-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 15 January 2004 16:31, Jason Montleon wrote: > I caught output of my virusscan stating that /sbin/ethtool was a trojan or Here's some info from my hopefully clean Fedora system: [agreen@fastcat agreen]$ md5sum /sbin/ethtool febe7cd9294fc766dfa4126298b9f7ec /sbin/ethtool [agreen@fastcat agreen]$ rpm -q ethtool ethtool-1.8-2.1 [agreen@fastcat agreen]$ ll /sbin/ethtool - -rwxr-xr-x 1 root root 83684 Sep 5 21:14 /sbin/ethtool A way forward would be to use scp FROM ANOTHER MACHINE to snarf the evil ethtool. Don't scp it from your suspect machine to the other machine, or you may give someone your password to the other machine. Then run md5sum on it from the other machine and see what you see. The concept is that md5sum on your local machine may have been rootkitted along with ethtool. But most likely it is just a random binary match... or maybe on code to put the network interface into promiscuous or something. - -Andy - -- Find your answer without waiting for replies.... Searchable list archives at http://marc.theaimsgroup.com/?l=fedora-list&r=1&w=2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFABsrsjKeDCxMJCTIRAlcJAJ9znK5DetXkGCglXz/J/rMLKhohTwCfRTI3 nD4HX/jrsK5NeYmMr4GDamA= =WAkb -----END PGP SIGNATURE-----
