:41:22] *** Start scan Portacelo ***
[17:41:22] - File /var/lib/.../.ak... OK. Not found.
[17:41:22] - File /var/lib/.../.hk... OK. Not found.
[17:41:22] - File /var/lib/.../.rs... OK. Not found.
[17:41:22] - File /var/lib/.../.p... OK. Not found.
[17:41:23] - File /var/lib/.../getty... OK. Not found.
[17:41:23] - File /var/lib/.../lkt.o... OK. Not found.
[17:41:23] - File /var/lib/.../show... OK. Not found.
[17:41:23] - File /var/lib/.../nlkt.o... OK. Not found.
[17:41:23] - File /var/lib/.../ssshrc... OK. Not found.
[17:41:23] - File /var/lib/.../sssh_equiv... OK. Not found.
[17:41:23] - File /var/lib/.../sssh_known_hosts... OK. Not found.
[17:41:23] - File /var/lib/.../sssh_pid... OK. Not found.
[17:41:23] - File ~/.sssh/known_hosts... OK. Not found.
[17:41:25] *** Start scan R3dstorm Toolkit ***
[17:41:26] - File /var/log/tk02/see_all... OK. Not found.
[17:41:27] - File /bin/.../sshd/sbin/sshd1... OK. Not found.
[17:41:27] - File /bin/.../hate/sk... OK. Not found.
[17:41:27] - File /bin/.../see_all... OK. Not found.
[17:41:27] - Directory /var/log/tk02... OK. Not found.
[17:41:27] - Directory /var/log/tk02/old... OK. Not found.
[17:41:27] - Directory /bin/...... OK. Not found.
[17:41:29] *** Start scan RH-Sharpe's rootkit ***
[17:41:29] - File /bin/lps... OK. Not found.
[17:41:29] - File /usr/bin/lpstree... OK. Not found.
[17:41:29] - File /usr/bin/ltop... OK. Not found.
[17:41:29] - File /usr/bin/lkillall... OK. Not found.
[17:41:29] - File /usr/bin/ldu... OK. Not found.
[17:41:29] - File /usr/bin/lnetstat... OK. Not found.
[17:41:30] - File /usr/bin/wp... OK. Not found.
[17:41:30] - File /usr/bin/shad... OK. Not found.
[17:41:30] - File /usr/bin/vadim... OK. Not found.
[17:41:30] - File /usr/bin/slice... OK. Not found.
[17:41:30] - File /usr/bin/cleaner... OK. Not found.
[17:41:30] - File /usr/include/rpcsvc/du... OK. Not found.
[17:41:33] *** Start scan RSHA's rootkit ***
[17:41:33] - File /bin/kr4p... OK. Not found.
[17:41:33] - File /usr/bin/n3tstat... OK. Not found.
[17:41:33] - File /usr/bin/chsh2... OK. Not found.
[17:41:33] - File /usr/bin/slice2... OK. Not found.
[17:41:33] - File /usr/src/linux/arch/alpha/lib/.lib/.1proc... OK. Not found.
[17:41:33] - File /etc/rc.d/arch/alpha/lib/.lib/.1addr... OK. Not found.
[17:41:34] - Directory /etc/rc.d/rsha... OK. Not found.
[17:41:34] - Directory /etc/rc.d/arch/alpha/lib/.lib... OK. Not found.
[17:41:34] Debug: Sebek LKM
[17:41:37] *** Start scan Scalper Worm ***
[17:41:37] - File /tmp/.a... OK. Not found.
[17:41:37] - File /tmp/.uua... OK. Not found.
[17:41:39] *** Start scan Shutdown ***
[17:41:39] - File /usr/man/man5/.. /.dir/scannah/asus... OK. Not found.
[17:41:39] - File /usr/man/man5/.. /.dir/see... OK. Not found.
[17:41:39] - File /usr/man/man5/.. /.dir/nscd... OK. Not found.
[17:41:39] - File /usr/man/man5/.. /.dir/alpd... OK. Not found.
[17:41:39] - File /etc/rc.d/rc.local ... OK. Not found.
[17:41:39] - Directory /usr/man/man5/.. /.dir/... OK. Not found.
[17:41:40] - Directory /usr/man/man5/.. /.dir/scannah... OK. Not found.
[17:41:40] - Directory /etc/rc.d/rc0.d/.. /.dir... OK. Not found.
[17:41:42] *** Start scan SHV4 ***
[17:41:43] - File /etc/ld.so.hash... OK. Not found.
[17:41:43] - File /lib/libext-2.so.7... OK. Not found.
[17:41:43] - File /lib/lidps1.so... OK. Not found.
[17:41:43] - File /usr/sbin/xntps... OK. Not found.
[17:41:43] - Directory /lib/security/.config... OK. Not found.
[17:41:43] - Directory /lib/security/.config/ssh... OK. Not found.
[17:41:45] *** Start scan SHV5 ***
[17:41:45] - File /etc/sh.conf... WARNING! Exists.
[17:41:45] - File /dev/srd0... OK. Not found.
[17:41:45] - Directory /usr/lib/libsh... WARNING! Exists.
[17:41:52] *** Start scan Sin Rootkit ***
[17:41:52] - File /dev/.haos/haos1/.f/Denyed... OK. Not found.
[17:41:53] - File /dev/ttyoa... OK. Not found.
[17:41:53] - File /dev/ttyof... OK. Not found.
[17:41:53] - File /dev/ttyop... OK. Not found.
[17:41:53] - File /dev/ttyos... OK. Not found.
[17:41:53] - File /usr/lib/.lib... OK. Not found.
[17:41:53] - File /usr/lib/sn/.X... OK. Not found.
[17:41:53] - File /usr/lib/sn/.sys... OK. Not found.
[17:41:53] - File /usr/lib/ld/.X... OK. Not found.
[17:41:54] - File /usr/man/man1/...... OK. Not found.
[17:41:54] - File /usr/man/man1/.../.m... OK. Not found.
[17:41:54] - File /usr/man/man1/.../.w... OK. Not found.
[17:41:54] - Directory /usr/lib/sn... OK. Not found.
[17:41:54] - Directory /usr/lib/man1/...... OK. Not found.
[17:41:54] - Directory /dev/.haos... OK. Not found.
[17:41:57] *** Start scan Slapper ***
[17:41:57] - File /tmp/.bugtraq... OK. Not found.
[17:41:57] - File /tmp/.uubugtraq... OK. Not found.
[17:41:57] - File /tmp/.bugtraq.c... OK. Not found.
[17:41:57] - File /tmp/httpd... OK. Not found.
[17:41:57] - File /tmp/.unlock... OK. Not found.
[17:41:58] - File /tmp/update... OK. Not found.
[17:41:58] - File /tmp/.cinik... OK. Not found.
[17:41:58] - File /tmp/.b... OK. Not found.
[17:42:01] *** Start scan Sneakin Rootkit ***
[17:42:01] - Directory /tmp/.X11-unix/.../rk... OK. Not found.
[17:42:04] *** Start scan Suckit Rootkit ***
[17:42:04] - File /sbin/initsk12... OK. Not found.
[17:42:04] - File /sbin/initxrk... OK. Not found.
[17:42:04] - File /usr/bin/null... OK. Not found.
[17:42:04] - File /usr/share/locale/sk/.sk12/sk... OK. Not found.
[17:42:04] - File /etc/rc.d/rc0.d/S23kmdac... OK. Not found.
[17:42:04] - File /etc/rc.d/rc1.d/S23kmdac... OK. Not found.
[17:42:04] - File /etc/rc.d/rc2.d/S23kmdac... OK. Not found.
[17:42:04] - File /etc/rc.d/rc3.d/S23kmdac... OK. Not found.
[17:42:05] - File /etc/rc.d/rc4.d/S23kmdac... OK. Not found.
[17:42:05] - File /etc/rc.d/rc5.d/S23kmdac... OK. Not found.
[17:42:05] - File /etc/rc.d/rc6.d/S23kmdac... OK. Not found.
[17:42:05] - Directory /dev/sdhu0/tehdrakg... OK. Not found.
[17:42:05] - Directory /etc/.MG... OK. Not found.
[17:42:05] - Directory /usr/share/locale/sk/.sk12... OK. Not found.
[17:42:05] - Directory /usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist... OK. Not found.
[17:42:08] *** Start scan SunOS Rootkit ***
[17:42:09] - File /etc/ld.so.hash... OK. Not found.
[17:42:09] - File /lib/libext-2.so.7... OK. Not found.
[17:42:09] - File /usr/bin/ssh2d... OK. Not found.
[17:42:09] - File /bin/xlogin... OK. Not found.
[17:42:09] - File /usr/lib/crth.o... OK. Not found.
[17:42:09] - File /usr/lib/crtz.o... OK. Not found.
[17:42:10] - File /sbin/login... OK. Not found.
[17:42:10] - File /lib/security/.config/sn... OK. Not found.
[17:42:10] - File /lib/security/.config/lpsched... OK. Not found.
[17:42:10] - File /dev/kmod... OK. Not found.
[17:42:10] - File /dev/dos... OK. Not found.
[17:42:12] *** Start scan Superkit ***
[17:42:12] - File /usr/man/.sman/sk... OK. Not found.
[17:42:15] *** Start scan TBD (Telnet BackDoor) ***
[17:42:15] - File /usr/lib/.tbd... OK. Not found.
[17:42:17] *** Start scan TeLeKiT ***
[17:42:17] - File /usr/man/man3/.../TeLeKiT/bin/sniff... OK. Not found.
[17:42:17] - File /usr/man/man3/.../TeLeKiT/bin/telnetd... OK. Not found.
[17:42:17] - File /usr/man/man3/.../TeLeKiT/bin/teleulo... OK. Not found.
[17:42:17] - File /usr/man/man3/.../cl... OK. Not found.
[17:42:17] - File /dev/ptyr... OK. Not found.
[17:42:17] - File /dev/ptyp... OK. Not found.
[17:42:18] - File /dev/ptyq... OK. Not found.
[17:42:18] - File /dev/hda06... OK. Not found.
[17:42:19] - File /usr/info/libc1.so... OK. Not found.
[17:42:19] - Directory /usr/man/man3/...... OK. Not found.
[17:42:19] - Directory /usr/man/man3/.../lsniff... OK. Not found.
[17:42:19] - Directory /usr/man/man3/.../TeLeKiT... OK. Not found.
[17:42:21] *** Start scan T0rn Rootkit ***
[17:42:21] - File /dev/.lib/lib/lib/t0rns... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/du... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/ls... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/t0rnsb... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/ps... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/t0rnp... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/find... OK. Not found.
[17:42:21] - File /dev/.lib/lib/lib/ifconfig... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/pg... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/ssh.tgz... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/top... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/sz... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/login... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/in.fingerd... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/1i0n.sh... OK. Not found.
[17:42:22] - File /dev/.lib/lib/lib/pstree... OK. Not found.
[17:42:23] - File /dev/.lib/lib/lib/in.telnetd... OK. Not found.
[17:42:23] - File /dev/.lib/lib/lib/mjy... OK. Not found.
[17:42:23] - File /dev/.lib/lib/lib/sush... OK. Not found.
[17:42:23] - File /dev/.lib/lib/lib/tfn... OK. Not found.
[17:42:23] - File /dev/.lib/lib/lib/name... OK. Not found.
[17:42:23] - File /dev/.lib/lib/lib/getip.sh... OK. Not found.
[17:42:23] - File /usr/info/.torn/sh*... OK. Not found.
[17:42:23] - File /usr/src/.puta/... OK. Not found.
[17:42:24] - File /usr/src/.puta/.1addr... OK. Not found.
[17:42:24] - File /usr/src/.puta/.1file... OK. Not found.
[17:42:24] - File /usr/src/.puta/.1proc... OK. Not found.
[17:42:24] - File /usr/src/.puta/.1logz... OK. Not found.
[17:42:24] - File /usr/info/.t0rn/... OK. Not found.
[17:42:24] - Directory /dev/.lib/... OK. Not found.
[17:42:24] - Directory /dev/.lib/lib/... OK. Not found.
[17:42:24] - Directory /dev/.lib/lib/lib/... OK. Not found.
[17:42:24] - Directory /dev/.lib/lib/lib/dev/... OK. Not found.
[17:42:24] - Directory /dev/.lib/lib/scan/... OK. Not found.
[17:42:25] - Directory /usr/src/.puta/... OK. Not found.
[17:42:25] - Directory /usr/man/man1/man1/... OK. Not found.
[17:42:25] - Directory /usr/man/man1/man1/lib/... OK. Not found.
[17:42:25] - Directory /usr/man/man1/man1/lib/.lib/... OK. Not found.
[17:42:25] - Directory /usr/man/man1/man1/lib/.lib/.backup/... OK. Not found.
[17:42:27] *** Start scan Trojanit Kit ***
[17:42:27] - File /bin/.ls... OK. Not found.
[17:42:27] - File /bin/.ps... OK. Not found.
[17:42:27] - File /bin/.netstat... OK. Not found.
[17:42:27] - File /usr/bin/.nop... OK. Not found.
[17:42:27] - File /usr/bin/.who... OK. Not found.
[17:42:29] *** Start scan Tuxtendo ***
[17:42:29] - File /dev/tux/.addr... OK. Not found.
[17:42:29] - File /dev/tux/.cron... OK. Not found.
[17:42:29] - File /dev/tux/.file... OK. Not found.
[17:42:29] - File /dev/tux/.log... OK. Not found.
[17:42:29] - File /dev/tux/.proc... OK. Not found.
[17:42:29] - File /dev/tux/backup/crontab... OK. Not found.
[17:42:30] - File /dev/tux/backup/df... OK. Not found.
[17:42:30] - File /dev/tux/backup/dir... OK. Not found.
[17:42:30] - File /dev/tux/backup/find... OK. Not found.
[17:42:30] - File /dev/tux/backup/ifconfig... OK. Not found.
[17:42:30] - File /dev/tux/backup/locate... OK. Not found.
[17:42:30] - File /dev/tux/backup/netstat... OK. Not found.
[17:42:30] - File /dev/tux/backup/ps... OK. Not found.
[17:42:31] - File /dev/tux/backup/pstree... OK. Not found.
[17:42:31] - File /dev/tux/backup/syslogd... OK. Not found.
[17:42:32] - File /dev/tux/backup/tcpd... OK. Not found.
[17:42:32] - File /dev/tux/backup/top... OK. Not found.
[17:42:32] - File /dev/tux/backup/updatedb... OK. Not found.
[17:42:32] - File /dev/tux/backup/vdir... OK. Not found.
[17:42:32] - Directory /dev/tux... OK. Not found.
[17:42:32] - Directory /dev/tux/ssh2... OK. Not found.
[17:42:32] - Directory /dev/tux/backup... OK. Not found.
[17:42:35] *** Start scan URK ***
[17:42:36] - File /usr/man/man1/xxxxxxbin/find... OK. Not found.
[17:42:36] - File /usr/man/man1/xxxxxxbin/du... OK. Not found.
[17:42:36] - File /usr/man/man1/xxxxxxbin/ps... OK. Not found.
[17:42:36] - File /tmp/conf.inf... OK. Not found.
[17:42:36] - Directory /usr/man/man1/xxxxxxbin... OK. Not found.
[17:42:38] *** Start scan VcKit ***
[17:42:38] - Directory /usr/include/linux/modules/lib.so... OK. Not found.
[17:42:38] - Directory /usr/include/linux/modules/lib.so/bin... OK. Not found.
[17:42:41] *** Start scan Volc Rootkit ***
[17:42:41] - Directory /var/spool/.recent... OK. Not found.
[17:42:41] - Directory /var/spool/.recent/.files... OK. Not found.
[17:42:41] - Directory /usr/lib/volc... OK. Not found.
[17:42:41] - Directory /usr/lib/volc/backup... OK. Not found.
[17:42:44] *** Start scan X-Org SunOS Rootkit ***
[17:42:44] - File /usr/lib/libX.a/bin/tmpfl... OK. Not found.
[17:42:44] - File /usr/lib/libX.a/bin/rps... OK. Not found.
[17:42:44] - File /usr/bin/srload... OK. Not found.
[17:42:44] - File /usr/lib/libX.a/bin/sparcv7/rps... OK. Not found.
[17:42:44] - File /usr/sbin/modcheck... OK. Not found.
[17:42:44] - Directory /usr/lib/libX.a... OK. Not found.
[17:42:44] - Directory /usr/lib/libX.a/bin... OK. Not found.
[17:42:45] - Directory /usr/lib/libX.a/bin/sparcv7... OK. Not found.
[17:42:46] - Directory /usr/share/man...... OK. Not found.
[17:42:47] *** Start scan zaRwT.KiT Rootkit ***
[17:42:48] - File /dev/rd/s/sendmeil... OK. Not found.
[17:42:48] - File /dev/ttyf... OK. Not found.
[17:42:48] - File /dev/ttyp... OK. Not found.
[17:42:48] - File /dev/ttyn... OK. Not found.
[17:42:48] - File /rk/tulz... OK. Not found.
[17:42:48] - Directory /rk... OK. Not found.
[17:42:48] - Directory /dev/rd/s... OK. Not found.
[17:42:52] ------------------------------ Malware ------------------------------
[17:42:52] Start scan for common used known (and unknown) rootkit files...
[17:42:53] [Start string tests]
[17:42:57] /sbin/init clean (string: /dev/proc/fuckit)
[17:42:58] /sbin/init clean (string: FUCK)
[17:43:02] /sbin/init clean (string: backdoor)
[17:43:02] /bin/login clean (string: vt200)
[17:43:04] /bin/login clean (string: /usr/bin/xstat)
[17:43:06] /bin/login clean (string: /bin/envpc)
[17:43:06] /bin/login clean (string: l4m3r0x)
[17:43:08] /bin/login clean (string: /usr/lib/.tbd)
[17:43:10] /bin/ls clean (string: /dev/ptyxx/.file)
[17:43:10] /bin/ls clean (string: /dev/sgk)
[17:43:12] /bin/ls clean (string: /var/lock/subsys/...datafile...)
[17:43:12] /bin/ls clean (string: /usr/lib/.tbd)
[17:43:14] /bin/netstat clean (string: /dev/proc/fuckit)
[17:43:14] /bin/netstat clean (string: /lib/.sso)
[17:43:16] /bin/netstat clean (string: /var/lock/subsys/...datafile...)
[17:43:16] /bin/netstat clean (string: /dev/caca)
[17:43:18] /bin/netstat clean (string: /dev/ttyoa)
[17:43:18] /bin/netstat clean (string: syg)
[17:43:20] /bin/ps clean (string: /dev/pts/01)
[17:43:21] /bin/ps clean (string: tw33dl3)
[17:43:24] /bin/ps clean (string: psniff)
[17:43:24] /bin/ps clean (string: /var/lock/subsys/...datafile...)
[17:43:29] /usr/sbin/sshd clean (string: /dev/ptyxx)
[17:43:31] /usr/local/sbin/sshd clean (string: /dev/ptyxx)
[17:43:33] /sbin/syslogd clean (string: promiscuous)
[17:43:35] /sbin/syslogd clean (string: /usr/lib/.tbd)
[17:43:35] /usr/sbin/tcpd clean (string: /dev/xdta)
[17:43:36] /usr/bin/top clean (string: /usr/lib/.tbd)
[17:43:42] All files are OK
[17:43:42] [End string tests]
[17:43:43] Scanning for presence of /dev/sdr0 (file)... OK (not found)
[17:43:44] Scanning for presence of /tmp/.syshackfile (file)... OK (not found)
[17:43:44] Scanning for presence of /tmp/.bash_history (file)... OK (not found)
[17:43:44] Scanning for presence of /usr/info/.clib (file)... OK (not found)
[17:43:46] Scanning for presence of /usr/sbin/tcp.log (file)... OK (not found)
[17:43:46] Scanning for presence of /usr/bin/take/pid (file)... OK (not found)
[17:43:46] Scanning for presence of /sbin/create (file)... OK (not found)
[17:43:47] Scanning for presence of /dev/ttypz (file)... OK (not found)
[17:43:47] Scanning for presence of /usr/bin/take (dir)... OK (not found)
[17:43:47] Scanning for presence of /usr/src/.lib (dir)... OK (not found)
[17:43:49] Scanning for presence of /usr/share/man/man1/.1c (dir)... OK (not found)
[17:43:50] Scanning for presence of /lib/lblip.tk (dir)... OK (not found)
[17:43:50] Scanning for presence of /usr/sbin/... (dir)... OK (not found)
[17:43:51] Scanning for presence of /usr/share/.gun (dir)... OK (not found)
[17:43:52] -------------------------- Open files tests ---------------------------
[17:43:52] Scanning running processes... OK
[17:44:37] Scanned for 'backdoor|adore.so|mod_rootme.so|phide_mod.o|lbk.ko|vlogger.o|cleaner.o|mod_klgr.o|hydra|hydra.restore'
[17:44:37] ----------------------- Login backdoors check -------------------------
[17:44:38] Checking /usr/X11R6/bin/.,/copy/... [ OK ] Not found
[17:44:38] Checking /dev/rd... [ OK ] Not found
[17:44:40] Scanning for software related files and intrusions...
[17:44:42] Checking /usr/lib/libice.log... [ OK ] Not found
[17:44:52] Skipped xinetd tests (not Linux or file doesn't exists)
[17:45:07] Checking /usr/bin/netstat... Not found
[17:45:14] Checking /bin/ps... [ OK ]
[17:45:17] Checking /bin/ls... [ OK ]
[17:45:20] Checking /usr/bin/w... [ OK ]
[17:45:22] Checking /usr/bin/who... [ OK ]
[17:45:26] Checking /bin/netstat... [ OK ]
[17:45:26] Checking /usr/bin/netstat... Not found
[17:45:29] Checking /bin/login... [ OK ]
[17:45:36] --------------------------- File attributes ---------------------------
[17:45:37] Checking /usr/sbin file attributes
[17:46:06] Checking /usr/bin file attributes
[17:48:19] Checking /usr/local/bin file attributes
[17:48:22] Checking /usr/local/sbin file attributes
[17:48:23] Checking /bin file attributes
[17:48:33] Checking /sbin file attributes
[17:48:51] Checking /sw/bin file attributes
[17:48:51] Checking /usr/local/libexec file attributes
[17:48:51] Checking /usr/libexec file attributes
[17:48:51] ----------------------------- LKM modules -----------------------------
[17:48:54] ------------------------------- Backdoors -----------------------------
[17:49:15] Checking network interfaces (promiscuous mode)... [ OK ]
[17:49:15] Performed successful test with `ip`
[17:50:43] ---------------------------- System checks ----------------------------
[17:50:49] Checking for passwordless user accounts...
[17:51:28] ---------------------------- History files ----------------------------
[17:51:40] Start scanning for hidden files in /dev...
[17:51:40] Value of hiddendirs:
[17:51:40] End of scanning /dev
[17:51:40] Start scanning for hidden files in /bin...
[17:51:40] Value of hiddendirs:
[17:51:40] End of scanning /bin
[17:51:40] Start scanning for hidden files in /usr...
[17:51:40] Value of hiddendirs:
[17:51:40] End of scanning /usr
[17:51:41] Start scanning for hidden files in /usr/man...
[17:51:41] End of scanning /usr/man
[17:51:41] Start scanning for hidden files in /usr/man/man1...
[17:51:41] End of scanning /usr/man/man1
[17:51:41] Start scanning for hidden files in /usr/man/man8...
[17:51:41] End of scanning /usr/man/man8
[17:51:41] Start scanning for hidden files in /usr/bin...
[17:51:41] Value of hiddendirs:
[17:51:41] End of scanning /usr/bin
[17:51:41] Start scanning for hidden files in /usr/sbin...
[17:51:41] Value of hiddendirs:
[17:51:41] End of scanning /usr/sbin
[17:51:41] Start scanning for hidden files in /sbin...
[17:51:41] Value of hiddendirs:
[17:51:41] End of scanning /sbin
[17:51:41] Start scanning for hidden files in /etc...
[17:51:41] Value of hiddendirs: /etc/.pwd.lock
[17:51:41] End of scanning /etc
[17:51:41] Hidden file/dir /etc/.pwd.lock [empty] seems to be OK
[17:53:05] ------------------------ Application advisories -----------------------
[17:53:10] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgid.conf... OK
[17:53:10] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgid.load... OK
[17:53:11] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/userdir.conf... OK
[17:53:11] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/userdir.load... OK
[17:53:14] ---------------------- Application version check ----------------------
[17:53:17] ----------------------------------------------------------
[17:53:17] Scanning Exim%%MTA...
[17:53:17] Application not found
[17:53:17] ----------------------------------------------------------
[17:53:17] Scanning GnuPG...
[17:53:18] /usr/bin/gpg found
[17:53:21] Version 1.4.1 seems to be vulnerable (if unpatched)!
[17:53:22] ----------------------------------------------------------
[17:53:22] Scanning Apache...
[17:53:22] Application not found
[17:53:24] ----------------------------------------------------------
[17:53:24] Scanning Bind%%DNS...
[17:53:24] Debug:
[17:53:25] /usr/sbin/named found
[17:53:27] Version 9.2.4 is available in non-vulnerable group and seems to be OK!
[17:53:28] ----------------------------------------------------------
[17:53:28] Scanning OpenSSL...
[17:53:29] /usr/bin/openssl found
[17:53:31] Version 0.9.8c is available in non-vulnerable group and seems to be OK!
[17:53:32] ----------------------------------------------------------
[17:53:32] Scanning PHP...
[17:53:33] /usr/bin/php found
[17:53:36] No information available. Unknown version number
[17:53:37] ----------------------------------------------------------
[17:53:37] Scanning Procmail%%MTA...
[17:53:37] /usr/bin/procmail found
[17:53:41] Version 3.22 is available in non-vulnerable group and seems to be OK!
[17:53:42] ----------------------------------------------------------
[17:53:42] Scanning ProFTPd...
[17:53:42] /usr/sbin/proftpd found
[17:53:45] Version 1.2.10 is available in non-vulnerable group and seems to be OK!
[17:53:45] ----------------------------------------------------------
[17:53:45] Scanning OpenSSH...
[17:53:46] /usr/sbin/sshd found
[17:53:48] No information available. Unknown version number
[17:53:48] /usr/local/sbin/sshd found
[17:53:52] No information available. Unknown version number
[17:53:56] ------------------------- Security advisories -------------------------
[17:54:06] Info: Found 'PermitRootLogin no' or 'PermitRootLogin without-password' in SSH configuration file /etc/ssh/sshd_config
[17:54:30] Rootkits scanned for: 55808 Trojan - Variant A, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy's Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Kit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, MRK, Ni0 Rootkit, RootKit for SunOS / NSDAP, Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe's rootkit, RSHA's rootkit, Scalper Worm, Shutdown, SHV4, SHV5, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit Rootkit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, Tuxtendo, URK, VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit
[17:54:33] 1 vulnerable applications found
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

C'est quoi ce fichier ?
/etc/sh.conf
et ce répertoire?
/usr/lib/libsh

Affiche aussi le fichier /etc/ssh/sshd_config
0
Jean-Pierre
 
Ce sont deux fichiers/répertoires qui apparement n'ont rien à faire là mais que je en peux pas supprimer !

Voici le contenu de sshd_config

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no


#MaxStartups 10:30:60
#Banner /etc/issue.net

Subsystem sftp /usr/lib/sftp-server

UsePAM yes
RhostsAuthentication no
IgnoreUserKnownHosts no
CheckMail no
0
Réponse 6 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Ce sont deux fichiers/répertoires qui apparement n'ont rien à faire là mais que je en peux pas supprimer !
Ok.

Affiche 
ls -l /etc/sh.conf
ls -ld /usr/lib/libsh 
lsattr /etc/sh.conf
lsattr -aR /usr/lib/libsh
0
Jean-Pierre
 
Les voila....

J'ai essayé de changer les attributs, interdit aussi... etc...


-rw-r--r-- 1 root root 36 2004-07-16 13:37 /etc/sh.conf
*************
drwxr-xr-x 6 root root 4096 2008-12-21 19:03 /usr/lib/libsh
*************
s---ia------------ /etc/sh.conf
*************
s----a------------ /usr/lib/libsh/.
------------------ /usr/lib/libsh/..
------------------ /usr/lib/libsh/.bashrc
------------------ /usr/lib/libsh/.backup

/usr/lib/libsh/.backup:
------------------ /usr/lib/libsh/.backup/.
s----a------------ /usr/lib/libsh/.backup/..

------------------ /usr/lib/libsh/utilz

/usr/lib/libsh/utilz:
------------------ /usr/lib/libsh/utilz/.
s----a------------ /usr/lib/libsh/utilz/..

------------------ /usr/lib/libsh/.sniff

/usr/lib/libsh/.sniff:
------------------ /usr/lib/libsh/.sniff/.
s----a------------ /usr/lib/libsh/.sniff/..

------------------ /usr/lib/libsh/hide
------------------ /usr/lib/libsh/.owned

/usr/lib/libsh/.owned:
------------------ /usr/lib/libsh/.owned/.
s----a------------ /usr/lib/libsh/.owned/..

s----a------------ /usr/lib/libsh/.bashrc.swp
s----a------------ /usr/lib/libsh/.bashrc.swo
0
Réponse 7 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

On va s'en occuper d'abord de /etc/sh.conf
A faire en root
chattr -V -ias /etc/sh.conf
0
Réponse 8 / 16
Jean-Pierre
 
Raaah génial, mon auveur, j'ai pu le virer....

Reste leur répertoire de @_ç°&é

(PS : j'ai toujours mon grep qui tourne :)
0
Réponse 9 / 16
Jean-Pierre
 
J'ai pu virer aussi le répertoire apres un

chattr -V -iasR libsh

Merci et encore merci, je vais voir si ça a change qq chose pour le /dev/puila
0
Réponse 10 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Arrête rgrep ;-)
Toujours en root
chattr -VR -as /usr/lib/libsh/
0
Jean-Pierre
 
Les fichiers ne sont plus là, mais ça écrit toujours dans /dev/puila :(
0
Réponse 11 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Tu peux toujours refaire le test 
rkhunter -c --createlogfile rkhunter.log2
0
Jean-Pierre
 
Re...

Ca donne ça :


[19:36:11] Running Rootkit Hunter 1.2.9 on ik55027
[19:36:11]
Rootkit Hunter 1.2.9, Copyright 2003-2006, Michael Boelen

Under active development by the Rootkit Hunter project team. For reporting
bugs, updates, patches, comments and questions see: rkhunter.sourceforge.net

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under the terms of the GNU General
Public License. See LICENSE for details.

[19:36:12] Info: Shell /bin/bash
[19:36:12] ------------------------ Configuration check --------------------------
[19:36:12] Parsing configuration file (/etc/rkhunter.conf)
[19:36:12] Info: No mail-on-warning address configured
[19:36:12] Info: Using /var/lib/rkhunter/tmp as temporary directory
[19:36:12] Info: Using /var/lib/rkhunter/db as database directory
[19:36:13] Info: Using '/usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /bin /sbin /sw/bin /usr/local/libexec /usr/libexec' as binary directory
[19:36:13] -------------------------- Application scan ---------------------------
[19:36:13] Found /usr/bin/find
[19:36:13] Found /usr/bin/lsattr
[19:36:13] Found /usr/bin/lsof
[19:36:13] Found /usr/bin/md5sum
[19:36:13] Found /usr/bin/stat
[19:36:13] Found /usr/bin/strings
[19:36:13] Found /usr/bin/wget
[19:36:14] Found /usr/bin/perl (version 5.8.8)
[19:36:14] Found /bin/ip
[19:36:14] Found /bin/ls
[19:36:14] Found /bin/lsmod
[19:36:14] Found /bin/ps
[19:36:14] Found /bin/readlink
[19:36:15] Found /sbin/ip
[19:36:15] Found /sbin/ifconfig
[19:36:15] Found /sbin/lsmod
[19:36:15] Info: WGET found
[19:36:15] Info: NMAP not found
[19:36:15] Info: LSOF found
[19:36:15] Info: ip found
[19:36:15] Application scan ended
[19:36:15] ---------------------------- System checks ----------------------------
[19:36:18] Info: kernel is 2.6
[19:36:18] Info: Found /etc/debian_version
[19:36:19] Info: Full OS name = Debian 4.0 (i386)
[19:36:19] Info: OS ID = 730
[19:36:19] Info: Found MD5 command /usr/bin/md5sum
[19:36:19] Info: Perl version 5.8.8 found
[19:36:20] Info: Perl module Digest::MD5 installed (version 2.36).
[19:36:20] Info: Perl module Digest::SHA1 installed (version 2.11).
[19:36:21] Info: Using perl module Digest::MD5 to verify MD5 hashes
[19:36:21] Info: using /var/lib/rkhunter/tmp as temporary directory
[19:36:21] Info: UID is zero (root)
[19:36:21] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)
[19:36:21] ---------------------------- File checks -----------------------------
[19:36:21] Checking /var/lib/rkhunter/db/md5blacklist.dat... OK
[19:36:21] Checking /var/lib/rkhunter/db/mirrors.dat... OK
[19:36:21] Checking /var/lib/rkhunter/db/programs_bad.dat... OK
[19:36:21] Checking /var/lib/rkhunter/db/programs_good.dat... OK
[19:36:28] ------------------------------ Selftests ------------------------------
[19:36:28] Strings selftest: scanning for string /usr/sbin/ntpsx... OK
[19:36:29] Strings selftest: scanning for string /usr/lib/.../ls... OK
[19:36:29] Strings selftest: scanning for string /usr/lib/.../netstat... OK
[19:36:29] Strings selftest: scanning for string /usr/lib/.../lsof... OK
[19:36:29] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg... OK
[19:36:30] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shhk... OK
[19:36:30] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-pw... OK
[19:36:30] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shrs... OK
[19:36:30] Strings selftest: scanning for string /usr/lib/.../uconf.inv... OK
[19:36:31] Strings selftest: scanning for string /usr/lib/.../psr... OK
[19:36:31] Strings selftest: scanning for string /usr/lib/.../find... OK
[19:36:31] Strings selftest: scanning for string /usr/lib/.../pstree... OK
[19:36:32] Strings selftest: scanning for string /usr/lib/.../slocate... OK
[19:36:32] Strings selftest: scanning for string /usr/lib/.../du... OK
[19:36:32] Strings selftest: scanning for string /usr/lib/.../top... OK
[19:36:32] Strings selftest: scanning for string /usr/lib/...... OK
[19:36:33] Strings selftest: scanning for string /usr/lib/.../bkit-ssh... OK
[19:36:33] Strings selftest: scanning for string /usr/lib/.bkit-... OK
[19:36:33] Strings selftest: scanning for string /tmp/.bkp... OK
[19:36:33] Strings selftest: scanning for string /tmp/.cinik... OK
[19:36:34] Strings selftest: scanning for string /tmp/.font-unix/.cinik... OK
[19:36:34] Strings selftest: scanning for string /lib/.sso... OK
[19:36:34] Strings selftest: scanning for string /lib/.so... OK
[19:36:35] Strings selftest: scanning for string /var/run/...dica/clean... OK
[19:36:35] Strings selftest: scanning for string /var/run/...dica/xl... OK
[19:36:35] Strings selftest: scanning for string /var/run/...dica/xdr... OK
[19:36:35] Strings selftest: scanning for string /var/run/...dica/psg... OK
[19:36:36] Strings selftest: scanning for string /var/run/...dica/secure... OK
[19:36:36] Strings selftest: scanning for string /var/run/...dica/rdx... OK
[19:36:37] Strings selftest: scanning for string /var/run/...dica/va... OK
[19:36:37] Strings selftest: scanning for string /var/run/...dica/cl.sh... OK
[19:36:37] Strings selftest: scanning for string /usr/bin/.etc... OK
[19:36:37] Strings selftest: scanning for string /usr/lib/.fx/sched_host.2... OK
[19:36:38] Strings selftest: scanning for string /usr/lib/.fx/random_d.2... OK
[19:36:38] Strings selftest: scanning for string /usr/lib/.fx/set_pid.2... OK
[19:36:38] Strings selftest: scanning for string /usr/lib/.fx/cons.saver... OK
[19:36:38] Strings selftest: scanning for string /usr/lib/.fx/adore/adore/adore.ko... OK
[19:36:39] Strings selftest: scanning for string /bin/sysback... OK
[19:36:39] Strings selftest: scanning for string /usr/local/bin/sysback... OK
[19:36:39] Strings selftest: scanning for string /usr/lib/.tbd... OK
[19:36:39] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rns... OK
[19:36:40] Strings selftest: scanning for string /dev/.lib/lib/lib/du... OK
[19:36:40] Strings selftest: scanning for string /dev/.lib/lib/lib/ls... OK
[19:36:40] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnsb... OK
[19:36:40] Strings selftest: scanning for string /dev/.lib/lib/lib/ps... OK
[19:36:41] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnp... OK
[19:36:41] Strings selftest: scanning for string /dev/.lib/lib/lib/find... OK
[19:36:41] Strings selftest: scanning for string /dev/.lib/lib/lib/ifconfig... OK
[19:36:41] Strings selftest: scanning for string /dev/.lib/lib/lib/pg... OK
[19:36:42] Strings selftest: scanning for string /dev/.lib/lib/lib/ssh.tgz... OK
[19:36:42] Strings selftest: scanning for string /dev/.lib/lib/lib/top... OK
[19:36:42] Strings selftest: scanning for string /dev/.lib/lib/lib/sz... OK
[19:36:42] Strings selftest: scanning for string /dev/.lib/lib/lib/login... OK
[19:36:43] Strings selftest: scanning for string /dev/.lib/lib/lib/in.fingerd... OK
[19:36:43] Strings selftest: scanning for string /dev/.lib/lib/lib/1i0n.sh... OK
[19:36:43] Strings selftest: scanning for string /dev/.lib/lib/lib/pstree... OK
[19:36:43] Strings selftest: scanning for string /dev/.lib/lib/lib/in.telnetd... OK
[19:36:44] Strings selftest: scanning for string /dev/.lib/lib/lib/mjy... OK
[19:36:44] Strings selftest: scanning for string /dev/.lib/lib/lib/sush... OK
[19:36:44] Strings selftest: scanning for string /dev/.lib/lib/lib/tfn... OK
[19:36:44] Strings selftest: scanning for string /dev/.lib/lib/lib/name... OK
[19:36:46] Strings selftest: scanning for string /dev/.lib/lib/lib/getip.sh... OK
[19:36:46] Strings selftest: scanning for string /usr/info/.torn/sh*... OK
[19:36:46] Strings selftest: scanning for string /usr/src/.puta/... OK
[19:36:46] Strings selftest: scanning for string /usr/src/.puta/.1addr... OK
[19:36:46] Strings selftest: scanning for string /usr/src/.puta/.1file... OK
[19:36:47] Strings selftest: scanning for string /usr/src/.puta/.1proc... OK
[19:36:47] Strings selftest: scanning for string /usr/src/.puta/.1logz... OK
[19:36:47] Strings selftest: scanning for string /usr/info/.t0rn/... OK
[19:36:47] Strings selftest: scanning for string /dev/.lib/... OK
[19:36:48] Strings selftest: scanning for string /dev/.lib/lib/... OK
[19:36:49] Strings selftest: scanning for string /dev/.lib/lib/lib/... OK
[19:36:49] Strings selftest: scanning for string /dev/.lib/lib/lib/dev/... OK
[19:36:49] Strings selftest: scanning for string /dev/.lib/lib/scan/... OK
[19:36:49] Strings selftest: scanning for string /usr/src/.puta/... OK
[19:36:49] Strings selftest: scanning for string /usr/man/man1/man1/... OK
[19:36:49] Strings selftest: scanning for string /usr/man/man1/man1/lib/... OK
[19:36:50] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/... OK
[19:36:50] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/.backup/... OK
[19:36:51] ---------------------------- MD5 hash tests ---------------------------
[19:36:52] Starting MD5 checksum test (/usr/share/rkhunter/scripts/filehashmd5.pl)
[19:38:47] Info: Check skipped - no hashes available
[19:39:04] ------------------------------ Rootkits ------------------------------
[19:39:05] *** Start scan 55808 Trojan - Variant A ***
[19:39:05] - File /tmp/.../r... OK. Not found.
[19:39:06] - File /tmp/.../a... OK. Not found.
[19:39:06] Checking /etc/passwd for presence of ADM worm
OK
[19:39:08] *** Start scan AjaKit ***
[19:39:08] - File /dev/tux/.addr... OK. Not found.
[19:39:08] - File /dev/tux/.proc... OK. Not found.
[19:39:08] - File /dev/tux/.file... OK. Not found.
[19:39:08] - File /lib/.libgh-gh/cleaner... OK. Not found.
[19:39:08] - File /lib/.libgh-gh/Patch/patch... OK. Not found.
[19:39:08] - File /lib/.libgh-gh/sb0k... OK. Not found.
[19:39:08] - Directory /dev/tux... OK. Not found.
[19:39:08] - Directory /lib/.libgh-gh... OK. Not found.
[19:39:10] *** Start scan aPa Kit ***
[19:39:10] - File /usr/share/.aPa... OK. Not found.
[19:39:11] *** Start scan Apache Worm ***
[19:39:11] - File /bin/.log... OK. Not found.
[19:39:13] *** Start scan Ambient (ark) Rootkit ***
[19:39:13] - File /usr/lib/.ark?... OK. Not found.
[19:39:13] - File /dev/ptyxx/.log... OK. Not found.
[19:39:13] - File /dev/ptyxx/.file... OK. Not found.
[19:39:13] - Directory /dev/ptyxx... OK. Not found.
[19:39:14] *** Start scan Balaur Rootkit ***
[19:39:14] - File /usr/lib/liblog.o... OK. Not found.
[19:39:14] - Directory /usr/lib/.kinetic... OK. Not found.
[19:39:14] - Directory /usr/lib/.egcs... OK. Not found.
[19:39:14] - Directory /usr/lib/.wormie... OK. Not found.
[19:39:16] *** Start scan BeastKit ***
[19:39:16] - File /usr/sbin/arobia... OK. Not found.
[19:39:16] - File /usr/sbin/idrun... OK. Not found.
[19:39:16] - File /usr/lib/elm/arobia/elm... OK. Not found.
[19:39:16] - File /usr/lib/elm/arobia/elm/hk... OK. Not found.
[19:39:16] - File /usr/lib/elm/arobia/elm/hk.pub... OK. Not found.
[19:39:16] - File /usr/lib/elm/arobia/elm/sc... OK. Not found.
[19:39:16] - File /usr/lib/elm/arobia/elm/sd.pp... OK. Not found.
[19:39:16] - File /usr/lib/elm/arobia/elm/sdco... OK. Not found.
[19:39:17] - File /usr/lib/elm/arobia/elm/srsd... OK. Not found.
[19:39:17] - Directory /lib/ldd.so/bktools... OK. Not found.
[19:39:18] *** Start scan beX2 ***
[19:39:18] - Directory //usr/include/bex... OK. Not found.
[19:39:20] *** Start scan BOBKit ***
[19:39:20] - File /usr/sbin/ntpsx... OK. Not found.
[19:39:20] - File /usr/lib/.../ls... OK. Not found.
[19:39:20] - File /usr/lib/.../netstat... OK. Not found.
[19:39:20] - File /usr/lib/.../lsof... OK. Not found.
[19:39:20] - File /usr/lib/.../bkit-ssh/bkit-shdcfg... OK. Not found.
[19:39:20] - File /usr/lib/.../bkit-ssh/bkit-shhk... OK. Not found.
[19:39:20] - File /usr/lib/.../bkit-ssh/bkit-pw... OK. Not found.
[19:39:20] - File /usr/lib/.../bkit-ssh/bkit-shrs... OK. Not found.
[19:39:21] - File /usr/lib/.../uconf.inv... OK. Not found.
[19:39:21] - File /usr/lib/.../psr... OK. Not found.
[19:39:21] - File /usr/lib/.../find... OK. Not found.
[19:39:21] - File /usr/lib/.../pstree... OK. Not found.
[19:39:21] - File /usr/lib/.../slocate... OK. Not found.
[19:39:21] - File /usr/lib/.../du... OK. Not found.
[19:39:21] - File /usr/lib/.../top... OK. Not found.
[19:39:21] - Directory /usr/lib/...... OK. Not found.
[19:39:21] - Directory /usr/lib/.../bkit-ssh... OK. Not found.
[19:39:22] - Directory /usr/lib/.bkit-... OK. Not found.
[19:39:22] - Directory /tmp/.bkp... OK. Not found.
[19:39:23] *** Start scan CiNIK Worm (Slapper.B variant) ***
[19:39:23] - File /tmp/.cinik... OK. Not found.
[19:39:25] *** Start scan Danny-Boy's Abuse Kit ***
[19:39:26] *** Start scan Devil RootKit ***
[19:39:27] - File /var/lib/games/.src... OK. Not found.
[19:39:27] - File /dev/dsx... OK. Not found.
[19:39:27] - File /dev/caca... OK. Not found.
[19:39:28] *** Start scan Dica ***
[19:39:28] - File /lib/.sso... OK. Not found.
[19:39:28] - File /lib/.so... OK. Not found.
[19:39:28] - File /var/run/...dica/clean... OK. Not found.
[19:39:28] - File /var/run/...dica/xl... OK. Not found.
[19:39:28] - File /var/run/...dica/xdr... OK. Not found.
[19:39:28] - File /var/run/...dica/psg... OK. Not found.
[19:39:28] - File /var/run/...dica/secure... OK. Not found.
[19:39:29] - File /var/run/...dica/rdx... OK. Not found.
[19:39:29] - File /var/run/...dica/va... OK. Not found.
[19:39:29] - File /var/run/...dica/cl.sh... OK. Not found.
[19:39:29] - File /usr/bin/.etc... OK. Not found.
[19:39:29] - Directory /var/run/...dica... OK. Not found.
[19:39:29] - Directory /var/run/...dica/mh... OK. Not found.
[19:39:29] - Directory /var/run/...dica/scan... OK. Not found.
[19:39:30] *** Start scan Dreams Rootkit ***
[19:39:30] - File /dev/ttyoa... OK. Not found.
[19:39:30] - File /dev/ttyof... OK. Not found.
[19:39:30] - File /dev/ttyop... OK. Not found.
[19:39:30] - File /usr/bin/sense... OK. Not found.
[19:39:30] - File /usr/bin/sl2... OK. Not found.
[19:39:31] - File /usr/bin/logclear... OK. Not found.
[19:39:31] - File /usr/bin/(swapd)... OK. Not found.
[19:39:31] - File /usr/bin/snfs... OK. Not found.
[19:39:31] - File /usr/lib/libsss... OK. Not found.
[19:39:31] - Directory /dev/ida/.hpd... OK. Not found.
[19:39:32] *** Start scan Duarawkz ***
[19:39:32] - File /usr/bin/duarawkz/loginpass... OK. Not found.
[19:39:32] - Directory /usr/bin/duarawkz... OK. Not found.
[19:39:34] *** Start scan Flea Linux Rootkit ***
[19:39:34] - File /etc/ld.so.hash... OK. Not found.
[19:39:34] - File /lib/security/.config/ssh/ssh_host_key... OK. Not found.
[19:39:34] - File /lib/security/.config/ssh/ssh_host_key.pub... OK. Not found.
[19:39:34] - File /lib/security/.config/ssh/ssh_random_seed... OK. Not found.
[19:39:34] - File /usr/bin/ssh2d... OK. Not found.
[19:39:34] - File /usr/lib/ldlibns.so... OK. Not found.
[19:39:34] - File /usr/lib/ldlibpst.so... OK. Not found.
[19:39:35] - File /usr/lib/ldlibdu.so... OK. Not found.
[19:39:35] - File /usr/lib/ldlibct.so... OK. Not found.
[19:39:35] - Directory /lib/security/.config/ssh... OK. Not found.
[19:39:35] - Directory /dev/..0... OK. Not found.
[19:39:35] - Directory /dev/..0/backup... OK. Not found.
[19:39:36] *** Start scan FreeBSD Rootkit ***
[19:39:36] - File /usr/lib/.fx/sched_host.2... OK. Not found.
[19:39:36] - File /usr/lib/.fx/random_d.2... OK. Not found.
[19:39:36] - File /usr/lib/.fx/set_pid.2... OK. Not found.
[19:39:36] - File /usr/lib/.fx/cons.saver... OK. Not found.
[19:39:36] - File /usr/lib/.fx/adore/adore/adore.ko... OK. Not found.
[19:39:36] - File /bin/sysback... OK. Not found.
[19:39:37] - File /usr/local/bin/sysback... OK. Not found.
[19:39:37] - Directory /usr/lib/.fx... OK. Not found.
[19:39:37] - Directory /usr/lib/.fx/adore... OK. Not found.
[19:39:39] *** Start scan Fuck`it Rootkit ***
[19:39:39] - File /dev/proc/fuckit/hax0r... OK. Not found.
[19:39:39] - File /dev/proc/fuckit/hax0rshell... OK. Not found.
[19:39:39] - File /dev/proc/fuckit/config/lports... OK. Not found.
