ovvio (rotfl) il mio era un discorso più generico, non nel caso specifico, in cui il virus sta tra la sedia e la tastieralihin ha scritto: Sarà, ma un attaccante che ti installa PortSentry non l'avevo mai visto...
[Risolto] sono infetto? e ora che faccio?
- filo1234
- Rampante Reduce
- Messaggi: 6172
- Iscrizione: lunedì 26 febbraio 2007, 21:10
- Località: Cagliari
Re: sono infetto? e ora che faccio?
Re: sono infetto? e ora che faccio?
Comunque, ci siamo passati tutti... sapessi quanta roba inutile ho installato a suo tempo, e ancora mi capita...
Divertiti a sperimentare!
Re: sono infetto? e ora che faccio?
Il problema è quando si comincia a mettere a rischio il sistema installando strumenti di protezione che non servono...lihin ha scritto: @paperinik0
Comunque, ci siamo passati tutti... sapessi quanta roba inutile ho installato a suo tempo, e ancora mi capita...
Divertiti a sperimentare!
Se non fa da router/firewall/servermail per windows, a che gli servono tutte quelle misure di protezione e il server dhcp?
Oppure a che gli serve l'accesso remoto da root quando magari ha la macchina a pochi metri con tanto di monitor collegato?
La cosa più assurda è fare una scansione che rileva la roba che l'amministratore ha installato e pensare che si è infetti.
Oppure chiedere aiuto e non sapere se una cosa è arrivata come dipendenza di altra roba oppure se l'ha installata un eventuale cattivone che ha violato il pc.
-
- Prode Principiante
- Messaggi: 9
- Iscrizione: giovedì 28 luglio 2011, 0:09
Re: sono infetto? e ora che faccio?
adesso come va? che sono quei warning? quel suspicious file?e quel processo nascosto?
Codice: Seleziona tutto
rkhunter -c
[ Rootkit Hunter version 1.3.6 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/less [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/dash [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/elinks [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/links [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/lynx [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pgrep [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/sha224sum [ OK ]
/usr/bin/sha256sum [ OK ]
/usr/bin/sha384sum [ OK ]
/usr/bin/sha512sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/mawk [ OK ]
/usr/bin/lwp-request [ OK ]
/usr/bin/lynx.cur [ OK ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/w.procps [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide-linux26 [ OK ]
[Press <ENTER> to continue]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fu Rootkit [ Not found ]
f**k`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
iLLogiC Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
'Spanish' Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]
[Press <ENTER> to continue]
Checking the network...
Performing check for backdoor ports
Checking for TCP port 1524 [ Not found ]
Checking for TCP port 1984 [ Not found ]
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 6666 [ Not found ]
Checking for TCP port 6667 [ Not found ]
Checking for TCP port 6668 [ Not found ]
Checking for TCP port 6669 [ Not found ]
Checking for TCP port 7000 [ Not found ]
Checking for TCP port 13000 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 25000 [ Not found ]
Checking for TCP port 29812 [ Not found ]
Checking for TCP port 31337 [ Not found ]
Checking for TCP port 33369 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 47018 [ Not found ]
Checking for TCP port 60922 [ Not found ]
Checking for TCP port 62883 [ Not found ]
Checking for TCP port 65535 [ Not found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
[Press <ENTER> to continue]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ None found ]
Performing system configuration file checks
Checking for SSH configuration file [ Not found ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]
[Press <ENTER> to continue]
System checks summary
=====================
File properties checks...
Files checked: 136
Suspect files: 0
Rootkit checks...
Rootkits checked : 242
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 1 minute and 14 seconds
All results have been written to the log file (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/pymodules/python2.6/.path /usr/lib/firefox-3.6.18/.autoreg /usr/lib/xulrunner-1.9.2.18/.autoreg
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
usb0: PACKET SNIFFER(/sbin/dhclient3[2058])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user ******** deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
Checking `chkutmp'... chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
unhide brute
Unhide 20100201
http://www.security-projects.com/?Unhide
[*]Starting scanning using brute force against PIDS with fork()
[*]Starting scanning using brute force against PIDS with Threads
unhide sys
Unhide 20100201
http://www.security-projects.com/?Unhide
[*]Searching for Hidden processes through kill(..,0) scanning
[*]Searching for Hidden processes through comparison of results of system calls
[*]Searching for Hidden processes through getpriority() scanning
[*]Searching for Hidden processes through getpgid() scanning
[*]Searching for Hidden processes through getsid() scanning
[*]Searching for Hidden processes through sched_getaffinity() scanning
[*]Searching for Hidden processes through sched_getparam() scanning
[*]Searching for Hidden processes through sched_getscheduler() scanning
[*]Searching for Hidden processes through sched_rr_get_interval() scanning
[*]Searching for Hidden processes through sysinfo() scanning
HIDDEN Processes Found: 1
unhide proc
Unhide 20100201
http://www.security-projects.com/?Unhide
[*]Searching for Hidden processes through /proc scanning
unhide-tcp
Unhide 20100201
http://www.security-projects.com/?Unhide
Starting TCP checking
Starting UDP checking
Codice: Seleziona tutto
sudo netstat -tulnp
Connessioni internet attive (solo server)
Proto Recv-Q Send-Q Indirizzo locale Indirizzo esterno Stato PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1282/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 19044/exim4
tcp6 0 0 ::1:631 :::* LISTEN 1282/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 19044/exim4
udp 0 0 0.0.0.0:68 0.0.0.0:* 2058/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1253/avahi-daemon:
udp 0 0 0.0.0.0:50924 0.0.0.0:* 1253/avahi-daemon:
udp6 0 0 :::5353 :::* 1253/avahi-daemon:
udp6 0 0 :::46689 :::* 1253/avahi-daemon:
PS. domanda? come si fa a passare per una macchina tramite proxy,vpn,ecc senza lasciare traccia o meglio se passo per una macchina tramite proxy,vpn,ecc posso farlo senza che se ne accorga l'amministratore della macchina? grazie.
Re: sono infetto? e ora che faccio?
Basta un punto davanti un file o una cartella perché lo veda come sospetto.paperinik0 ha scritto: quante grasse risate che vi stiete fatti eh? (rotfl) (rotfl)
adesso come va? che sono quei warning? quel suspicious file?e quel processo nascosto?Codice: Seleziona tutto
rkhunter -c [ Rootkit Hunter version 1.3.6 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/cp [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/fuser [ OK ] /bin/grep [ OK ] /bin/ip [ OK ] /bin/kill [ OK ] /bin/less [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/lsmod [ OK ] /bin/mktemp [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/mv [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/readlink [ OK ] /bin/sed [ OK ] /bin/sh [ OK ] /bin/su [ OK ] /bin/touch [ OK ] /bin/uname [ OK ] /bin/which [ OK ] /bin/dash [ OK ] /usr/bin/awk [ OK ] /usr/bin/basename [ OK ] /usr/bin/chattr [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/dpkg [ OK ] /usr/bin/dpkg-query [ OK ] /usr/bin/du [ OK ] /usr/bin/elinks [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/GET [ OK ] /usr/bin/groups [ OK ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/ldd [ OK ] /usr/bin/less [ OK ] /usr/bin/links [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/lsof [ OK ] /usr/bin/lynx [ OK ] /usr/bin/mail [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/mlocate [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ OK ] /usr/bin/pgrep [ OK ] /usr/bin/pstree [ OK ] /usr/bin/rkhunter [ OK ] /usr/bin/runcon [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/sha224sum [ OK ] /usr/bin/sha256sum [ OK ] /usr/bin/sha384sum [ OK ] /usr/bin/sha512sum [ OK ] /usr/bin/size [ OK ] /usr/bin/sort [ OK ] /usr/bin/stat [ OK ] /usr/bin/strace [ OK ] /usr/bin/strings [ OK ] /usr/bin/sudo [ OK ] /usr/bin/tail [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/touch [ OK ] /usr/bin/tr [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ OK ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/mawk [ OK ] /usr/bin/lwp-request [ OK ] /usr/bin/lynx.cur [ OK ] /usr/bin/bsd-mailx [ OK ] /usr/bin/w.procps [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ OK ] /sbin/ifup [ OK ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/cron [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/nologin [ OK ] /usr/sbin/pwck [ OK ] /usr/sbin/rsyslogd [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/useradd [ OK ] /usr/sbin/userdel [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/unhide-linux26 [ OK ] [Press <ENTER> to continue] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] Adore Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] cb Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Not found ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] FreeBSD Rootkit [ Not found ] Fu Rootkit [ Not found ] f**k`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] iLLogiC Rootkit [ Not found ] IntoXonia-NG Rootkit [ Not found ] Irix Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] ld-linuxv.so Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx2 Rootkit [ Not found ] Phalanx2 Rootkit (extended tests) [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] 'Spanish' Rootkit [ Not found ] Suckit Rootkit [ Not found ] SunOS Rootkit [ Not found ] SunOS / NSDAP Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] T0rn Rootkit [ Not found ] trNkit Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] Vampire Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] Xzibit Rootkit [ Not found ] X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Performing Linux specific checks Checking loaded kernel modules [ OK ] Checking kernel module names [ OK ] [Press <ENTER> to continue] Checking the network... Performing check for backdoor ports Checking for TCP port 1524 [ Not found ] Checking for TCP port 1984 [ Not found ] Checking for UDP port 2001 [ Not found ] Checking for TCP port 2006 [ Not found ] Checking for TCP port 2128 [ Not found ] Checking for TCP port 6666 [ Not found ] Checking for TCP port 6667 [ Not found ] Checking for TCP port 6668 [ Not found ] Checking for TCP port 6669 [ Not found ] Checking for TCP port 7000 [ Not found ] Checking for TCP port 13000 [ Not found ] Checking for TCP port 14856 [ Not found ] Checking for TCP port 25000 [ Not found ] Checking for TCP port 29812 [ Not found ] Checking for TCP port 31337 [ Not found ] Checking for TCP port 33369 [ Not found ] Checking for TCP port 47107 [ Not found ] Checking for TCP port 47018 [ Not found ] Checking for TCP port 60922 [ Not found ] Checking for TCP port 62883 [ Not found ] Checking for TCP port 65535 [ Not found ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] [Press <ENTER> to continue] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for system startup files [ Found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ None found ] Performing system configuration file checks Checking for SSH configuration file [ Not found ] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ Warning ] Checking for hidden files and directories [ Warning ] [Press <ENTER> to continue] System checks summary ===================== File properties checks... Files checked: 136 Suspect files: 0 Rootkit checks... Rootkits checked : 242 Possible rootkits: 0 Applications checks... All checks skipped The system checks took: 1 minute and 14 seconds All results have been written to the log file (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) chkrootkit ROOTDIR is `/' Checking `amd'... not found Checking `basename'... not infected Checking `biff'... not found Checking `chfn'... not infected Checking `chsh'... not infected Checking `cron'... not infected Checking `crontab'... not infected Checking `date'... not infected Checking `du'... not infected Checking `dirname'... not infected Checking `echo'... not infected Checking `egrep'... not infected Checking `env'... not infected Checking `find'... not infected Checking `fingerd'... not found Checking `gpm'... not found Checking `grep'... not infected Checking `hdparm'... not infected Checking `su'... not infected Checking `ifconfig'... not infected Checking `inetd'... not infected Checking `inetdconf'... not found Checking `identd'... not found Checking `init'... not infected Checking `killall'... not infected Checking `ldsopreload'... not infected Checking `login'... not infected Checking `ls'... not infected Checking `lsof'... not infected Checking `mail'... not infected Checking `mingetty'... not found Checking `netstat'... not infected Checking `named'... not found Checking `passwd'... not infected Checking `pidof'... not infected Checking `pop2'... not found Checking `pop3'... not found Checking `ps'... not infected Checking `pstree'... not infected Checking `rpcinfo'... not infected Checking `rlogind'... not found Checking `rshd'... not found Checking `slogin'... not infected Checking `sendmail'... not infected Checking `sshd'... not found Checking `syslogd'... not tested Checking `tar'... not infected Checking `tcpd'... not infected Checking `tcpdump'... not infected Checking `top'... not infected Checking `telnetd'... not found Checking `timed'... not found Checking `traceroute'... not found Checking `vdir'... not infected Checking `w'... not infected Checking `write'... not infected Checking `aliens'... no suspect files Searching for sniffer's logs, it may take a while... nothing found Searching for rootkit HiDrootkit's default files... nothing found Searching for rootkit t0rn's default files... nothing found Searching for t0rn's v8 defaults... nothing found Searching for rootkit Lion's default files... nothing found Searching for rootkit RSHA's default files... nothing found Searching for rootkit RH-Sharpe's default files... nothing found Searching for Ambient's rootkit (ark) default files and dirs... nothing found Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/firefox-3.6.18/.autoreg /usr/lib/xulrunner-1.9.2.18/.autoreg Searching for LPD Worm files and dirs... nothing found Searching for Ramen Worm files and dirs... nothing found Searching for Maniac files and dirs... nothing found Searching for RK17 files and dirs... nothing found Searching for Ducoci rootkit... nothing found Searching for Adore Worm... nothing found Searching for ShitC Worm... nothing found Searching for Omega Worm... nothing found Searching for Sadmind/IIS Worm... nothing found Searching for MonKit... nothing found Searching for Showtee... nothing found Searching for OpticKit... nothing found Searching for T.R.K... nothing found Searching for Mithra... nothing found Searching for LOC rootkit... nothing found Searching for Romanian rootkit... nothing found Searching for Suckit rootkit... nothing found Searching for Volc rootkit... nothing found Searching for Gold2 rootkit... nothing found Searching for TC2 Worm default files and dirs... nothing found Searching for Anonoying rootkit default files and dirs... nothing found Searching for ZK rootkit default files and dirs... nothing found Searching for ShKit rootkit default files and dirs... nothing found Searching for AjaKit rootkit default files and dirs... nothing found Searching for zaRwT rootkit default files and dirs... nothing found Searching for Madalin rootkit default files... nothing found Searching for Fu rootkit default files... nothing found Searching for ESRK rootkit default files... nothing found Searching for rootedoor... nothing found Searching for ENYELKM rootkit default files... nothing found Searching for common ssh-scanners default files... nothing found Searching for suspect PHP files... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... chkproc: nothing detected chkdirs: nothing detected Checking `rexedcs'... not found Checking `sniffer'... lo: not promisc and no packet sniffer sockets usb0: PACKET SNIFFER(/sbin/dhclient3[2058]) Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... user ******** deleted or never logged from lastlog! user root deleted or never logged from lastlog! Checking `chkutmp'... chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected unhide brute Unhide 20100201 http://www.security-projects.com/?Unhide [*]Starting scanning using brute force against PIDS with fork() [*]Starting scanning using brute force against PIDS with Threads unhide sys Unhide 20100201 http://www.security-projects.com/?Unhide [*]Searching for Hidden processes through kill(..,0) scanning [*]Searching for Hidden processes through comparison of results of system calls [*]Searching for Hidden processes through getpriority() scanning [*]Searching for Hidden processes through getpgid() scanning [*]Searching for Hidden processes through getsid() scanning [*]Searching for Hidden processes through sched_getaffinity() scanning [*]Searching for Hidden processes through sched_getparam() scanning [*]Searching for Hidden processes through sched_getscheduler() scanning [*]Searching for Hidden processes through sched_rr_get_interval() scanning [*]Searching for Hidden processes through sysinfo() scanning HIDDEN Processes Found: 1 unhide proc Unhide 20100201 http://www.security-projects.com/?Unhide [*]Searching for Hidden processes through /proc scanning unhide-tcp Unhide 20100201 http://www.security-projects.com/?Unhide Starting TCP checking Starting UDP checking
Ora a memoria pure la cartella java (non parlo di quella in $HOME) la vede come sospetta (perché ha il punto davanti).
La situazione mi sembra del tutto normale ora.
Ti ha beccato i soliti falsi positivi, dhcpclient e zeroconf, oltre alle normali cose nascoste.
Nel log del programma dovresti vedere meglio.
Il file /usr/lib/xulrunner-1.9.2.18/.autoreg che ti ha rilevato non è presente sulla mia macchina, quindi controlla in giro cosa è.
Edit:
Ho inviato un messaggio e ne è partito un'altro, sarò sotto attacco?
-
- Prode Principiante
- Messaggi: 9
- Iscrizione: giovedì 28 luglio 2011, 0:09
Re: sono infetto? e ora che faccio?
/var/log/rkhunter.log l'editor di testo non lo legge devo provare con notepad vabbè,
l'altro ha a che fare con mozilla ma è vuoto, controllo cmq grazie.
- harrykar
- Entusiasta Emergente
- Messaggi: 1151
- Iscrizione: giovedì 29 gennaio 2009, 19:43
- Desktop: /bin/ksh; /bin/sh; gnome
- Distribuzione: OpenBSD ; Debian ; Lucid10.4 86_64
- Località: World Wide :)
- Contatti:
Re: sono infetto? e ora che faccio?
su Win sono pochi quelli che sanno mettere mani su registry ;Dpaperinik0 ha scritto: cmq non è bello sapere che quando c'è qualcosa che non va bisogna formattare tutto (bad)
almeno con windows sapevo dove mettere le mani e c'erano un sacco di guide disponibili.
AFAIK c' è un infinita serie di articoli guide ecc su ubuntu dato che è la distro Linux che va per la maggiore l' unica cosa che si deve veramente saper usar è il motore di ricerca :).sarà quasi un anno che uso ubuntu e ho capito solo l'1% forse... certo, non ho tutte queste grandi capacità e neppure troppe pretese di capire tutto però mi aspettavo di meglio! (ot)
Per la capacità come per Win e ogni cosa nuova datti un po di tempo(pieno). In quest' anno l' avrai forse usato sporadicamente. Se lo usi come unico sistema (e non una tantum magari avendolo in dualboot) 1 anno credo sia più che sufficiente
- harrykar
- Entusiasta Emergente
- Messaggi: 1151
- Iscrizione: giovedì 29 gennaio 2009, 19:43
- Desktop: /bin/ksh; /bin/sh; gnome
- Distribuzione: OpenBSD ; Debian ; Lucid10.4 86_64
- Località: World Wide :)
- Contatti:
Re: sono infetto? e ora che faccio?
paperinik0 ha scritto: GRAZIE mille ;D
/var/log/rkhunter.log l'editor di testo non lo legge devo provare con notepad vabbè,
ERESIA : Impossibile che un OS *nix like fondamentalmente orientato al testo( X, Gnome, KDE, ecc sono venuti solo dopo) non sia capace leggere un file testo asciie cercare di leggerlo con notepad(che fa parte di un sistema Win --Gui oriented--). (rotfl)
A parte lo scherzo ritornando a noi(a proposito consiglio caldamente il testo di Giacomini e/o Piccardi) la directory /var è privilegiata e non può essere acceduta da chiunque(ecco perchè non ti ha lasciato leggerlo devi avere privilegi di root per farlo. Quindi devi precedere sudo al tuo cmd e dare la tua password di login).
Per accedere a quel file col' editor Dai:
Codice: Seleziona tutto
sudo gedit /var/log/rkhunter.log
sarebbe utile in alcuni casi(compreso l' uso di rkhunter) disporre del cmd apt-file(non installato di default) che datogli un file ricerca il package a cui appartiene:l'altro ha a che fare con mozilla ma è vuoto, controllo cmq grazie.
Codice: Seleziona tutto
$ sudo apt-get install apt-file
Codice: Seleziona tutto
$ sudo apt-file update
Codice: Seleziona tutto
$ sudo apt-file search lwp-request
libwww-perl: /usr/bin/lwp-request
libwww-perl: /usr/share/man/man1/lwp-request.1p.gz
PS:
1. dpkg -S è simile al apt-file ma fallisce per i file configurazione e i file in /var (dato che in questo caso i file in /var si hanno dopo l' estrazione del pacchetto)
2. Prima ancora di installarlo un occhiata circa l' uso rkh può far solo bene.
Re: [Risolto] sono infetto? e ora che faccio?
- harrykar
- Entusiasta Emergente
- Messaggi: 1151
- Iscrizione: giovedì 29 gennaio 2009, 19:43
- Desktop: /bin/ksh; /bin/sh; gnome
- Distribuzione: OpenBSD ; Debian ; Lucid10.4 86_64
- Località: World Wide :)
- Contatti:
Re: [Risolto] sono infetto? e ora che faccio?
