Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

strange output from chkrootkit
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Dralnu
Veteran
Veteran


Joined: 24 May 2006
Posts: 1919
PostPosted: Thu Feb 05, 2009 1:35 am    Post subject: strange output from chkrootkit Reply with quote
http://dpaste.com/116764

the suspect PHP files section at the start. I havn't been able to find a file like that, and when running chkrootkit under expert mode, I wasn't able to find a path to this file.

How could I find out where this is coming from?
_________________
The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
Back to top
View user's profile Send private message
yabbadabbadont
Advocate
Advocate


Joined: 14 Mar 2003
Posts: 4791
Location: 2 exits past crazy
PostPosted: Thu Feb 05, 2009 3:46 am    Post subject: Reply with quote
Boot a live cd that has chkrootkit and run it from there. If it is possible to check the non-running system that is... I've never tried it.
Back to top
View user's profile Send private message
Mistwolf
Apprentice
Apprentice


Joined: 07 Mar 2007
Posts: 189
Location: Edmonton, AB
PostPosted: Thu Feb 05, 2009 5:17 am    Post subject: Reply with quote
You mean the line that starts with "GIF87a"? That is the beginning string for a GIF file. All the "junk" after that is the ascii representation of an image.
Back to top
View user's profile Send private message
Dralnu
Veteran
Veteran


Joined: 24 May 2006
Posts: 1919
PostPosted: Thu Feb 05, 2009 7:22 pm    Post subject: Reply with quote
Mistwolf wrote:
You mean the line that starts with "GIF87a"? That is the beginning string for a GIF file. All the "junk" after that is the ascii representation of an image.

Any idea on how to track it down, and why chkrootkit would think it is a suspect PHP file?
_________________
The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
Back to top
View user's profile Send private message
Dralnu
Veteran
Veteran


Joined: 24 May 2006
Posts: 1919
PostPosted: Thu Feb 05, 2009 7:22 pm    Post subject: Reply with quote
yabbadabbadont wrote:
Boot a live cd that has chkrootkit and run it from there. If it is possible to check the non-running system that is... I've never tried it.
I'll have to do that. Thanks
_________________
The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy