F12 Rkhunter, Have I a rootkit? SOLVED

Frank Murphy (Frankly3D) frankly3d at gmail.com
Tue Jan 5 17:46:32 UTC 2010


On 05/01/10 17:11, Kevin Fenzi wrote:
> On Tue, 05 Jan 2010 10:54:13 +0000
> "Frank Murphy (Frankly3D)" <frankly3d at gmail.com> wrote:
> 
>> ---------------------- Start Rootkit Hunter Scan
>> ---------------------- Warning: Network TCP port 47107 is being used
>> by /usr/lib64/thunderbird-3.0/thunderbird-bin. Possible rootkit: T0rn
>>          Use the 'lsof -i' or 'netstat -an' command to check this.
>>
>>
>> Results of lsof -i' and 'netstat -an'
>> http://fpaste.org/xOOO/
> 
> This is a false positive. 
> 
> basically it saw that something was using port 47107, which is used by
> a known rootkit. It then printed a warning for you to check it. 
> 
> Likely thunderbird just happened to be using that tranisitory port when
> the check was run. 
> 
> If you re-run it now does it show ok?
> 
> kevin
> 

Just re-ran, showed no problems.
Thanks all.


-- 
Regards,

Frank Murphy
UTF_8 Encoded.




More information about the fedora-list mailing list