Re: Possible Rooktit (was Re: It Works fine)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Steven Stern wrote:
Karl Larsen wrote:
Jeff Krebs wrote:
* Karl Larsen (k5di@xxxxxxxxxx) wrote:
After so many problems seen day after day it is nice I think to hear about a success.

F8 was installed from a DVD and came right up with a video problem cuzz I have a Nvidia video card. Fixed in 5 minutes with Nvidia binary. Then audio problems and found pulse audio the problem. I was told to yum remove and I did and audio is fine again.

I have had all the updates and they appear to be real Updates! So today December 10 2007 my F8 is working just fine. I have just one problem. I

I will mark this down on my calendar, and ensure that it's engraved in stone to pass down to historians. Such a feat was certainly unthinkable :)

seem to have a rootkit somewhere in the /home/karl/ directories. I have RTK and this afternoon I plan to find the thing, or discover I have no rootkit but rather another kind of problem.

Karl

How do you know that you have a root kit?


Jeff Krebs

I really do not know Jeff. But often, while using Firefox I get an attack that puts a cross hatch screen on and removes the keyboard and mouse, and puts a single tone out the audio channels and only a hard reset will clear it.

This is how I think a rootkit would work and so I got rkhunter and right now I am trying to get it to check /home but have not found out how to do this :-)

Karl


The rootkits I've seen are very quiet. They survive by NOT doing noticeable things. The quietly install servers or bots in obscure corners of the system in hidden directories. What you have sounds more like a cat playing in the wires under the desk. (I have personal experience with that, too).

What does chkrootkit show?

I don't have chkrootkit but what I have is hard to get working as I wanted to check /home. I can't seem to make that work. It did check /usr and found some "warning" but the FAQ says they do not mean anything.

   My cat stays out of my office, most of the time.

Karl

--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
GPG DF28 8F18 94F8 D5C6 9E44  163F 7FD1 3D06 C325 DA40


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux