Are there any good services or ways to scan for rootkits and backdoors? I know there are rkhunter and chkrootkit but are they even ideal anymore? They never seem updated and look more like they were good in the early 2000’s Answer I don’t know how often OSSEC updates their rootkit detection but I know … Read more
This question already has answers here: Closed 9 years ago. Possible Duplicate: My server’s been hacked EMERGENCY Windows 2000 Server. I believe I have a rootkit. But, nothing will remove it. I’ve tried everything. Even tools that are merely for scanning fail or bsod the computer. Since nothing works, I wanted to try and do … Read more
Closed. This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 5 years ago. Improve this question I have a server with Arch Linux installed and for some reason, it gets infected … Read more
This question already has answers here: Closed 9 years ago. Possible Duplicate: My server’s been hacked EMERGENCY My Linux machine has been hacked lately. There are a few entires in /etc/inittab below the #end of /etc/inittab Something like: #Loading standard ttys 0:2345:once:/usr/sbin/ttyload I also have serveral of the following lines: 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 . … Read more
I have a base new install of windows 7, and when I went to look for something else I saw the attached netstat output. What concerns me is that this is Windows + Truecrypt + drivers, nothing else installed. The sequential high ranged ports belonging to several different seemingly not out of place services seemed … Read more
Sorry about the long post but please bear with me. I’m wondering if my system has been compromised. I’ve had issues in the past on this VM server with a Linux.BackDoor.Gates.5 Trojan that was DDoSing other servers. I have multiple backups of the VM at different points in time and have been trying to figure … Read more
I am using chkrootkit 0.53 on my ubuntu dekstop 18.04 When I was doing scan with ` ./chkrootkit -p /folder it give me error chkrootkit: can’t find ‘awk’ . Could anyone help? Thank you Answer AttributionSource : Link , Question Author : rosada , Answer Author : Community
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for … Read more
This question already has answers here: Closed 9 years ago. Possible Duplicate: My server’s been hacked EMERGENCY Which package does the file /lib/libsh.so belong to? I need to replace it since it was infected. Same for /etc/sh.conf. For now I have moved it to /temp/libsh.so.infected. Can I just delete it? Edit 1: I just found … Read more
AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives? Answer Can’t comment on whether these “are still effective”, but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website: Linux Malware Detect … Read more
