Possible Rooktit (was Re: It Works fine)

Karl Larsen k5di at zianet.com
Mon Dec 10 23:52:20 UTC 2007 

Karl Larsen wrote:
> Steven Stern wrote:
>> Karl Larsen wrote:
>>> Jeff Krebs wrote:
>>>> * Karl Larsen (k5di at zianet.com) wrote:
>>>>  
>>>>>    After so many problems seen day after day it is nice I think to 
>>>>> hear about a success.
>>>>>
>>>>> F8 was installed from a DVD and came right up with a video problem 
>>>>> cuzz I have a Nvidia video card. Fixed in 5 minutes with Nvidia 
>>>>> binary. Then audio problems and found pulse audio the problem. I 
>>>>> was told to yum remove and I did and audio is fine again.
>>>>>
>>>>>    I have had all the updates and they appear to be real Updates! 
>>>>> So today December 10 2007 my F8 is working just fine. I have just 
>>>>> one problem. I     
>>>>
>>>> I will mark this down on my calendar, and ensure that it's engraved 
>>>> in stone to pass down to historians.  Such a feat was certainly 
>>>> unthinkable :)
>>>>
>>>>  
>>>>> seem to have a rootkit somewhere in the /home/karl/ directories. I 
>>>>> have RTK and this afternoon I plan to find the thing, or discover 
>>>>> I have no rootkit but rather another kind of problem.
>>>>>
>>>>> Karl
>>>>>     
>>>>
>>>> How do you know that you have a root kit?
>>>>
>>>>
>>>> Jeff Krebs
>>>>
>>>>   
>>>    I really do not know Jeff. But often, while using Firefox I get 
>>> an attack that puts a cross hatch screen on and removes the keyboard 
>>> and mouse, and puts a single tone out the audio channels and only a 
>>> hard reset will clear it.
>>>
>>>    This is how I think a rootkit would work and so I got rkhunter 
>>> and right now I am trying to get it to check /home but have not 
>>> found out how to do this :-)
>>>
>>> Karl
>>>
>>>
>> The rootkits I've seen are very quiet. They survive by NOT doing 
>> noticeable things.  The quietly install servers or bots in obscure 
>> corners of the system in hidden directories.  What you have sounds 
>> more like a cat playing in the wires under the desk. (I have personal 
>> experience with that, too).
>>
>> What does chkrootkit show?
>>
>  
>    I don't have chkrootkit but what I have is hard to get working as I 
> wanted to check /home. I can't seem to make that work. It did check 
> /usr and found some "warning" but the FAQ says they do not mean anything.
>
>    My cat stays out of my office, most of the time.
>
> Karl
>
    I yummed chkrootkit and ran it and it found no rootkit so it is not 
the problem.


So onward to other causes.

Karl
 

-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
GPG DF28 8F18 94F8 D5C6 9E44  163F 7FD1 3D06 C325 DA40

More information about the fedora-list mailing list