[19:39:39] - File /dev/proc/fuckit/config/rports... OK. Not found.
[19:39:39] - File /dev/proc/fuckit/config/rkconf... OK. Not found.
[19:39:39] - File /dev/proc/fuckit/config/password... OK. Not found.
[19:39:39] - File /dev/proc/fuckit/config/progs... OK. Not found.
[19:39:39] - File /dev/proc/system-bins/init... OK. Not found.
[19:39:40] *** Start scan GasKit ***
[19:39:41] - File /dev/dev/gaskit/sshd/sshdd... OK. Not found.
[19:39:41] - Directory /dev/dev... OK. Not found.
[19:39:41] - Directory /dev/dev/gaskit... OK. Not found.
[19:39:41] - Directory /dev/dev/gaskit/sshd... OK. Not found.
[19:39:43] *** Start scan Heroin LKM ***
[19:39:44] *** Start scan HjC Kit ***
[19:39:44] - Directory /dev/.hijackerz... OK. Not found.
[19:39:46] *** Start scan ignoKit ***
[19:39:46] - File /lib/defs/p... OK. Not found.
[19:39:46] - File /lib/defs/q... OK. Not found.
[19:39:46] - File /lib/defs/r... OK. Not found.
[19:39:46] - File /lib/defs/s... OK. Not found.
[19:39:46] - File /lib/defs/t... OK. Not found.
[19:39:46] - File /usr/lib/defs/p... OK. Not found.
[19:39:47] - File /usr/lib/defs/p... OK. Not found.
[19:39:47] - File /usr/lib/defs/p... OK. Not found.
[19:39:48] - File /usr/lib/defs/p... OK. Not found.
[19:39:48] - File /usr/lib/defs/p... OK. Not found.
[19:39:48] - File /usr/lib/.libigno/pkunsec... OK. Not found.
[19:39:48] - File /usr/lib/.libigno/.igno/psybnc/psybnc... OK. Not found.
[19:39:48] - Directory /usr/lib/.libigno... OK. Not found.
[19:39:48] - Directory /usr/lib/.libigno/.igno/... OK. Not found.
[19:39:50] *** Start scan ImperalsS-FBRK ***
[19:39:50] - Directory /dev/fd/.88... OK. Not found.
[19:39:50] - Directory /dev/fd/.99... OK. Not found.
[19:39:51] *** Start scan Irix Rootkit ***
[19:39:51] - Directory /dev/pts/01... OK. Not found.
[19:39:51] - Directory /dev/pts/01/backup... OK. Not found.
[19:39:51] - Directory /dev/pts/01/etc... OK. Not found.
[19:39:51] - Directory /dev/pts/01/tmp... OK. Not found.
[19:39:53] *** Start scan Kitko ***
[19:39:53] - Directory /usr/src/redhat/SRPMS/...... OK. Not found.
[19:39:55] *** Start scan Knark ***
[19:39:55] - File /proc/knark/pids... OK. Not found.
[19:39:55] - Directory /proc/knark... OK. Not found.
[19:39:56] *** Start scan Li0n Worm ***
[19:39:56] - File /bin/in.telnetd... OK. Not found.
[19:39:56] - File /bin/mjy... OK. Not found.
[19:39:56] - File /usr/man/man1/man1/lib/.lib/mjy... OK. Not found.
[19:39:56] - File /usr/man/man1/man1/lib/.lib/in.telnetd... OK. Not found.
[19:39:56] - File /usr/man/man1/man1/lib/.lib/.x... OK. Not found.
[19:39:56] - File /dev/.lib/lib/scan/1i0n.sh... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/hack.sh... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/bind... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/randb... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/scan.sh... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/pscan... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/star.sh... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/bindx.sh... OK. Not found.
[19:39:57] - File /dev/.lib/lib/scan/bindname.log... OK. Not found.
[19:39:57] - File /dev/.lib/lib/1i0n.sh... OK. Not found.
[19:39:58] - File /dev/.lib/lib/lib/netstat... OK. Not found.
[19:39:58] - File /dev/.lib/lib/lib/dev/.1addr... OK. Not found.
[19:39:58] - File /dev/.lib/lib/lib/dev/.1logz... OK. Not found.
[19:39:58] - File /dev/.lib/lib/lib/dev/.1proc... OK. Not found.
[19:39:58] - File /dev/.lib/lib/lib/dev/.1file... OK. Not found.
[19:39:59] *** Start scan Lockit / LJK2 ***
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/ssh_config... OK. Not found.
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/ssh_host_key... OK. Not found.
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/ssh_host_key.pub... OK. Not found.
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/ssh_random_seed*... OK. Not found.
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/sshd_config... OK. Not found.
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/backdoor/RK1bd... OK. Not found.
[19:39:59] - File /usr/lib/libmen.oo/.LJK2/backup/du... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/ifconfig... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/inetd.conf... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/locate... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/login... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/ls... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/netstat... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/ps... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/pstree... OK. Not found.
[19:40:00] - File /usr/lib/libmen.oo/.LJK2/backup/rc.sysinit... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/backup/syslogd... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/backup/tcpd... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/backup/top... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/clean/RK1sauber... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/clean/RK1wted... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hack/RK1parser... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hack/RK1sniff... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1addr... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1dir... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1log... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1proc... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/modules/README.modules... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/modules/RK1phide... OK. Not found.
[19:40:01] - File /usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh... OK. Not found.
[19:40:01] - Directory /usr/lib/libmen.oo/.LJK2... OK. Not found.
[19:40:03] *** Start scan MRK ***
[19:40:04] - File /dev/ida/.inet/pid... OK. Not found.
[19:40:04] - File /dev/ida/.inet/ssh_host_key... OK. Not found.
[19:40:04] - File /dev/ida/.inet/ssh_random_seed... OK. Not found.
[19:40:04] - File /dev/ida/.inet/tcp.log... OK. Not found.
[19:40:04] - Directory /dev/ida/.inet... OK. Not found.
[19:40:04] - Directory /var/spool/cron/.sh... OK. Not found.
[19:40:06] *** Start scan Ni0 Rootkit ***
[19:40:06] - File /var/lock/subsys/...datafile.../...net...... OK. Not found.
[19:40:07] - File /var/lock/subsys/...datafile.../...port...... OK. Not found.
[19:40:07] - File /var/lock/subsys/...datafile.../...ps...... OK. Not found.
[19:40:07] - File /var/lock/subsys/...datafile.../...file...... OK. Not found.
[19:40:07] - Directory /tmp/waza... OK. Not found.
[19:40:07] - Directory /var/lock/subsys/...datafile...... OK. Not found.
[19:40:07] - Directory /usr/sbin/es... OK. Not found.
[19:40:08] *** Start scan RootKit for SunOS / NSDAP ***
[19:40:08] - File /usr/lib/vold/nsdap/.kit... OK. Not found.
[19:40:08] - File /usr/lib/vold/nsdap/defines... OK. Not found.
[19:40:08] - File /usr/lib/vold/nsdap/patcher... OK. Not found.
[19:40:08] - File /usr/lib/vold/nsdap/pg... OK. Not found.
[19:40:08] - File /usr/lib/vold/nsdap/cleaner... OK. Not found.
[19:40:09] - File /usr/lib/vold/nsdap/utime... OK. Not found.
[19:40:10] - File /usr/lib/vold/nsdap/crypt... OK. Not found.
[19:40:10] - File /usr/lib/vold/nsdap/findkit... OK. Not found.
[19:40:10] - File /usr/lib/vold/nsdap/sn2... OK. Not found.
[19:40:10] - File /usr/lib/vold/nsdap/sniffload... OK. Not found.
[19:40:10] - File /usr/lib/vold/nsdap/runsniff... OK. Not found.
[19:40:10] - File /usr/lib/lpset... OK. Not found.
[19:40:10] - Directory /usr/lib/vold/nsdap... OK. Not found.
[19:40:14] *** Start scan Optic Kit (Tux) ***
[19:40:14] - Directory /dev/tux... OK. Not found.
[19:40:14] - Directory /usr/bin/xchk... OK. Not found.
[19:40:14] - Directory /usr/bin/xsf... OK. Not found.
[19:40:14] - Directory /usr/bin/ssh2d... OK. Not found.
[19:40:17] *** Start scan Oz Rootkit ***
[19:40:17] - File /dev/.oz/.nap/rkit/terror... OK. Not found.
[19:40:17] - Directory /dev/.oz... OK. Not found.
[19:40:18] *** Start scan Portacelo ***
[19:40:20] - File /var/lib/.../.ak... OK. Not found.
[19:40:20] - File /var/lib/.../.hk... OK. Not found.
[19:40:20] - File /var/lib/.../.rs... OK. Not found.
[19:40:20] - File /var/lib/.../.p... OK. Not found.
[19:40:20] - File /var/lib/.../getty... OK. Not found.
[19:40:20] - File /var/lib/.../lkt.o... OK. Not found.
[19:40:21] - File /var/lib/.../show... OK. Not found.
[19:40:22] - File /var/lib/.../nlkt.o... OK. Not found.
[19:40:22] - File /var/lib/.../ssshrc... OK. Not found.
[19:40:22] - File /var/lib/.../sssh_equiv... OK. Not found.
[19:40:22] - File /var/lib/.../sssh_known_hosts... OK. Not found.
[19:40:22] - File /var/lib/.../sssh_pid... OK. Not found.
[19:40:22] - File ~/.sssh/known_hosts... OK. Not found.
[19:40:23] *** Start scan R3dstorm Toolkit ***
[19:40:23] - File /var/log/tk02/see_all... OK. Not found.
[19:40:23] - File /bin/.../sshd/sbin/sshd1... OK. Not found.
[19:40:23] - File /bin/.../hate/sk... OK. Not found.
[19:40:23] - File /bin/.../see_all... OK. Not found.
[19:40:23] - Directory /var/log/tk02... OK. Not found.
[19:40:23] - Directory /var/log/tk02/old... OK. Not found.
[19:40:23] - Directory /bin/...... OK. Not found.
[19:40:26] *** Start scan RH-Sharpe's rootkit ***
[19:40:26] - File /bin/lps... OK. Not found.
[19:40:26] - File /usr/bin/lpstree... OK. Not found.
[19:40:26] - File /usr/bin/ltop... OK. Not found.
[19:40:26] - File /usr/bin/lkillall... OK. Not found.
[19:40:26] - File /usr/bin/ldu... OK. Not found.
[19:40:26] - File /usr/bin/lnetstat... OK. Not found.
[19:40:26] - File /usr/bin/wp... OK. Not found.
[19:40:26] - File /usr/bin/shad... OK. Not found.
[19:40:27] - File /usr/bin/vadim... OK. Not found.
[19:40:27] - File /usr/bin/slice... OK. Not found.
[19:40:27] - File /usr/bin/cleaner... OK. Not found.
[19:40:27] - File /usr/include/rpcsvc/du... OK. Not found.
[19:40:29] *** Start scan RSHA's rootkit ***
[19:40:29] - File /bin/kr4p... OK. Not found.
[19:40:29] - File /usr/bin/n3tstat... OK. Not found.
[19:40:29] - File /usr/bin/chsh2... OK. Not found.
[19:40:29] - File /usr/bin/slice2... OK. Not found.
[19:40:29] - File /usr/src/linux/arch/alpha/lib/.lib/.1proc... OK. Not found.
[19:40:29] - File /etc/rc.d/arch/alpha/lib/.lib/.1addr... OK. Not found.
[19:40:29] - Directory /etc/rc.d/rsha... OK. Not found.
[19:40:30] - Directory /etc/rc.d/arch/alpha/lib/.lib... OK. Not found.
[19:40:30] Debug: Sebek LKM
[19:40:32] *** Start scan Scalper Worm ***
[19:40:32] - File /tmp/.a... OK. Not found.
[19:40:32] - File /tmp/.uua... OK. Not found.
[19:40:35] *** Start scan Shutdown ***
[19:40:35] - File /usr/man/man5/.. /.dir/scannah/asus... OK. Not found.
[19:40:35] - File /usr/man/man5/.. /.dir/see... OK. Not found.
[19:40:35] - File /usr/man/man5/.. /.dir/nscd... OK. Not found.
[19:40:35] - File /usr/man/man5/.. /.dir/alpd... OK. Not found.
[19:40:35] - File /etc/rc.d/rc.local ... OK. Not found.
[19:40:35] - Directory /usr/man/man5/.. /.dir/... OK. Not found.
[19:40:35] - Directory /usr/man/man5/.. /.dir/scannah... OK. Not found.
[19:40:36] - Directory /etc/rc.d/rc0.d/.. /.dir... OK. Not found.
[19:40:37] *** Start scan SHV4 ***
[19:40:37] - File /etc/ld.so.hash... OK. Not found.
[19:40:37] - File /lib/libext-2.so.7... OK. Not found.
[19:40:37] - File /lib/lidps1.so... OK. Not found.
[19:40:37] - File /usr/sbin/xntps... OK. Not found.
[19:40:37] - Directory /lib/security/.config... OK. Not found.
[19:40:37] - Directory /lib/security/.config/ssh... OK. Not found.
[19:40:39] *** Start scan SHV5 ***
[19:40:40] - File /etc/sh.conf... OK. Not found.
[19:40:40] - File /dev/srd0... OK. Not found.
[19:40:40] - Directory /usr/lib/libsh... OK. Not found.
[19:40:41] *** Start scan Sin Rootkit ***
[19:40:41] - File /dev/.haos/haos1/.f/Denyed... OK. Not found.
[19:40:41] - File /dev/ttyoa... OK. Not found.
[19:40:41] - File /dev/ttyof... OK. Not found.
[19:40:41] - File /dev/ttyop... OK. Not found.
[19:40:41] - File /dev/ttyos... OK. Not found.
[19:40:42] - File /usr/lib/.lib... OK. Not found.
[19:40:42] - File /usr/lib/sn/.X... OK. Not found.
[19:40:42] - File /usr/lib/sn/.sys... OK. Not found.
[19:40:42] - File /usr/lib/ld/.X... OK. Not found.
[19:40:42] - File /usr/man/man1/...... OK. Not found.
[19:40:42] - File /usr/man/man1/.../.m... OK. Not found.
[19:40:42] - File /usr/man/man1/.../.w... OK. Not found.
[19:40:42] - Directory /usr/lib/sn... OK. Not found.
[19:40:42] - Directory /usr/lib/man1/...... OK. Not found.
[19:40:42] - Directory /dev/.haos... OK. Not found.
[19:40:44] *** Start scan Slapper ***
[19:40:45] - File /tmp/.bugtraq... OK. Not found.
[19:40:45] - File /tmp/.uubugtraq... OK. Not found.
[19:40:45] - File /tmp/.bugtraq.c... OK. Not found.
[19:40:45] - File /tmp/httpd... OK. Not found.
[19:40:45] - File /tmp/.unlock... OK. Not found.
[19:40:45] - File /tmp/update... OK. Not found.
[19:40:45] - File /tmp/.cinik... OK. Not found.
[19:40:45] - File /tmp/.b... OK. Not found.
[19:40:47] *** Start scan Sneakin Rootkit ***
[19:40:47] - Directory /tmp/.X11-unix/.../rk... OK. Not found.
[19:40:49] *** Start scan Suckit Rootkit ***
[19:40:49] - File /sbin/initsk12... OK. Not found.
[19:40:49] - File /sbin/initxrk... OK. Not found.
[19:40:49] - File /usr/bin/null... OK. Not found.
[19:40:49] - File /usr/share/locale/sk/.sk12/sk... OK. Not found.
[19:40:49] - File /etc/rc.d/rc0.d/S23kmdac... OK. Not found.
[19:40:49] - File /etc/rc.d/rc1.d/S23kmdac... OK. Not found.
[19:40:49] - File /etc/rc.d/rc2.d/S23kmdac... OK. Not found.
[19:40:49] - File /etc/rc.d/rc3.d/S23kmdac... OK. Not found.
[19:40:50] - File /etc/rc.d/rc4.d/S23kmdac... OK. Not found.
[19:40:50] - File /etc/rc.d/rc5.d/S23kmdac... OK. Not found.
[19:40:50] - File /etc/rc.d/rc6.d/S23kmdac... OK. Not found.
[19:40:50] - Directory /dev/sdhu0/tehdrakg... OK. Not found.
[19:40:50] - Directory /etc/.MG... OK. Not found.
[19:40:50] - Directory /usr/share/locale/sk/.sk12... OK. Not found.
[19:40:50] - Directory /usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist... OK. Not found.
[19:40:52] *** Start scan SunOS Rootkit ***
[19:40:53] - File /etc/ld.so.hash... OK. Not found.
[19:40:53] - File /lib/libext-2.so.7... OK. Not found.
[19:40:53] - File /usr/bin/ssh2d... OK. Not found.
[19:40:53] - File /bin/xlogin... OK. Not found.
[19:40:53] - File /usr/lib/crth.o... OK. Not found.
[19:40:53] - File /usr/lib/crtz.o... OK. Not found.
[19:40:53] - File /sbin/login... OK. Not found.
[19:40:54] - File /lib/security/.config/sn... OK. Not found.
[19:40:55] - File /lib/security/.config/lpsched... OK. Not found.
[19:40:55] - File /dev/kmod... OK. Not found.
[19:40:55] - File /dev/dos... OK. Not found.
[19:40:56] *** Start scan Superkit ***
[19:40:56] - File /usr/man/.sman/sk... OK. Not found.
[19:40:57] *** Start scan TBD (Telnet BackDoor) ***
[19:40:57] - File /usr/lib/.tbd... OK. Not found.
[19:41:00] *** Start scan TeLeKiT ***
[19:41:00] - File /usr/man/man3/.../TeLeKiT/bin/sniff... OK. Not found.
[19:41:00] - File /usr/man/man3/.../TeLeKiT/bin/telnetd... OK. Not found.
[19:41:00] - File /usr/man/man3/.../TeLeKiT/bin/teleulo... OK. Not found.
[19:41:00] - File /usr/man/man3/.../cl... OK. Not found.
[19:41:00] - File /dev/ptyr... OK. Not found.
[19:41:00] - File /dev/ptyp... OK. Not found.
[19:41:01] - File /dev/ptyq... OK. Not found.
[19:41:02] - File /dev/hda06... OK. Not found.
[19:41:02] - File /usr/info/libc1.so... OK. Not found.
[19:41:02] - Directory /usr/man/man3/...... OK. Not found.
[19:41:02] - Directory /usr/man/man3/.../lsniff... OK. Not found.
[19:41:02] - Directory /usr/man/man3/.../TeLeKiT... OK. Not found.
[19:41:03] *** Start scan T0rn Rootkit ***
[19:41:03] - File /dev/.lib/lib/lib/t0rns... OK. Not found.
[19:41:03] - File /dev/.lib/lib/lib/du... OK. Not found.
[19:41:03] - File /dev/.lib/lib/lib/ls... OK. Not found.
[19:41:03] - File /dev/.lib/lib/lib/t0rnsb... OK. Not found.
[19:41:03] - File /dev/.lib/lib/lib/ps... OK. Not found.
[19:41:03] - File /dev/.lib/lib/lib/t0rnp... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/find... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/ifconfig... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/pg... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/ssh.tgz... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/top... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/sz... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/login... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/in.fingerd... OK. Not found.
[19:41:04] - File /dev/.lib/lib/lib/1i0n.sh... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/pstree... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/in.telnetd... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/mjy... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/sush... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/tfn... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/name... OK. Not found.
[19:41:05] - File /dev/.lib/lib/lib/getip.sh... OK. Not found.
[19:41:06] - File /usr/info/.torn/sh*... OK. Not found.
[19:41:06] - File /usr/src/.puta/... OK. Not found.
[19:41:06] - File /usr/src/.puta/.1addr... OK. Not found.
[19:41:06] - File /usr/src/.puta/.1file... OK. Not found.
[19:41:06] - File /usr/src/.puta/.1proc... OK. Not found.
[19:41:06] - File /usr/src/.puta/.1logz... OK. Not found.
[19:41:06] - File /usr/info/.t0rn/... OK. Not found.
[19:41:07] - Directory /dev/.lib/... OK. Not found.
[19:41:08] - Directory /dev/.lib/lib/... OK. Not found.
[19:41:08] - Directory /dev/.lib/lib/lib/... OK. Not found.
[19:41:08] - Directory /dev/.lib/lib/lib/dev/... OK. Not found.
[19:41:08] - Directory /dev/.lib/lib/scan/... OK. Not found.
[19:41:08] - Directory /usr/src/.puta/... OK. Not found.
[19:41:08] - Directory /usr/man/man1/man1/... OK. Not found.
[19:41:08] - Directory /usr/man/man1/man1/lib/... OK. Not found.
[19:41:08] - Directory /usr/man/man1/man1/lib/.lib/... OK. Not found.
[19:41:08] - Directory /usr/man/man1/man1/lib/.lib/.backup/... OK. Not found.
[19:41:10] *** Start scan Trojanit Kit ***
[19:41:10] - File /bin/.ls... OK. Not found.
[19:41:11] - File /bin/.ps... OK. Not found.
[19:41:11] - File /bin/.netstat... OK. Not found.
[19:41:11] - File /usr/bin/.nop... OK. Not found.
[19:41:11] - File /usr/bin/.who... OK. Not found.
[19:41:12] *** Start scan Tuxtendo ***
[19:41:12] - File /dev/tux/.addr... OK. Not found.
[19:41:12] - File /dev/tux/.cron... OK. Not found.
[19:41:12] - File /dev/tux/.file... OK. Not found.
[19:41:12] - File /dev/tux/.log... OK. Not found.
[19:41:12] - File /dev/tux/.proc... OK. Not found.
[19:41:12] - File /dev/tux/backup/crontab... OK. Not found.
[19:41:13] - File /dev/tux/backup/df... OK. Not found.
[19:41:14] - File /dev/tux/backup/dir... OK. Not found.
[19:41:14] - File /dev/tux/backup/find... OK. Not found.
[19:41:14] - File /dev/tux/backup/ifconfig... OK. Not found.
[19:41:14] - File /dev/tux/backup/locate... OK. Not found.
[19:41:14] - File /dev/tux/backup/netstat... OK. Not found.
[19:41:14] - File /dev/tux/backup/ps... OK. Not found.
[19:41:14] - File /dev/tux/backup/pstree... OK. Not found.
[19:41:14] - File /dev/tux/backup/syslogd... OK. Not found.
[19:41:15] - File /dev/tux/backup/tcpd... OK. Not found.
[19:41:15] - File /dev/tux/backup/top... OK. Not found.
[19:41:15] - File /dev/tux/backup/updatedb... OK. Not found.
[19:41:15] - File /dev/tux/backup/vdir... OK. Not found.
[19:41:15] - Directory /dev/tux... OK. Not found.
[19:41:15] - Directory /dev/tux/ssh2... OK. Not found.
[19:41:15] - Directory /dev/tux/backup... OK. Not found.
[19:41:16] *** Start scan URK ***
[19:41:16] - File /usr/man/man1/xxxxxxbin/find... OK. Not found.
[19:41:16] - File /usr/man/man1/xxxxxxbin/du... OK. Not found.
[19:41:16] - File /usr/man/man1/xxxxxxbin/ps... OK. Not found.
[19:41:17] - File /tmp/conf.inf... OK. Not found.
[19:41:17] - Directory /usr/man/man1/xxxxxxbin... OK. Not found.
[19:41:18] *** Start scan VcKit ***
[19:41:18] - Directory /usr/include/linux/modules/lib.so... OK. Not found.
[19:41:18] - Directory /usr/include/linux/modules/lib.so/bin... OK. Not found.
[19:41:21] *** Start scan Volc Rootkit ***
[19:41:21] - Directory /var/spool/.recent... OK. Not found.
[19:41:21] - Directory /var/spool/.recent/.files... OK. Not found.
[19:41:21] - Directory /usr/lib/volc... OK. Not found.
[19:41:21] - Directory /usr/lib/volc/backup... OK. Not found.
[19:41:22] *** Start scan X-Org SunOS Rootkit ***
[19:41:22] - File /usr/lib/libX.a/bin/tmpfl... OK. Not found.
[19:41:22] - File /usr/lib/libX.a/bin/rps... OK. Not found.
[19:41:22] - File /usr/bin/srload... OK. Not found.
[19:41:22] - File /usr/lib/libX.a/bin/sparcv7/rps... OK. Not found.
[19:41:23] - File /usr/sbin/modcheck... OK. Not found.
[19:41:23] - Directory /usr/lib/libX.a... OK. Not found.
[19:41:23] - Directory /usr/lib/libX.a/bin... OK. Not found.
[19:41:23] - Directory /usr/lib/libX.a/bin/sparcv7... OK. Not found.
[19:41:23] - Directory /usr/share/man...... OK. Not found.
[19:41:25] *** Start scan zaRwT.KiT Rootkit ***
[19:41:25] - File /dev/rd/s/sendmeil... OK. Not found.
[19:41:25] - File /dev/ttyf... OK. Not found.
[19:41:25] - File /dev/ttyp... OK. Not found.
[19:41:25] - File /dev/ttyn... OK. Not found.
[19:41:25] - File /rk/tulz... OK. Not found.
[19:41:25] - Directory /rk... OK. Not found.
[19:41:25] - Directory /dev/rd/s... OK. Not found.
[19:41:27] ------------------------------ Malware ------------------------------
[19:41:27] Start scan for common used known (and unknown) rootkit files...
[19:41:28] [Start string tests]
[19:41:29] /sbin/init clean (string: /dev/proc/fuckit)
[19:41:30] /sbin/init clean (string: FUCK)
[19:41:32] /sbin/init clean (string: backdoor)
[19:41:32] /bin/login clean (string: vt200)
[19:41:33] /bin/login clean (string: /usr/bin/xstat)
[19:41:35] /bin/login clean (string: /bin/envpc)
[19:41:36] /bin/login clean (string: l4m3r0x)
[19:41:37] /bin/login clean (string: /usr/lib/.tbd)
[19:41:38] /bin/ls clean (string: /dev/ptyxx/.file)
[19:41:39] /bin/ls clean (string: /dev/sgk)
[19:41:40] /bin/ls clean (string: /var/lock/subsys/...datafile...)
[19:41:41] /bin/ls clean (string: /usr/lib/.tbd)
[19:41:42] /bin/netstat clean (string: /dev/proc/fuckit)
[19:41:42] /bin/netstat clean (string: /lib/.sso)
[19:41:44] /bin/netstat clean (string: /var/lock/subsys/...datafile...)
[19:41:44] /bin/netstat clean (string: /dev/caca)
[19:41:45] /bin/netstat clean (string: /dev/ttyoa)
[19:41:46] /bin/netstat clean (string: syg)
[19:41:49] /bin/ps clean (string: /dev/pts/01)
[19:41:49] /bin/ps clean (string: tw33dl3)
[19:41:50] /bin/ps clean (string: psniff)
[19:41:50] /bin/ps clean (string: /var/lock/subsys/...datafile...)
[19:41:54] /usr/sbin/sshd clean (string: /dev/ptyxx)
[19:41:55] /usr/local/sbin/sshd clean (string: /dev/ptyxx)
[19:41:56] /sbin/syslogd clean (string: promiscuous)
[19:41:57] /sbin/syslogd clean (string: /usr/lib/.tbd)
[19:41:57] /usr/sbin/tcpd clean (string: /dev/xdta)
[19:41:59] /usr/bin/top clean (string: /usr/lib/.tbd)
[19:42:03] All files are OK
[19:42:03] [End string tests]
[19:42:03] Scanning for presence of /dev/sdr0 (file)... OK (not found)
[19:42:04] Scanning for presence of /tmp/.syshackfile (file)... OK (not found)
[19:42:04] Scanning for presence of /tmp/.bash_history (file)... OK (not found)
[19:42:04] Scanning for presence of /usr/info/.clib (file)... OK (not found)
[19:42:06] Scanning for presence of /usr/sbin/tcp.log (file)... OK (not found)
[19:42:06] Scanning for presence of /usr/bin/take/pid (file)... OK (not found)
[19:42:06] Scanning for presence of /sbin/create (file)... OK (not found)
[19:42:07] Scanning for presence of /dev/ttypz (file)... OK (not found)
[19:42:07] Scanning for presence of /usr/bin/take (dir)... OK (not found)
[19:42:07] Scanning for presence of /usr/src/.lib (dir)... OK (not found)
[19:42:09] Scanning for presence of /usr/share/man/man1/.1c (dir)... OK (not found)
[19:42:09] Scanning for presence of /lib/lblip.tk (dir)... OK (not found)
[19:42:09] Scanning for presence of /usr/sbin/... (dir)... OK (not found)
[19:42:10] Scanning for presence of /usr/share/.gun (dir)... OK (not found)
[19:42:11] -------------------------- Open files tests ---------------------------
[19:42:11] Scanning running processes... OK
[19:42:16] Scanned for 'backdoor|adore.so|mod_rootme.so|phide_mod.o|lbk.ko|vlogger.o|cleaner.o|mod_klgr.o|hydra|hydra.restore'
[19:42:16] ----------------------- Login backdoors check -------------------------
[19:42:17] Checking /usr/X11R6/bin/.,/copy/... [ OK ] Not found
[19:42:18] Checking /dev/rd... [ OK ] Not found
[19:42:18] Scanning for software related files and intrusions...
[19:42:20] Checking /usr/lib/libice.log... [ OK ] Not found
[19:42:27] Skipped xinetd tests (not Linux or file doesn't exists)
[19:42:37] Checking /usr/bin/netstat... Not found
[19:42:42] Checking /bin/ps... [ OK ]
[19:42:44] Checking /bin/ls... [ OK ]
[19:42:45] Checking /usr/bin/w... [ OK ]
[19:42:46] Checking /usr/bin/who... [ OK ]
[19:42:47] Checking /bin/netstat... [ OK ]
[19:42:47] Checking /usr/bin/netstat... Not found
[19:42:49] Checking /bin/login... [ OK ]
[19:42:53] --------------------------- File attributes ---------------------------
[19:42:54] Checking /usr/sbin file attributes
[19:43:19] Checking /usr/bin file attributes
[19:44:48] Checking /usr/local/bin file attributes
[19:44:50] Checking /usr/local/sbin file attributes
[19:44:52] Checking /bin file attributes
[19:45:00] Checking /sbin file attributes
[19:45:12] Checking /sw/bin file attributes
[19:45:12] Checking /usr/local/libexec file attributes
[19:45:12] Checking /usr/libexec file attributes
[19:45:13] ----------------------------- LKM modules -----------------------------
[19:45:13] ------------------------------- Backdoors -----------------------------
[19:45:25] Checking network interfaces (promiscuous mode)... [ OK ]
[19:45:25] Performed successful test with `ip`
[19:45:28] ---------------------------- System checks ----------------------------
[19:45:32] Checking for passwordless user accounts...
[19:45:59] ---------------------------- History files ----------------------------
[19:46:04] Start scanning for hidden files in /dev...
[19:46:04] Value of hiddendirs:
[19:46:04] End of scanning /dev
[19:46:04] Start scanning for hidden files in /bin...
[19:46:04] Value of hiddendirs:
[19:46:04] End of scanning /bin
[19:46:04] Start scanning for hidden files in /usr...
[19:46:04] Value of hiddendirs:
[19:46:04] End of scanning /usr
[19:46:04] Start scanning for hidden files in /usr/man...
[19:46:04] End of scanning /usr/man
[19:46:04] Start scanning for hidden files in /usr/man/man1...
[19:46:04] End of scanning /usr/man/man1
[19:46:04] Start scanning for hidden files in /usr/man/man8...
[19:46:04] End of scanning /usr/man/man8
[19:46:04] Start scanning for hidden files in /usr/bin...
[19:46:04] Value of hiddendirs:
[19:46:04] End of scanning /usr/bin
[19:46:04] Start scanning for hidden files in /usr/sbin...
[19:46:04] Value of hiddendirs:
[19:46:04] End of scanning /usr/sbin
[19:46:04] Start scanning for hidden files in /sbin...
[19:46:04] Value of hiddendirs:
[19:46:04] End of scanning /sbin
[19:46:04] Start scanning for hidden files in /etc...
[19:46:04] Value of hiddendirs: /etc/.pwd.lock
[19:46:04] End of scanning /etc
[19:46:04] Hidden file/dir /etc/.pwd.lock [empty] seems to be OK
[19:46:08] ------------------------ Application advisories -----------------------
[19:46:11] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgid.conf... OK
[19:46:11] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgid.load... OK
[19:46:11] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/userdir.conf... OK
[19:46:11] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/userdir.load... OK
[19:46:13] ---------------------- Application version check ----------------------
[19:46:15] ----------------------------------------------------------
[19:46:15] Scanning Exim%%MTA...
[19:46:15] Application not found
[19:46:15] ----------------------------------------------------------
[19:46:15] Scanning GnuPG...
[19:46:17] /usr/bin/gpg found
[19:46:18] Version 1.4.1 seems to be vulnerable (if unpatched)!
[19:46:19] ----------------------------------------------------------
[19:46:19] Scanning Apache...
[19:46:19] Application not found
[19:46:19] ----------------------------------------------------------
[19:46:19] Scanning Bind%%DNS...
[19:46:21] Debug:
[19:46:21] /usr/sbin/named found
[19:46:22] Version 9.2.4 is available in non-vulnerable group and seems to be OK!
[19:46:22] ----------------------------------------------------------
[19:46:22] Scanning OpenSSL...
[19:46:23] /usr/bin/openssl found
[19:46:24] Version 0.9.8c is available in non-vulnerable group and seems to be OK!
[19:46:25] ----------------------------------------------------------
[19:46:25] Scanning PHP...
[19:46:26] /usr/bin/php found
[19:46:28] No information available. Unknown version number
[19:46:28] ----------------------------------------------------------
[19:46:28] Scanning Procmail%%MTA...
[19:46:28] /usr/bin/procmail found
[19:46:30] Version 3.22 is available in non-vulnerable group and seems to be OK!
[19:46:31] ----------------------------------------------------------
[19:46:31] Scanning ProFTPd...
[19:46:31] /usr/sbin/proftpd found
[19:46:33] Version 1.2.10 is available in non-vulnerable group and seems to be OK!
[19:46:33] ----------------------------------------------------------
[19:46:33] Scanning OpenSSH...
[19:46:34] /usr/sbin/sshd found
[19:46:35] No information available. Unknown version number
[19:46:35] /usr/local/sbin/sshd found
[19:46:37] No information available. Unknown version number
[19:46:41] ------------------------- Security advisories -------------------------
[19:46:47] Info: Found 'PermitRootLogin no' or 'PermitRootLogin without-password' in SSH configuration file /etc/ssh/sshd_config
[19:47:03] Rootkits scanned for: 55808 Trojan - Variant A, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy's Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Kit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, MRK, Ni0 Rootkit, RootKit for SunOS / NSDAP, Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe's rootkit, RSHA's rootkit, Scalper Worm, Shutdown, SHV4, SHV5, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit Rootkit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, Tuxtendo, URK, VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit
[19:47:04] 1 vulnerable applications found
0
Réponse 12 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Je pense que tu peux aussi le supprimé /dev/puila
Mais avant affiche le résultat de 
file /dev/puila
0
Jean-Pierre
 
/dev/puila: ASCII text

En attendant d'avoir trouvé, j'ai créé un cron qui vire le fichier /dev/puila toutes les minutes, mais ça n'est pas une solution !

Merci pour ton aide, je suis sur qu'on va trouver....

JP
0
Réponse 13 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Je pense que c'est ici 
[19:46:15] Scanning GnuPG...
[19:46:17] /usr/bin/gpg found
[19:46:18] Version 1.4.1 seems to be vulnerable (if unpatched)!
Sur Etch c'est la version 
lami20j@debian:~/trash$ /usr/bin/gpg --version
gpg (GnuPG) 1.4.6
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
0
Jean-Pierre
 
rkhunter a l'air content, je vais refaire un test....

[20:12:28] Running Rootkit Hunter 1.2.9 on ik55027
[20:12:28]
Rootkit Hunter 1.2.9, Copyright 2003-2006, Michael Boelen

Under active development by the Rootkit Hunter project team. For reporting
bugs, updates, patches, comments and questions see: rkhunter.sourceforge.net

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under the terms of the GNU General
Public License. See LICENSE for details.

[20:12:28] Info: Shell /bin/bash
[20:12:28] ------------------------ Configuration check --------------------------
[20:12:28] Parsing configuration file (/etc/rkhunter.conf)
[20:12:28] Info: No mail-on-warning address configured
[20:12:28] Info: Using /var/lib/rkhunter/tmp as temporary directory
[20:12:29] Info: Using /var/lib/rkhunter/db as database directory
[20:12:29] Info: Using '/usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /bin /sbin /sw/bin /usr/local/libexec /usr/libexec' as binary directory
[20:12:29] -------------------------- Application scan ---------------------------
[20:12:30] Found /usr/bin/find
[20:12:30] Found /usr/bin/lsattr
[20:12:30] Found /usr/bin/lsof
[20:12:30] Found /usr/bin/md5sum
[20:12:30] Found /usr/bin/stat
[20:12:30] Found /usr/bin/strings
[20:12:30] Found /usr/bin/wget
[20:12:30] Found /usr/bin/perl (version 5.8.8)
[20:12:30] Found /bin/ip
[20:12:30] Found /bin/ls
[20:12:30] Found /bin/lsmod
[20:12:30] Found /bin/ps
[20:12:30] Found /bin/readlink
[20:12:30] Found /sbin/ip
[20:12:30] Found /sbin/ifconfig
[20:12:30] Found /sbin/lsmod
[20:12:30] Info: WGET found
[20:12:30] Info: NMAP not found
[20:12:30] Info: LSOF found
[20:12:30] Info: ip found
[20:12:30] Application scan ended
[20:12:30] ---------------------------- System checks ----------------------------
[20:12:32] Info: kernel is 2.6
[20:12:32] Info: Found /etc/debian_version
[20:12:34] Info: Full OS name = Debian 4.0 (i386)
[20:12:34] Info: OS ID = 730
[20:12:34] Info: Found MD5 command /usr/bin/md5sum
[20:12:34] Info: Perl version 5.8.8 found
[20:12:38] Info: Perl module Digest::MD5 installed (version 2.36).
[20:12:38] Info: Perl module Digest::SHA1 installed (version 2.11).
[20:12:38] Info: Using perl module Digest::MD5 to verify MD5 hashes
[20:12:38] Info: using /var/lib/rkhunter/tmp as temporary directory
[20:12:38] Info: UID is zero (root)
[20:12:38] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)
[20:12:38] ---------------------------- File checks -----------------------------
[20:12:38] Checking /var/lib/rkhunter/db/md5blacklist.dat... OK
[20:12:38] Checking /var/lib/rkhunter/db/mirrors.dat... OK
[20:12:38] Checking /var/lib/rkhunter/db/programs_bad.dat... OK
[20:12:38] Checking /var/lib/rkhunter/db/programs_good.dat... OK
[20:12:40] ------------------------------ Selftests ------------------------------
[20:12:42] Strings selftest: scanning for string /usr/sbin/ntpsx... OK
[20:12:43] Strings selftest: scanning for string /usr/lib/.../ls... OK
[20:12:43] Strings selftest: scanning for string /usr/lib/.../netstat... OK
[20:12:43] Strings selftest: scanning for string /usr/lib/.../lsof... OK
[20:12:43] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg... OK
[20:12:43] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shhk... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-pw... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shrs... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../uconf.inv... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../psr... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../find... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../pstree... OK
[20:12:44] Strings selftest: scanning for string /usr/lib/.../slocate... OK
[20:12:45] Strings selftest: scanning for string /usr/lib/.../du... OK
[20:12:45] Strings selftest: scanning for string /usr/lib/.../top... OK
[20:12:45] Strings selftest: scanning for string /usr/lib/...... OK
[20:12:46] Strings selftest: scanning for string /usr/lib/.../bkit-ssh... OK
[20:12:46] Strings selftest: scanning for string /usr/lib/.bkit-... OK
[20:12:46] Strings selftest: scanning for string /tmp/.bkp... OK
[20:12:46] Strings selftest: scanning for string /tmp/.cinik... OK
[20:12:46] Strings selftest: scanning for string /tmp/.font-unix/.cinik... OK
[20:12:46] Strings selftest: scanning for string /lib/.sso... OK
[20:12:47] Strings selftest: scanning for string /lib/.so... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/clean... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/xl... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/xdr... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/psg... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/secure... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/rdx... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/va... OK
[20:12:47] Strings selftest: scanning for string /var/run/...dica/cl.sh... OK
[20:12:47] Strings selftest: scanning for string /usr/bin/.etc... OK
[20:12:48] Strings selftest: scanning for string /usr/lib/.fx/sched_host.2... OK
[20:12:48] Strings selftest: scanning for string /usr/lib/.fx/random_d.2... OK
[20:12:48] Strings selftest: scanning for string /usr/lib/.fx/set_pid.2... OK
[20:12:48] Strings selftest: scanning for string /usr/lib/.fx/cons.saver... OK
[20:12:48] Strings selftest: scanning for string /usr/lib/.fx/adore/adore/adore.ko... OK
[20:12:48] Strings selftest: scanning for string /bin/sysback... OK
[20:12:49] Strings selftest: scanning for string /usr/local/bin/sysback... OK
[20:12:49] Strings selftest: scanning for string /usr/lib/.tbd... OK
[20:12:49] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rns... OK
[20:12:49] Strings selftest: scanning for string /dev/.lib/lib/lib/du... OK
[20:12:49] Strings selftest: scanning for string /dev/.lib/lib/lib/ls... OK
[20:12:49] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnsb... OK
[20:12:49] Strings selftest: scanning for string /dev/.lib/lib/lib/ps... OK
[20:12:50] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnp... OK
[20:12:50] Strings selftest: scanning for string /dev/.lib/lib/lib/find... OK
[20:12:50] Strings selftest: scanning for string /dev/.lib/lib/lib/ifconfig... OK
[20:12:50] Strings selftest: scanning for string /dev/.lib/lib/lib/pg... OK
[20:12:50] Strings selftest: scanning for string /dev/.lib/lib/lib/ssh.tgz... OK
[20:12:50] Strings selftest: scanning for string /dev/.lib/lib/lib/top... OK
[20:12:51] Strings selftest: scanning for string /dev/.lib/lib/lib/sz... OK
[20:12:51] Strings selftest: scanning for string /dev/.lib/lib/lib/login... OK
[20:12:51] Strings selftest: scanning for string /dev/.lib/lib/lib/in.fingerd... OK
[20:12:51] Strings selftest: scanning for string /dev/.lib/lib/lib/1i0n.sh... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/pstree... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/in.telnetd... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/mjy... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/sush... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/tfn... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/name... OK
[20:12:52] Strings selftest: scanning for string /dev/.lib/lib/lib/getip.sh... OK
[20:12:53] Strings selftest: scanning for string /usr/info/.torn/sh*... OK
[20:12:53] Strings selftest: scanning for string /usr/src/.puta/... OK
[20:12:53] Strings selftest: scanning for string /usr/src/.puta/.1addr... OK
[20:12:53] Strings selftest: scanning for string /usr/src/.puta/.1file... OK
[20:12:54] Strings selftest: scanning for string /usr/src/.puta/.1proc... OK
[20:12:54] Strings selftest: scanning for string /usr/src/.puta/.1logz... OK
[20:12:54] Strings selftest: scanning for string /usr/info/.t0rn/... OK
[20:12:54] Strings selftest: scanning for string /dev/.lib/... OK
[20:12:54] Strings selftest: scanning for string /dev/.lib/lib/... OK
[20:12:54] Strings selftest: scanning for string /dev/.lib/lib/lib/... OK
[20:12:55] Strings selftest: scanning for string /dev/.lib/lib/lib/dev/... OK
[20:12:55] Strings selftest: scanning for string /dev/.lib/lib/scan/... OK
[20:12:55] Strings selftest: scanning for string /usr/src/.puta/... OK
[20:12:55] Strings selftest: scanning for string /usr/man/man1/man1/... OK
[20:12:55] Strings selftest: scanning for string /usr/man/man1/man1/lib/... OK
[20:12:55] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/... OK
[20:12:55] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/.backup/... OK
[20:12:56] ---------------------------- MD5 hash tests ---------------------------
[20:12:56] Starting MD5 checksum test (/usr/share/rkhunter/scripts/filehashmd5.pl)
[20:14:00] Info: Check skipped - no hashes available
[20:14:04] ------------------------------ Rootkits ------------------------------
[20:14:05] *** Start scan 55808 Trojan - Variant A ***
[20:14:05] - File /tmp/.../r... OK. Not found.
[20:14:05] - File /tmp/.../a... OK. Not found.
[20:14:07] Checking /etc/passwd for presence of ADM worm
OK
[20:14:08] *** Start scan AjaKit ***
[20:14:08] - File /dev/tux/.addr... OK. Not found.
[20:14:08] - File /dev/tux/.proc... OK. Not found.
[20:14:08] - File /dev/tux/.file... OK. Not found.
[20:14:08] - File /lib/.libgh-gh/cleaner... OK. Not found.
[20:14:08] - File /lib/.libgh-gh/Patch/patch... OK. Not found.
[20:14:08] - File /lib/.libgh-gh/sb0k... OK. Not found.
[20:14:08] - Directory /dev/tux... OK. Not found.
[20:14:08] - Directory /lib/.libgh-gh... OK. Not found.
[20:14:09] *** Start scan aPa Kit ***
[20:14:09] - File /usr/share/.aPa... OK. Not found.
[20:14:10] *** Start scan Apache Worm ***
[20:14:10] - File /bin/.log... OK. Not found.
[20:14:11] *** Start scan Ambient (ark) Rootkit ***
[20:14:11] - File /usr/lib/.ark?... OK. Not found.
[20:14:11] - File /dev/ptyxx/.log... OK. Not found.
[20:14:11] - File /dev/ptyxx/.file... OK. Not found.
[20:14:11] - Directory /dev/ptyxx... OK. Not found.
[20:14:12] *** Start scan Balaur Rootkit ***
[20:14:12] - File /usr/lib/liblog.o... OK. Not found.
[20:14:12] - Directory /usr/lib/.kinetic... OK. Not found.
[20:14:12] - Directory /usr/lib/.egcs... OK. Not found.
[20:14:12] - Directory /usr/lib/.wormie... OK. Not found.
[20:14:14] *** Start scan BeastKit ***
[20:14:14] - File /usr/sbin/arobia... OK. Not found.
[20:14:14] - File /usr/sbin/idrun... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm/hk... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm/hk.pub... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm/sc... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm/sd.pp... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm/sdco... OK. Not found.
[20:14:14] - File /usr/lib/elm/arobia/elm/srsd... OK. Not found.
[20:14:14] - Directory /lib/ldd.so/bktools... OK. Not found.
[20:14:15] *** Start scan beX2 ***
[20:14:15] - Directory //usr/include/bex... OK. Not found.
[20:14:16] *** Start scan BOBKit ***
[20:14:16] - File /usr/sbin/ntpsx... OK. Not found.
[20:14:16] - File /usr/lib/.../ls... OK. Not found.
[20:14:16] - File /usr/lib/.../netstat... OK. Not found.
[20:14:16] - File /usr/lib/.../lsof... OK. Not found.
[20:14:17] - File /usr/lib/.../bkit-ssh/bkit-shdcfg... OK. Not found.
[20:14:17] - File /usr/lib/.../bkit-ssh/bkit-shhk... OK. Not found.
[20:14:17] - File /usr/lib/.../bkit-ssh/bkit-pw... OK. Not found.
[20:14:17] - File /usr/lib/.../bkit-ssh/bkit-shrs... OK. Not found.
[20:14:17] - File /usr/lib/.../uconf.inv... OK. Not found.
[20:14:17] - File /usr/lib/.../psr... OK. Not found.
[20:14:17] - File /usr/lib/.../find... OK. Not found.
[20:14:17] - File /usr/lib/.../pstree... OK. Not found.
[20:14:17] - File /usr/lib/.../slocate... OK. Not found.
[20:14:17] - File /usr/lib/.../du... OK. Not found.
[20:14:17] - File /usr/lib/.../top... OK. Not found.
[20:14:17] - Directory /usr/lib/...... OK. Not found.
[20:14:17] - Directory /usr/lib/.../bkit-ssh... OK. Not found.
[20:14:17] - Directory /usr/lib/.bkit-... OK. Not found.
[20:14:17] - Directory /tmp/.bkp... OK. Not found.
[20:14:18] *** Start scan CiNIK Worm (Slapper.B variant) ***
[20:14:18] - File /tmp/.cinik... OK. Not found.
[20:14:19] *** Start scan Danny-Boy's Abuse Kit ***
[20:14:20] *** Start scan Devil RootKit ***
[20:14:20] - File /var/lib/games/.src... OK. Not found.
[20:14:20] - File /dev/dsx... OK. Not found.
[20:14:20] - File /dev/caca... OK. Not found.
[20:14:21] *** Start scan Dica ***
[20:14:21] - File /lib/.sso... OK. Not found.
[20:14:21] - File /lib/.so... OK. Not found.
[20:14:21] - File /var/run/...dica/clean... OK. Not found.
[20:14:21] - File /var/run/...dica/xl... OK. Not found.
[20:14:21] - File /var/run/...dica/xdr... OK. Not found.
[20:14:21] - File /var/run/...dica/psg... OK. Not found.
[20:14:21] - File /var/run/...dica/secure... OK. Not found.
[20:14:21] - File /var/run/...dica/rdx... OK. Not found.
[20:14:21] - File /var/run/...dica/va... OK. Not found.
[20:14:21] - File /var/run/...dica/cl.sh... OK. Not found.
[20:14:21] - File /usr/bin/.etc... OK. Not found.
[20:14:21] - Directory /var/run/...dica... OK. Not found.
[20:14:21] - Directory /var/run/...dica/mh... OK. Not found.
[20:14:21] - Directory /var/run/...dica/scan... OK. Not found.
[20:14:22] *** Start scan Dreams Rootkit ***
[20:14:22] - File /dev/ttyoa... OK. Not found.
[20:14:22] - File /dev/ttyof... OK. Not found.
[20:14:22] - File /dev/ttyop... OK. Not found.
[20:14:22] - File /usr/bin/sense... OK. Not found.
[20:14:22] - File /usr/bin/sl2... OK. Not found.
[20:14:22] - File /usr/bin/logclear... OK. Not found.
[20:14:22] - File /usr/bin/(swapd)... OK. Not found.
[20:14:22] - File /usr/bin/snfs... OK. Not found.
[20:14:22] - File /usr/lib/libsss... OK. Not found.
[20:14:22] - Directory /dev/ida/.hpd... OK. Not found.
[20:14:23] *** Start scan Duarawkz ***
[20:14:23] - File /usr/bin/duarawkz/loginpass... OK. Not found.
[20:14:23] - Directory /usr/bin/duarawkz... OK. Not found.
[20:14:24] *** Start scan Flea Linux Rootkit ***
[20:14:24] - File /etc/ld.so.hash... OK. Not found.
[20:14:24] - File /lib/security/.config/ssh/ssh_host_key... OK. Not found.
[20:14:24] - File /lib/security/.config/ssh/ssh_host_key.pub... OK. Not found.
[20:14:24] - File /lib/security/.config/ssh/ssh_random_seed... OK. Not found.
[20:14:24] - File /usr/bin/ssh2d... OK. Not found.
[20:14:24] - File /usr/lib/ldlibns.so... OK. Not found.
[20:14:24] - File /usr/lib/ldlibpst.so... OK. Not found.
[20:14:24] - File /usr/lib/ldlibdu.so... OK. Not found.
[20:14:24] - File /usr/lib/ldlibct.so... OK. Not found.
[20:14:24] - Directory /lib/security/.config/ssh... OK. Not found.
[20:14:24] - Directory /dev/..0... OK. Not found.
[20:14:24] - Directory /dev/..0/backup... OK. Not found.
[20:14:25] *** Start scan FreeBSD Rootkit ***
[20:14:25] - File /usr/lib/.fx/sched_host.2... OK. Not found.
[20:14:25] - File /usr/lib/.fx/random_d.2... OK. Not found.
[20:14:25] - File /usr/lib/.fx/set_pid.2... OK. Not found.
[20:14:25] - File /usr/lib/.fx/cons.saver... OK. Not found.
[20:14:25] - File /usr/lib/.fx/adore/adore/adore.ko... OK. Not found.
[20:14:25] - File /bin/sysback... OK. Not found.
[20:14:25] - File /usr/local/bin/sysback... OK. Not found.
[20:14:25] - Directory /usr/lib/.fx... OK. Not found.
[20:14:25] - Directory /usr/lib/.fx/adore... OK. Not found.
[20:14:26] *** Start scan Fuck`it Rootkit ***
[20:14:26] - File /dev/proc/fuckit/hax0r... OK. Not found.
[20:14:26] - File /dev/proc/fuckit/hax0rshell... OK. Not found.
[20:14:26] - File /dev/proc/fuckit/config/lports... OK. Not found.
[20:14:26] - File /dev/proc/fuckit/config/rports... OK. Not found.
[20:14:26] - File /dev/proc/fuckit/config/rkconf... OK. Not found.
[20:14:26] - File /dev/proc/fuckit/config/password... OK. Not found.
[20:14:26] - File /dev/proc/fuckit/config/progs... OK. Not found.
[20:14:26] - File /dev/proc/system-bins/init... OK. Not found.
[20:14:27] *** Start scan GasKit ***
[20:14:27] - File /dev/dev/gaskit/sshd/sshdd... OK. Not found.
[20:14:27] - Directory /dev/dev... OK. Not found.
[20:14:28] - Directory /dev/dev/gaskit... OK. Not found.
[20:14:28] - Directory /dev/dev/gaskit/sshd... OK. Not found.
[20:14:28] *** Start scan Heroin LKM ***
[20:14:29] *** Start scan HjC Kit ***
[20:14:29] - Directory /dev/.hijackerz... OK. Not found.
[20:14:30] *** Start scan ignoKit ***
[20:14:30] - File /lib/defs/p... OK. Not found.
[20:14:30] - File /lib/defs/q... OK. Not found.
[20:14:30] - File /lib/defs/r... OK. Not found.
[20:14:30] - File /lib/defs/s... OK. Not found.
[20:14:30] - File /lib/defs/t... OK. Not found.
[20:14:30] - File /usr/lib/defs/p... OK. Not found.
[20:14:30] - File /usr/lib/defs/p... OK. Not found.
[20:14:30] - File /usr/lib/defs/p... OK. Not found.
[20:14:30] - File /usr/lib/defs/p... OK. Not found.
[20:14:31] - File /usr/lib/defs/p... OK. Not found.
[20:14:31] - File /usr/lib/.libigno/pkunsec... OK. Not found.
[20:14:31] - File /usr/lib/.libigno/.igno/psybnc/psybnc... OK. Not found.
[20:14:31] - Directory /usr/lib/.libigno... OK. Not found.
[20:14:31] - Directory /usr/lib/.libigno/.igno/... OK. Not found.
[20:14:31] *** Start scan ImperalsS-FBRK ***
[20:14:31] - Directory /dev/fd/.88... OK. Not found.
[20:14:31] - Directory /dev/fd/.99... OK. Not found.
[20:14:32] *** Start scan Irix Rootkit ***
[20:14:32] - Directory /dev/pts/01... OK. Not found.
[20:14:32] - Directory /dev/pts/01/backup... OK. Not found.
[20:14:32] - Directory /dev/pts/01/etc... OK. Not found.
[20:14:32] - Directory /dev/pts/01/tmp... OK. Not found.
[20:14:33] *** Start scan Kitko ***
[20:14:33] - Directory /usr/src/redhat/SRPMS/...... OK. Not found.
[20:14:34] *** Start scan Knark ***
[20:14:34] - File /proc/knark/pids... OK. Not found.
[20:14:34] - Directory /proc/knark... OK. Not found.
[20:14:35] *** Start scan Li0n Worm ***
[20:14:35] - File /bin/in.telnetd... OK. Not found.
[20:14:35] - File /bin/mjy... OK. Not found.
[20:14:35] - File /usr/man/man1/man1/lib/.lib/mjy... OK. Not found.
[20:14:35] - File /usr/man/man1/man1/lib/.lib/in.telnetd... OK. Not found.
[20:14:35] - File /usr/man/man1/man1/lib/.lib/.x... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/1i0n.sh... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/hack.sh... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/bind... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/randb... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/scan.sh... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/pscan... OK. Not found.
[20:14:35] - File /dev/.lib/lib/scan/star.sh... OK. Not found.
[20:14:36] - File /dev/.lib/lib/scan/bindx.sh... OK. Not found.
[20:14:36] - File /dev/.lib/lib/scan/bindname.log... OK. Not found.
[20:14:36] - File /dev/.lib/lib/1i0n.sh... OK. Not found.
[20:14:36] - File /dev/.lib/lib/lib/netstat... OK. Not found.
[20:14:36] - File /dev/.lib/lib/lib/dev/.1addr... OK. Not found.
[20:14:36] - File /dev/.lib/lib/lib/dev/.1logz... OK. Not found.
[20:14:36] - File /dev/.lib/lib/lib/dev/.1proc... OK. Not found.
[20:14:36] - File /dev/.lib/lib/lib/dev/.1file... OK. Not found.
[20:14:37] *** Start scan Lockit / LJK2 ***
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/ssh_config... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/ssh_host_key... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/ssh_host_key.pub... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/ssh_random_seed*... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/sshd_config... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/backdoor/RK1bd... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/backup/du... OK. Not found.
[20:14:37] - File /usr/lib/libmen.oo/.LJK2/backup/ifconfig... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/inetd.conf... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/locate... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/login... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/ls... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/netstat... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/ps... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/pstree... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/rc.sysinit... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/syslogd... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/tcpd... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/backup/top... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/clean/RK1sauber... OK. Not found.
[20:14:38] - File /usr/lib/libmen.oo/.LJK2/clean/RK1wted... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hack/RK1parser... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hack/RK1sniff... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1addr... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1dir... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1log... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hide/.RK1proc... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/modules/README.modules... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/modules/RK1phide... OK. Not found.
[20:14:39] - File /usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh... OK. Not found.
[20:14:39] - Directory /usr/lib/libmen.oo/.LJK2... OK. Not found.
[20:14:41] *** Start scan MRK ***
[20:14:41] - File /dev/ida/.inet/pid... OK. Not found.
[20:14:41] - File /dev/ida/.inet/ssh_host_key... OK. Not found.
[20:14:41] - File /dev/ida/.inet/ssh_random_seed... OK. Not found.
[20:14:41] - File /dev/ida/.inet/tcp.log... OK. Not found.
[20:14:41] - Directory /dev/ida/.inet... OK. Not found.
[20:14:41] - Directory /var/spool/cron/.sh... OK. Not found.
[20:14:42] *** Start scan Ni0 Rootkit ***
[20:14:42] - File /var/lock/subsys/...datafile.../...net...... OK. Not found.
[20:14:42] - File /var/lock/subsys/...datafile.../...port...... OK. Not found.
[20:14:42] - File /var/lock/subsys/...datafile.../...ps...... OK. Not found.
[20:14:42] - File /var/lock/subsys/...datafile.../...file...... OK. Not found.
[20:14:42] - Directory /tmp/waza... OK. Not found.
[20:14:42] - Directory /var/lock/subsys/...datafile...... OK. Not found.
[20:14:42] - Directory /usr/sbin/es... OK. Not found.
[20:14:43] *** Start scan RootKit for SunOS / NSDAP ***
[20:14:43] - File /usr/lib/vold/nsdap/.kit... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/defines... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/patcher... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/pg... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/cleaner... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/utime... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/crypt... OK. Not found.
[20:14:43] - File /usr/lib/vold/nsdap/findkit... OK. Not found.
[20:14:44] - File /usr/lib/vold/nsdap/sn2... OK. Not found.
[20:14:44] - File /usr/lib/vold/nsdap/sniffload... OK. Not found.
[20:14:44] - File /usr/lib/vold/nsdap/runsniff... OK. Not found.
[20:14:44] - File /usr/lib/lpset... OK. Not found.
[20:14:44] - Directory /usr/lib/vold/nsdap... OK. Not found.
[20:14:45] *** Start scan Optic Kit (Tux) ***
[20:14:45] - Directory /dev/tux... OK. Not found.
[20:14:45] - Directory /usr/bin/xchk... OK. Not found.
[20:14:45] - Directory /usr/bin/xsf... OK. Not found.
[20:14:45] - Directory /usr/bin/ssh2d... OK. Not found.
[20:14:45] *** Start scan Oz Rootkit ***
[20:14:45] - File /dev/.oz/.nap/rkit/terror... OK. Not found.
[20:14:45] - Directory /dev/.oz... OK. Not found.
[20:14:46] *** Start scan Portacelo ***
[20:14:46] - File /var/lib/.../.ak... OK. Not found.
[20:14:46] - File /var/lib/.../.hk... OK. Not found.
[20:14:46] - File /var/lib/.../.rs... OK. Not found.
[20:14:46] - File /var/lib/.../.p... OK. Not found.
[20:14:46] - File /var/lib/.../getty... OK. Not found.
[20:14:47] - File /var/lib/.../lkt.o... OK. Not found.
[20:14:47] - File /var/lib/.../show... OK. Not found.
[20:14:47] - File /var/lib/.../nlkt.o... OK. Not found.
[20:14:47] - File /var/lib/.../ssshrc... OK. Not found.
[20:14:47] - File /var/lib/.../sssh_equiv... OK. Not found.
[20:14:47] - File /var/lib/.../sssh_known_hosts... OK. Not found.
[20:14:47] - File /var/lib/.../sssh_pid... OK. Not found.
[20:14:47] - File ~/.sssh/known_hosts... OK. Not found.
[20:14:48] *** Start scan R3dstorm Toolkit ***
[20:14:48] - File /var/log/tk02/see_all... OK. Not found.
[20:14:48] - File /bin/.../sshd/sbin/sshd1... OK. Not found.
[20:14:48] - File /bin/.../hate/sk... OK. Not found.
[20:14:48] - File /bin/.../see_all... OK. Not found.
[20:14:48] - Directory /var/log/tk02... OK. Not found.
[20:14:48] - Directory /var/log/tk02/old... OK. Not found.
[20:14:48] - Directory /bin/...... OK. Not found.
[20:14:49] *** Start scan RH-Sharpe's rootkit ***
[20:14:49] - File /bin/lps... OK. Not found.
[20:14:49] - File /usr/bin/lpstree... OK. Not found.
[20:14:49] - File /usr/bin/ltop... OK. Not found.
[20:14:49] - File /usr/bin/lkillall... OK. Not found.
[20:14:49] - File /usr/bin/ldu... OK. Not found.
[20:14:49] - File /usr/bin/lnetstat... OK. Not found.
[20:14:49] - File /usr/bin/wp... OK. Not found.
[20:14:49] - File /usr/bin/shad... OK. Not found.
[20:14:49] - File /usr/bin/vadim... OK. Not found.
[20:14:49] - File /usr/bin/slice... OK. Not found.
[20:14:49] - File /usr/bin/cleaner... OK. Not found.
[20:14:49] - File /usr/include/rpcsvc/du... OK. Not found.
[20:14:50] *** Start scan RSHA's rootkit ***
[20:14:50] - File /bin/kr4p... OK. Not found.
[20:14:50] - File /usr/bin/n3tstat... OK. Not found.
[20:14:50] - File /usr/bin/chsh2... OK. Not found.
[20:14:50] - File /usr/bin/slice2... OK. Not found.
[20:14:51] - File /usr/src/linux/arch/alpha/lib/.lib/.1proc... OK. Not found.
[20:14:51] - File /etc/rc.d/arch/alpha/lib/.lib/.1addr... OK. Not found.
[20:14:51] - Directory /etc/rc.d/rsha... OK. Not found.
[20:14:51] - Directory /etc/rc.d/arch/alpha/lib/.lib... OK. Not found.
[20:14:51] Debug: Sebek LKM
[20:14:53] *** Start scan Scalper Worm ***
[20:14:53] - File /tmp/.a... OK. Not found.
[20:14:53] - File /tmp/.uua... OK. Not found.
[20:14:54] *** Start scan Shutdown ***
[20:14:54] - File /usr/man/man5/.. /.dir/scannah/asus... OK. Not found.
[20:14:54] - File /usr/man/man5/.. /.dir/see... OK. Not found.
[20:14:54] - File /usr/man/man5/.. /.dir/nscd... OK. Not found.
[20:14:54] - File /usr/man/man5/.. /.dir/alpd... OK. Not found.
[20:14:54] - File /etc/rc.d/rc.local ... OK. Not found.
[20:14:54] - Directory /usr/man/man5/.. /.dir/... OK. Not found.
[20:14:55] - Directory /usr/man/man5/.. /.dir/scannah... OK. Not found.
[20:14:55] - Directory /etc/rc.d/rc0.d/.. /.dir... OK. Not found.
[20:14:57] *** Start scan SHV4 ***
[20:14:57] - File /etc/ld.so.hash... OK. Not found.
[20:14:57] - File /lib/libext-2.so.7... OK. Not found.
[20:14:57] - File /lib/lidps1.so... OK. Not found.
[20:14:57] - File /usr/sbin/xntps... OK. Not found.
[20:14:57] - Directory /lib/security/.config... OK. Not found.
[20:14:57] - Directory /lib/security/.config/ssh... OK. Not found.
[20:14:58] *** Start scan SHV5 ***
[20:14:58] - File /etc/sh.conf... OK. Not found.
[20:14:58] - File /dev/srd0... OK. Not found.
[20:14:58] - Directory /usr/lib/libsh... OK. Not found.
[20:14:59] *** Start scan Sin Rootkit ***
[20:14:59] - File /dev/.haos/haos1/.f/Denyed... OK. Not found.
[20:14:59] - File /dev/ttyoa... OK. Not found.
[20:14:59] - File /dev/ttyof... OK. Not found.
[20:14:59] - File /dev/ttyop... OK. Not found.
[20:14:59] - File /dev/ttyos... OK. Not found.
[20:14:59] - File /usr/lib/.lib... OK. Not found.
[20:15:00] - File /usr/lib/sn/.X... OK. Not found.
[20:15:00] - File /usr/lib/sn/.sys... OK. Not found.
[20:15:00] - File /usr/lib/ld/.X... OK. Not found.
[20:15:00] - File /usr/man/man1/...... OK. Not found.
[20:15:00] - File /usr/man/man1/.../.m... OK. Not found.
[20:15:00] - File /usr/man/man1/.../.w... OK. Not found.
[20:15:00] - Directory /usr/lib/sn... OK. Not found.
[20:15:00] - Directory /usr/lib/man1/...... OK. Not found.
[20:15:00] - Directory /dev/.haos... OK. Not found.
[20:15:01] *** Start scan Slapper ***
[20:15:01] - File /tmp/.bugtraq... OK. Not found.
[20:15:01] - File /tmp/.uubugtraq... OK. Not found.
[20:15:01] - File /tmp/.bugtraq.c... OK. Not found.
[20:15:01] - File /tmp/httpd... OK. Not found.
[20:15:01] - File /tmp/.unlock... OK. Not found.
[20:15:01] - File /tmp/update... OK. Not found.
[20:15:01] - File /tmp/.cinik... OK. Not found.
[20:15:01] - File /tmp/.b... OK. Not found.
[20:15:03] *** Start scan Sneakin Rootkit ***
[20:15:03] - Directory /tmp/.X11-unix/.../rk... OK. Not found.
[20:15:04] *** Start scan Suckit Rootkit ***
[20:15:05] - File /sbin/initsk12... OK. Not found.
[20:15:05] - File /sbin/initxrk... OK. Not found.
[20:15:05] - File /usr/bin/null... OK. Not found.
[20:15:05] - File /usr/share/locale/sk/.sk12/sk... OK. Not found.
[20:15:05] - File /etc/rc.d/rc0.d/S23kmdac... OK. Not found.
[20:15:05] - File /etc/rc.d/rc1.d/S23kmdac... OK. Not found.
[20:15:05] - File /etc/rc.d/rc2.d/S23kmdac... OK. Not found.
[20:15:05] - File /etc/rc.d/rc3.d/S23kmdac... OK. Not found.
[20:15:05] - File /etc/rc.d/rc4.d/S23kmdac... OK. Not found.
[20:15:06] - File /etc/rc.d/rc5.d/S23kmdac... OK. Not found.
[20:15:06] - File /etc/rc.d/rc6.d/S23kmdac... OK. Not found.
[20:15:06] - Directory /dev/sdhu0/tehdrakg... OK. Not found.
[20:15:06] - Directory /etc/.MG... OK. Not found.
[20:15:06] - Directory /usr/share/locale/sk/.sk12... OK. Not found.
[20:15:06] - Directory /usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist... OK. Not found.
[20:15:06] *** Start scan SunOS Rootkit ***
[20:15:06] - File /etc/ld.so.hash... OK. Not found.
[20:15:06] - File /lib/libext-2.so.7... OK. Not found.
[20:15:06] - File /usr/bin/ssh2d... OK. Not found.
[20:15:07] - File /bin/xlogin... OK. Not found.
[20:15:07] - File /usr/lib/crth.o... OK. Not found.
[20:15:07] - File /usr/lib/crtz.o... OK. Not found.
[20:15:07] - File /sbin/login... OK. Not found.
[20:15:07] - File /lib/security/.config/sn... OK. Not found.
[20:15:07] - File /lib/security/.config/lpsched... OK. Not found.
[20:15:07] - File /dev/kmod... OK. Not found.
[20:15:07] - File /dev/dos... OK. Not found.
[20:15:08] *** Start scan Superkit ***
[20:15:08] - File /usr/man/.sman/sk... OK. Not found.
[20:15:09] *** Start scan TBD (Telnet BackDoor) ***
[20:15:09] - File /usr/lib/.tbd... OK. Not found.
[20:15:10] *** Start scan TeLeKiT ***
[20:15:10] - File /usr/man/man3/.../TeLeKiT/bin/sniff... OK. Not found.
[20:15:10] - File /usr/man/man3/.../TeLeKiT/bin/telnetd... OK. Not found.
[20:15:10] - File /usr/man/man3/.../TeLeKiT/bin/teleulo... OK. Not found.
[20:15:10] - File /usr/man/man3/.../cl... OK. Not found.
[20:15:10] - File /dev/ptyr... OK. Not found.
[20:15:10] - File /dev/ptyp... OK. Not found.
[20:15:10] - File /dev/ptyq... OK. Not found.
[20:15:10] - File /dev/hda06... OK. Not found.
[20:15:10] - File /usr/info/libc1.so... OK. Not found.
[20:15:10] - Directory /usr/man/man3/...... OK. Not found.
[20:15:10] - Directory /usr/man/man3/.../lsniff... OK. Not found.
[20:15:10] - Directory /usr/man/man3/.../TeLeKiT... OK. Not found.
[20:15:11] *** Start scan T0rn Rootkit ***
[20:15:11] - File /dev/.lib/lib/lib/t0rns... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/du... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/ls... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/t0rnsb... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/ps... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/t0rnp... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/find... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/ifconfig... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/pg... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/ssh.tgz... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/top... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/sz... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/login... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/in.fingerd... OK. Not found.
[20:15:11] - File /dev/.lib/lib/lib/1i0n.sh... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/pstree... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/in.telnetd... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/mjy... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/sush... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/tfn... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/name... OK. Not found.
[20:15:12] - File /dev/.lib/lib/lib/getip.sh... OK. Not found.
[20:15:12] - File /usr/info/.torn/sh*... OK. Not found.
[20:15:12] - File /usr/src/.puta/... OK. Not found.
[20:15:12] - File /usr/src/.puta/.1addr... OK. Not found.
[20:15:12] - File /usr/src/.puta/.1file... OK. Not found.
[20:15:12] - File /usr/src/.puta/.1proc... OK. Not found.
[20:15:12] - File /usr/src/.puta/.1logz... OK. Not found.
[20:15:12] - File /usr/info/.t0rn/... OK. Not found.
[20:15:12] - Directory /dev/.lib/... OK. Not found.
[20:15:12] - Directory /dev/.lib/lib/... OK. Not found.
[20:15:12] - Directory /dev/.lib/lib/lib/... OK. Not found.
[20:15:12] - Directory /dev/.lib/lib/lib/dev/... OK. Not found.
[20:15:13] - Directory /dev/.lib/lib/scan/... OK. Not found.
[20:15:13] - Directory /usr/src/.puta/... OK. Not found.
[20:15:13] - Directory /usr/man/man1/man1/... OK. Not found.
[20:15:13] - Directory /usr/man/man1/man1/lib/... OK. Not found.
[20:15:13] - Directory /usr/man/man1/man1/lib/.lib/... OK. Not found.
[20:15:13] - Directory /usr/man/man1/man1/lib/.lib/.backup/... OK. Not found.
[20:15:14] *** Start scan Trojanit Kit ***
[20:15:14] - File /bin/.ls... OK. Not found.
[20:15:14] - File /bin/.ps... OK. Not found.
[20:15:14] - File /bin/.netstat... OK. Not found.
[20:15:14] - File /usr/bin/.nop... OK. Not found.
[20:15:15] - File /usr/bin/.who... OK. Not found.
[20:15:16] *** Start scan Tuxtendo ***
[20:15:16] - File /dev/tux/.addr... OK. Not found.
[20:15:16] - File /dev/tux/.cron... OK. Not found.
[20:15:16] - File /dev/tux/.file... OK. Not found.
[20:15:16] - File /dev/tux/.log... OK. Not found.
[20:15:16] - File /dev/tux/.proc... OK. Not found.
[20:15:16] - File /dev/tux/backup/crontab... OK. Not found.
[20:15:16] - File /dev/tux/backup/df... OK. Not found.
[20:15:16] - File /dev/tux/backup/dir... OK. Not found.
[20:15:16] - File /dev/tux/backup/find... OK. Not found.
[20:15:16] - File /dev/tux/backup/ifconfig... OK. Not found.
[20:15:16] - File /dev/tux/backup/locate... OK. Not found.
[20:15:16] - File /dev/tux/backup/netstat... OK. Not found.
[20:15:16] - File /dev/tux/backup/ps... OK. Not found.
[20:15:16] - File /dev/tux/backup/pstree... OK. Not found.
[20:15:17] - File /dev/tux/backup/syslogd... OK. Not found.
[20:15:17] - File /dev/tux/backup/tcpd... OK. Not found.
[20:15:17] - File /dev/tux/backup/top... OK. Not found.
[20:15:17] - File /dev/tux/backup/updatedb... OK. Not found.
[20:15:17] - File /dev/tux/backup/vdir... OK. Not found.
[20:15:17] - Directory /dev/tux... OK. Not found.
[20:15:17] - Directory /dev/tux/ssh2... OK. Not found.
[20:15:17] - Directory /dev/tux/backup... OK. Not found.
[20:15:17] *** Start scan URK ***
[20:15:17] - File /usr/man/man1/xxxxxxbin/find... OK. Not found.
[20:15:17] - File /usr/man/man1/xxxxxxbin/du... OK. Not found.
[20:15:17] - File /usr/man/man1/xxxxxxbin/ps... OK. Not found.
[20:15:18] - File /tmp/conf.inf... OK. Not found.
[20:15:18] - Directory /usr/man/man1/xxxxxxbin... OK. Not found.
[20:15:18] *** Start scan VcKit ***
[20:15:19] - Directory /usr/include/linux/modules/lib.so... OK. Not found.
[20:15:19] - Directory /usr/include/linux/modules/lib.so/bin... OK. Not found.
[20:15:19] *** Start scan Volc Rootkit ***
[20:15:20] - Directory /var/spool/.recent... OK. Not found.
[20:15:20] - Directory /var/spool/.recent/.files... OK. Not found.
[20:15:20] - Directory /usr/lib/volc... OK. Not found.
[20:15:20] - Directory /usr/lib/volc/backup... OK. Not found.
[20:15:22] *** Start scan X-Org SunOS Rootkit ***
[20:15:22] - File /usr/lib/libX.a/bin/tmpfl... OK. Not found.
[20:15:22] - File /usr/lib/libX.a/bin/rps... OK. Not found.
[20:15:22] - File /usr/bin/srload... OK. Not found.
[20:15:22] - File /usr/lib/libX.a/bin/sparcv7/rps... OK. Not found.
[20:15:22] - File /usr/sbin/modcheck... OK. Not found.
[20:15:22] - Directory /usr/lib/libX.a... OK. Not found.
[20:15:23] - Directory /usr/lib/libX.a/bin... OK. Not found.
[20:15:23] - Directory /usr/lib/libX.a/bin/sparcv7... OK. Not found.
[20:15:23] - Directory /usr/share/man...... OK. Not found.
[20:15:24] *** Start scan zaRwT.KiT Rootkit ***
[20:15:24] - File /dev/rd/s/sendmeil... OK. Not found.
[20:15:24] - File /dev/ttyf... OK. Not found.
[20:15:24] - File /dev/ttyp... OK. Not found.
[20:15:24] - File /dev/ttyn... OK. Not found.
[20:15:24] - File /rk/tulz... OK. Not found.
[20:15:24] - Directory /rk... OK. Not found.
[20:15:24] - Directory /dev/rd/s... OK. Not found.
[20:15:25] ------------------------------ Malware ------------------------------
[20:15:25] Start scan for common used known (and unknown) rootkit files...
[20:15:25] [Start string tests]
[20:15:26] /sbin/init clean (string: /dev/proc/fuckit)
[20:15:26] /sbin/init clean (string: FUCK)
[20:15:27] /sbin/init clean (string: backdoor)
[20:15:27] /bin/login clean (string: vt200)
[20:15:28] /bin/login clean (string: /usr/bin/xstat)
[20:15:28] /bin/login clean (string: /bin/envpc)
[20:15:29] /bin/login clean (string: l4m3r0x)
[20:15:30] /bin/login clean (string: /usr/lib/.tbd)
[20:15:30] /bin/ls clean (string: /dev/ptyxx/.file)
[20:15:30] /bin/ls clean (string: /dev/sgk)
[20:15:31] /bin/ls clean (string: /var/lock/subsys/...datafile...)
[20:15:31] /bin/ls clean (string: /usr/lib/.tbd)
[20:15:31] /bin/netstat clean (string: /dev/proc/fuckit)
[20:15:32] /bin/netstat clean (string: /lib/.sso)
[20:15:32] /bin/netstat clean (string: /var/lock/subsys/...datafile...)
[20:15:32] /bin/netstat clean (string: /dev/caca)
[20:15:33] /bin/netstat clean (string: /dev/ttyoa)
[20:15:33] /bin/netstat clean (string: syg)
[20:15:34] /bin/ps clean (string: /dev/pts/01)
[20:15:34] /bin/ps clean (string: tw33dl3)
[20:15:34] /bin/ps clean (string: psniff)
[20:15:35] /bin/ps clean (string: /var/lock/subsys/...datafile...)
[20:15:37] /usr/sbin/sshd clean (string: /dev/ptyxx)
[20:15:37] /usr/local/sbin/sshd clean (string: /dev/ptyxx)
[20:15:38] /sbin/syslogd clean (string: promiscuous)
[20:15:38] /sbin/syslogd clean (string: /usr/lib/.tbd)
[20:15:39] /usr/sbin/tcpd clean (string: /dev/xdta)
[20:15:40] /usr/bin/top clean (string: /usr/lib/.tbd)
[20:15:42] All files are OK
[20:15:42] [End string tests]
[20:15:43] Scanning for presence of /dev/sdr0 (file)... OK (not found)
[20:15:43] Scanning for presence of /tmp/.syshackfile (file)... OK (not found)
[20:15:43] Scanning for presence of /tmp/.bash_history (file)... OK (not found)
[20:15:44] Scanning for presence of /usr/info/.clib (file)... OK (not found)
[20:15:44] Scanning for presence of /usr/sbin/tcp.log (file)... OK (not found)
[20:15:44] Scanning for presence of /usr/bin/take/pid (file)... OK (not found)
[20:15:44] Scanning for presence of /sbin/create (file)... OK (not found)
[20:15:44] Scanning for presence of /dev/ttypz (file)... OK (not found)
[20:15:44] Scanning for presence of /usr/bin/take (dir)... OK (not found)
[20:15:45] Scanning for presence of /usr/src/.lib (dir)... OK (not found)
[20:15:45] Scanning for presence of /usr/share/man/man1/.1c (dir)... OK (not found)
[20:15:45] Scanning for presence of /lib/lblip.tk (dir)... OK (not found)
[20:15:46] Scanning for presence of /usr/sbin/... (dir)... OK (not found)
[20:15:46] Scanning for presence of /usr/share/.gun (dir)... OK (not found)
[20:15:46] -------------------------- Open files tests ---------------------------
[20:15:46] Scanning running processes... OK
[20:15:48] Scanned for 'backdoor|adore.so|mod_rootme.so|phide_mod.o|lbk.ko|vlogger.o|cleaner.o|mod_klgr.o|hydra|hydra.restore'
[20:15:48] ----------------------- Login backdoors check -------------------------
[20:15:49] Checking /usr/X11R6/bin/.,/copy/... [ OK ] Not found
[20:15:49] Checking /dev/rd... [ OK ] Not found
[20:15:49] Scanning for software related files and intrusions...
[20:15:50] Checking /usr/lib/libice.log... [ OK ] Not found
[20:15:55] Skipped xinetd tests (not Linux or file doesn't exists)
[20:15:59] Checking /usr/bin/netstat... Not found
[20:16:01] Checking /bin/ps... [ OK ]
[20:16:02] Checking /bin/ls... [ OK ]
[20:16:04] Checking /usr/bin/w... [ OK ]
[20:16:05] Checking /usr/bin/who... [ OK ]
[20:16:06] Checking /bin/netstat... [ OK ]
[20:16:06] Checking /usr/bin/netstat... Not found
[20:16:07] Checking /bin/login... [ OK ]
[20:16:08] --------------------------- File attributes ---------------------------
[20:16:08] Checking /usr/sbin file attributes
[20:16:19] Checking /usr/bin file attributes
[20:17:09] Checking /usr/local/bin file attributes
[20:17:11] Checking /usr/local/sbin file attributes
[20:17:11] Checking /bin file attributes
[20:17:15] Checking /sbin file attributes
[20:17:21] Checking /sw/bin file attributes
[20:17:21] Checking /usr/local/libexec file attributes
[20:17:21] Checking /usr/libexec file attributes
[20:17:21] ----------------------------- LKM modules -----------------------------
[20:17:22] ------------------------------- Backdoors -----------------------------
[20:17:28] Checking network interfaces (promiscuous mode)... [ OK ]
[20:17:28] Performed successful test with `ip`
[20:17:30] ---------------------------- System checks ----------------------------
[20:17:32] Checking for passwordless user accounts...
[20:17:47] ---------------------------- History files ----------------------------
[20:17:49] Start scanning for hidden files in /dev...
[20:17:49] Value of hiddendirs:
[20:17:49] End of scanning /dev
[20:17:49] Start scanning for hidden files in /bin...
[20:17:49] Value of hiddendirs:
[20:17:49] End of scanning /bin
[20:17:49] Start scanning for hidden files in /usr...
[20:17:49] Value of hiddendirs:
[20:17:49] End of scanning /usr
[20:17:49] Start scanning for hidden files in /usr/man...
[20:17:49] End of scanning /usr/man
[20:17:49] Start scanning for hidden files in /usr/man/man1...
[20:17:49] End of scanning /usr/man/man1
[20:17:49] Start scanning for hidden files in /usr/man/man8...
[20:17:49] End of scanning /usr/man/man8
[20:17:49] Start scanning for hidden files in /usr/bin...
[20:17:50] Value of hiddendirs:
[20:17:50] End of scanning /usr/bin
[20:17:50] Start scanning for hidden files in /usr/sbin...
[20:17:50] Value of hiddendirs:
[20:17:50] End of scanning /usr/sbin
[20:17:50] Start scanning for hidden files in /sbin...
[20:17:50] Value of hiddendirs:
[20:17:50] End of scanning /sbin
[20:17:50] Start scanning for hidden files in /etc...
[20:17:50] Value of hiddendirs: /etc/.pwd.lock
[20:17:50] End of scanning /etc
[20:17:50] Hidden file/dir /etc/.pwd.lock [empty] seems to be OK
[20:17:52] ------------------------ Application advisories -----------------------
[20:17:55] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgid.conf... OK
[20:17:55] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgid.load... OK
[20:17:55] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/userdir.conf... OK
[20:17:55] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/userdir.load... OK
[20:17:56] ---------------------- Application version check ----------------------
[20:17:58] ----------------------------------------------------------
[20:17:58] Scanning Exim%%MTA...
[20:17:58] Application not found
[20:17:58] ----------------------------------------------------------
[20:17:58] Scanning GnuPG...
[20:17:58] /usr/bin/gpg found
[20:17:59] Version 1.4.6 is available in non-vulnerable group and seems to be OK!
[20:17:59] ----------------------------------------------------------
[20:17:59] Scanning Apache...
[20:17:59] Application not found
[20:17:59] ----------------------------------------------------------
[20:18:00] Scanning Bind%%DNS...
[20:18:00] Debug:
[20:18:00] /usr/sbin/named found
[20:18:01] Version 9.2.4 is available in non-vulnerable group and seems to be OK!
[20:18:01] ----------------------------------------------------------
[20:18:01] Scanning OpenSSL...
[20:18:01] /usr/bin/openssl found
[20:18:03] Version 0.9.8c is available in non-vulnerable group and seems to be OK!
[20:18:04] ----------------------------------------------------------
[20:18:04] Scanning PHP...
[20:18:04] /usr/bin/php found
[20:18:05] No information available. Unknown version number
[20:18:06] ----------------------------------------------------------
[20:18:06] Scanning Procmail%%MTA...
[20:18:06] /usr/bin/procmail found
[20:18:07] Version 3.22 is available in non-vulnerable group and seems to be OK!
[20:18:08] ----------------------------------------------------------
[20:18:08] Scanning ProFTPd...
[20:18:08] /usr/sbin/proftpd found
[20:18:09] Version 1.2.10 is available in non-vulnerable group and seems to be OK!
[20:18:09] ----------------------------------------------------------
[20:18:09] Scanning OpenSSH...
[20:18:09] /usr/sbin/sshd found
[20:18:10] No information available. Unknown version number
[20:18:10] /usr/local/sbin/sshd found
[20:18:11] No information available. Unknown version number
[20:18:13] ------------------------- Security advisories -------------------------
[20:18:15] Info: Found 'PermitRootLogin no' or 'PermitRootLogin without-password' in SSH configuration file /etc/ssh/sshd_config
[20:18:23] Rootkits scanned for: 55808 Trojan - Variant A, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy's Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Kit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, MRK, Ni0 Rootkit, RootKit for SunOS / NSDAP, Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe's rootkit, RSHA's rootkit, Scalper Worm, Shutdown, SHV4, SHV5, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit Rootkit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, Tuxtendo, URK, VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit
[20:18:25] 0 vulnerable applications found
0
Réponse 14 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Affiche le résultat de 
ls -l /usr/bin/gib
0
Jean-Pierre
 
ls -l /usr/bin/gib
ls: /usr/bin/gib: Aucun fichier ou répertoire de ce type
0
Réponse 15 / 16
Jean-Pierre
 
ébé non c'est pas encore ça....

Mais bon, ça fait déjà quelques merdes de moins !
0
Réponse 16 / 16
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570
 
Re,

Toutefois le résultat de rkhunter semble satisfaisant 
[20:18:25] 0 vulnerable applications found

Peut être que tu dois configurer ton serveur ssh avec l'authentification par clé
0
Jean-Pierre
 
Ben la ... heuuu
Le serveur est loin, très loin...
Si je fais une grosse bourde en reconfigurant le serveur SSH, je n'ai plus du totu accès à la machine !
En plus, c'est un programme qui écrit des trucs dans un fichier, il faut trouve lequel et ou, reconfigurer avec un acces par clé, ça n'empechera pas le bidule d'intercepter le pass et de l'écrire...

Bon, pour le moment, je vais changer mon mot de passe, on verra ça demain...

Merci pour tout en tous cas !
0
lami20j Messages postés 21331 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 570 > Jean-Pierre
 
Re,

reconfigurer avec un acces par clé, ça n'empechera pas le bidule d'intercepter le pass et de l'écrire...

L'authentification par clé :
- une clé publique sur le serveur
- une clé privé sur le client
- une phrase d'authentification

Donc même s'il a la passphrase il ne pourra jamais se connecter puisqu'il lui manquera la clé privé qui est toujours sur la machine client.

Mais c'est vrai qu'il faut trouver quel programme écrit dans /dev/puila

0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses
Trojan Csrss.exe
stevenw -
stevenw -

4 réponses