Security Basics mailing list archives
chkrootkit output question. Follow up #xxx
From: Al <omega0x () yahoo com>
Date: Tue, 02 Sep 2003 22:54:33 -0400
Hello world: 2003, Year of Hope !!! On Tuesday 02 September 2003 15:33, entmoot () gmx de wrote:
On Sat Aug 30 08:41PM, Al wrote:Can anyone help me to understand why I got this after running chkrootkit: ... Checking `env'... INFECTED ...chkrootkit thinks, your /usr/bin/env is infected by a trojan. Check this binary against a clean one, e.g. the one on your install cd. If chrootkit is right, you probably got owned. greets, andreas
Thank you all for your help but All I did Is just reformat my hard drives except /home and installed my gentto from scratch. I am still scared about my /home if anything was INFECTED. Hope not !!! All these happened just after replacing my firewall NetgearRT314 by linksys BEFSX41CA. Doing a "test ports " through grc.com: the result gave me a lot of ports closed and most of them are trojan ports. I replaced the linksys by my netgear RT314 after upgrading the firmware. grc.com gave me a full stealth and all ports are stealth. I may not configure well the firewall. My questions are: 1- if I was "owned by a trojan" which trojan ??? 2- How Can I make sure that my /home is safe. 3- How can I prevent being a victim again. Please note that I am just a newbie and I usually go with the easiest solutions. Please advise. Kind Regards, Al --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- chkrootkit output question. Follow up #xxx Al (Sep 03)