F12 Rkhunter, Have I a rootkit? SOLVED
Frank Murphy (Frankly3D)
frankly3d at gmail.com
Tue Jan 5 17:46:32 UTC 2010
On 05/01/10 17:11, Kevin Fenzi wrote:
> On Tue, 05 Jan 2010 10:54:13 +0000
> "Frank Murphy (Frankly3D)" <frankly3d at gmail.com> wrote:
>
>> ---------------------- Start Rootkit Hunter Scan
>> ---------------------- Warning: Network TCP port 47107 is being used
>> by /usr/lib64/thunderbird-3.0/thunderbird-bin. Possible rootkit: T0rn
>> Use the 'lsof -i' or 'netstat -an' command to check this.
>>
>>
>> Results of lsof -i' and 'netstat -an'
>> http://fpaste.org/xOOO/
>
> This is a false positive.
>
> basically it saw that something was using port 47107, which is used by
> a known rootkit. It then printed a warning for you to check it.
>
> Likely thunderbird just happened to be using that tranisitory port when
> the check was run.
>
> If you re-run it now does it show ok?
>
> kevin
>
Just re-ran, showed no problems.
Thanks all.
--
Regards,
Frank Murphy
UTF_8 Encoded.
More information about the fedora-list
mailing list