Possible Rooktit (was Re: It Works fine)
Karl Larsen
k5di at zianet.com
Mon Dec 10 23:52:20 UTC 2007
Karl Larsen wrote:
> Steven Stern wrote:
>> Karl Larsen wrote:
>>> Jeff Krebs wrote:
>>>> * Karl Larsen (k5di at zianet.com) wrote:
>>>>
>>>>> After so many problems seen day after day it is nice I think to
>>>>> hear about a success.
>>>>>
>>>>> F8 was installed from a DVD and came right up with a video problem
>>>>> cuzz I have a Nvidia video card. Fixed in 5 minutes with Nvidia
>>>>> binary. Then audio problems and found pulse audio the problem. I
>>>>> was told to yum remove and I did and audio is fine again.
>>>>>
>>>>> I have had all the updates and they appear to be real Updates!
>>>>> So today December 10 2007 my F8 is working just fine. I have just
>>>>> one problem. I
>>>>
>>>> I will mark this down on my calendar, and ensure that it's engraved
>>>> in stone to pass down to historians. Such a feat was certainly
>>>> unthinkable :)
>>>>
>>>>
>>>>> seem to have a rootkit somewhere in the /home/karl/ directories. I
>>>>> have RTK and this afternoon I plan to find the thing, or discover
>>>>> I have no rootkit but rather another kind of problem.
>>>>>
>>>>> Karl
>>>>>
>>>>
>>>> How do you know that you have a root kit?
>>>>
>>>>
>>>> Jeff Krebs
>>>>
>>>>
>>> I really do not know Jeff. But often, while using Firefox I get
>>> an attack that puts a cross hatch screen on and removes the keyboard
>>> and mouse, and puts a single tone out the audio channels and only a
>>> hard reset will clear it.
>>>
>>> This is how I think a rootkit would work and so I got rkhunter
>>> and right now I am trying to get it to check /home but have not
>>> found out how to do this :-)
>>>
>>> Karl
>>>
>>>
>> The rootkits I've seen are very quiet. They survive by NOT doing
>> noticeable things. The quietly install servers or bots in obscure
>> corners of the system in hidden directories. What you have sounds
>> more like a cat playing in the wires under the desk. (I have personal
>> experience with that, too).
>>
>> What does chkrootkit show?
>>
>
> I don't have chkrootkit but what I have is hard to get working as I
> wanted to check /home. I can't seem to make that work. It did check
> /usr and found some "warning" but the FAQ says they do not mean anything.
>
> My cat stays out of my office, most of the time.
>
> Karl
>
I yummed chkrootkit and ran it and it found no rootkit so it is not
the problem.
So onward to other causes.
Karl
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
GPG DF28 8F18 94F8 D5C6 9E44 163F 7FD1 3D06 C325 DA40
More information about the fedora-list
mailing list