Un osservazione che non fa una piega --anche per chkrootkit--. Personalmente non ho incontrato un rootkit malgrado utilizzi unix dall' inizio degli anni 90. Quindi non saprei l' utilità effettiva di tutti questi strumenti. Cmq fra l' esserci o meno meglio il primo.Orko Khan ha scritto: per installare rkhunter hai installato exim4, in pratica hai peggiorato la sicurezza del sistema introducendo un servizio inutile. ::)
A parte ciò se qualcuno si chiede dopo un :
Codice: Seleziona tutto
sudo netstat -pan --ip
Codice: Seleziona tutto
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1581/exim4
per controllare la configuraz.
Codice: Seleziona tutto
sudo dpkg-reconfigure exim4-config
sudo dpkg-reconfigure rkhunter
sudo dpkg-reconfigure chkrootkit
Re: [Risolto] sono infetto? e ora che faccio?
Com'è la situazione del mio pc??
vi posto netstat -tulnp
Codice: Seleziona tutto
Connessioni internet attive (solo server)
Proto Recv-Q Send-Q Indirizzo locale Indirizzo esterno Stato PID/Program name
tcp 0 0 127.0.0.1:44867 0.0.0.0:* LISTEN 1930/beam.smp
tcp 0 0 127.0.0.1:7634 0.0.0.0:* LISTEN 1290/hddtemp
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1337/cupsd
tcp6 0 0 ::1:631 :::* LISTEN 1337/cupsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1070/avahi-daemon:
udp 0 0 0.0.0.0:35306 0.0.0.0:* 1070/avahi-daemon:
udp 0 0 10.0.0.3:123 0.0.0.0:* 1797/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1797/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1797/ntpd
udp6 0 0 fe80::226:2dff:fe91:123 :::* 1797/ntpd
udp6 0 0 ::1:123 :::* 1797/ntpd
udp6 0 0 :::123
Perchè tutte quelle righe riguardo la sincronizzazione dell'ora???
Grazie (b2b)
-
- Rampante Reduce
- Messaggi: 7453
- Iscrizione: lunedì 2 novembre 2009, 15:29
- Desktop: Gnome 2.30.2
- Distribuzione: Debian Squeeze
- Località: Augusta Taurinorum
Re: [Risolto] sono infetto? e ora che faccio?
Ciao
- harrykar
- Entusiasta Emergente
- Messaggi: 1151
- Iscrizione: giovedì 29 gennaio 2009, 19:43
- Desktop: /bin/ksh; /bin/sh; gnome
- Distribuzione: OpenBSD ; Debian ; Lucid10.4 86_64
- Località: World Wide :)
- Contatti:
Re: [Risolto] sono infetto? e ora che faccio?
non lo conoscevo(mai usato). Grazie per la segnalaz. ;-)Carlin0 ha scritto: A chiunque avesse il dubbio o volesse verificare che il proprio PC non faccia connessioni strane e/o non autorizzate , peggio ancora sconosciute , consiglio l'installazione di un simpatico programmino con tanto di gui che si chiama etherape (da utilizzare As root) .
Ciao :)
PS:
1. peccato che chi ha Lucid nel fare il build(dell' ultima release) otterrà un "No package 'libgnomeui-2.0' found" .
Vuol dire che il build si fa in Natty con GNOME3 ;). Appena fatto metto in share il .deb :)
2. ecco il binario (per arch amd64) con relativo checksum
Codice: Seleziona tutto
$ md5sum etherape_0.9.12-1_amd64.deb
c54fec1488a0ba2428b795d07babc500 etherape_0.9.12-1_amd64.deb(1.7 MB)
- harrykar
- Entusiasta Emergente
- Messaggi: 1151
- Iscrizione: giovedì 29 gennaio 2009, 19:43
- Desktop: /bin/ksh; /bin/sh; gnome
- Distribuzione: OpenBSD ; Debian ; Lucid10.4 86_64
- Località: World Wide :)
- Contatti:
Re: [Risolto] sono infetto? e ora che faccio?
Niente di chè.●●●●●●● ha scritto: Scusate se ne approfitto . . .
Com'è la situazione del mio pc??
vi posto netstat -tulnpOk per cups e hddtemp, ma gli altri (avahi e beam.smp) cosa sono??Codice: Seleziona tutto
Connessioni internet attive (solo server) Proto Recv-Q Send-Q Indirizzo locale Indirizzo esterno Stato PID/Program name tcp 0 0 127.0.0.1:44867 0.0.0.0:* LISTEN 1930/beam.smp tcp 0 0 127.0.0.1:7634 0.0.0.0:* LISTEN 1290/hddtemp tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1337/cupsd tcp6 0 0 ::1:631 :::* LISTEN 1337/cupsd udp 0 0 0.0.0.0:5353 0.0.0.0:* 1070/avahi-daemon: udp 0 0 0.0.0.0:35306 0.0.0.0:* 1070/avahi-daemon: udp 0 0 10.0.0.3:123 0.0.0.0:* 1797/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1797/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1797/ntpd udp6 0 0 fe80::226:2dff:fe91:123 :::* 1797/ntpd udp6 0 0 ::1:123 :::* 1797/ntpd udp6 0 0 :::123
Perchè tutte quelle righe riguardo la sincronizzazione dell'ora???
Grazie (b2b)
Un po di Google no eh! Avahi, beam
- filo1234
- Rampante Reduce
- Messaggi: 6172
- Iscrizione: lunedì 26 febbraio 2007, 21:10
- Località: Cagliari
Re: [Risolto] sono infetto? e ora che faccio?
Al punto 1 ...ultima versione di cosa? di etherape? quella che c'è nei repo non va bene? :-\harrykar ha scritto:non lo conoscevo(mai usato). Grazie per la segnalaz. ;-)Carlin0 ha scritto: A chiunque avesse il dubbio o volesse verificare che il proprio PC non faccia connessioni strane e/o non autorizzate , peggio ancora sconosciute , consiglio l'installazione di un simpatico programmino con tanto di gui che si chiama etherape (da utilizzare As root) .
Ciao :)
PS:
1. peccato che chi ha Lucid nel fare il build(dell' ultima release) otterrà un "No package 'libgnomeui-2.0' found" .
Vuol dire che il build si fa in Natty con GNOME3 ;). Appena fatto metto in share il .deb :)
2. ecco il binario (per arch amd64) con relativo checksumCodice: Seleziona tutto
$ md5sum etherape_0.9.12-1_amd64.deb c54fec1488a0ba2428b795d07babc500 etherape_0.9.12-1_amd64.deb(1.7 MB)
- harrykar
- Entusiasta Emergente
- Messaggi: 1151
- Iscrizione: giovedì 29 gennaio 2009, 19:43
- Desktop: /bin/ksh; /bin/sh; gnome
- Distribuzione: OpenBSD ; Debian ; Lucid10.4 86_64
- Località: World Wide :)
- Contatti:
Re: [Risolto] sono infetto? e ora che faccio?
Si di etherapefilo1234 ha scritto:Al punto 1 ...ultima versione di cosa? di etherape?harrykar ha scritto:non lo conoscevo(mai usato). Grazie per la segnalaz. ;-)Carlin0 ha scritto: A chiunque avesse il dubbio o volesse verificare che il proprio PC non faccia connessioni strane e/o non autorizzate , peggio ancora sconosciute , consiglio l'installazione di un simpatico programmino con tanto di gui che si chiama etherape (da utilizzare As root) .
Ciao :)
PS:
1. peccato che chi ha Lucid nel fare il build(dell' ultima release) otterrà un "No package 'libgnomeui-2.0' found" .
Vuol dire che il build si fa in Natty con GNOME3 ;). Appena fatto metto in share il .deb :)
2. ecco il binario (per arch amd64) con relativo checksumCodice: Seleziona tutto
$ md5sum etherape_0.9.12-1_amd64.deb c54fec1488a0ba2428b795d07babc500 etherape_0.9.12-1_amd64.deb(1.7 MB)
quella che c'è nei repo non va bene? :-\
Normalmente i sw da repo ufficiale vanno benissimo a almeno dovrebbero --le ecccezioni ci stanno sempre--. In particolare non saprei se etherape da repo va bene non l'ho usato da li. Ho direttamente fatto il build semplicemente perchè era parecchie release indietro(0.9.8--27/9/2009 -- da repo 0.9.12--31/5/2011-- ultima) e nel frattempo si sono fatti parecchi passi avanti. L' update dei sw di una distro (vale per tutte più o meno) è sempre un "problema"
- TUX5+0
- Entusiasta Emergente
- Messaggi: 1115
- Iscrizione: domenica 7 febbraio 2010, 17:54
- Desktop: Ubuntu
- Distribuzione: Ubuntu 18.10 64 bit
- Località: ai confini della realtà
- Contatti:
Re: [Risolto] sono infetto? e ora che faccio?
Posso qui o apro nuova discussione?
Meglio essere protagonisti della propria tragedia che spettatori della propria vita .Quando l'ultima fiamma sarà spenta, l'ultimo fiume avvelenato, l'ultimo pesce catturato, allora capirete che non si può mangiare denaro.
-
- Prode Principiante
- Messaggi: 54
- Iscrizione: lunedì 17 ottobre 2011, 13:18
- Sesso: Maschile
Re: [Risolto] sono infetto? e ora che faccio?
- TUX5+0
- Entusiasta Emergente
- Messaggi: 1115
- Iscrizione: domenica 7 febbraio 2010, 17:54
- Desktop: Ubuntu
- Distribuzione: Ubuntu 18.10 64 bit
- Località: ai confini della realtà
- Contatti:
Re: [Risolto] sono infetto? e ora che faccio?
Grazie penso di si....ma non posso reinstallare per adesso...Debianizzato ha scritto: Non ho ancora visto alcun utente ubuntu attaccato..Posta dai
Codice: Seleziona tutto
:~$ sudo rkhunter -c
[sudo] password for :
[ Rootkit Hunter version 1.3.8 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide [ OK ]
/usr/sbin/unhide-tcp [ OK ]
/usr/sbin/unhide-linux26 [ OK ]
/usr/bin/awk [ Warning ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ Warning ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ Warning ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pgrep [ Warning ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/rpm [ Warning ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/sha224sum [ OK ]
/usr/bin/sha256sum [ OK ]
/usr/bin/sha384sum [ OK ]
/usr/bin/sha512sum [ OK ]
/usr/bin/size [ Warning ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ Warning ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ Warning ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ Warning ]
/usr/bin/w [ Warning ]
/usr/bin/watch [ Warning ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/unhide.rb [ Warning ]
/usr/bin/mawk [ Warning ]
/usr/bin/lwp-request [ OK ]
/usr/bin/w.procps [ Warning ]
/sbin/depmod [ OK ]
/sbin/fsck [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/route [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ Warning ]
/sbin/sysctl [ Warning ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ Warning ]
/bin/less [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ps [ Warning ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/dash [ OK ]
[Press <ENTER> to continue]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fu Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
iLLogiC Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
'Spanish' Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]
[Press <ENTER> to continue]
Checking the network...
Performing checks on the network ports
Checking for backdoor ports [ None found ]
Checking for hidden ports [ None found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
[Press <ENTER> to continue]
System checks summary
=====================
File properties checks...
Files checked: 137
Suspect files: 21
Rootkit checks...
Rootkits checked : 245
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 6 minutes and 30 seconds
All results have been written to the log file (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
sudo netstat -tulnp
Connessioni internet attive (solo server)
Proto Recv-Q Send-Q Indirizzo locale Indirizzo esterno Stato PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3691/smbd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 450/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1030/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1074/master
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 1097/tor
tcp 0 0 127.0.0.1:8123 0.0.0.0:* LISTEN 895/polipo
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3691/smbd
tcp6 0 0 :::22 :::* LISTEN 450/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1030/cupsd
udp 0 0 0.0.0.0:44871 0.0.0.0:* 506/avahi-daemon: r
udp 0 0 192.168.0.255:137 0.0.0.0:* 3721/nmbd
udp 0 0 192.168.0.111:137 0.0.0.0:* 3721/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 3721/nmbd
udp 0 0 192.168.0.255:138 0.0.0.0:* 3721/nmbd
udp 0 0 192.168.0.111:138 0.0.0.0:* 3721/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 3721/nmbd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 506/avahi-daemon: r
udp6 0 0 :::60645 :::* 506/avahi-daemon: r
udp6 0 0 :::5353 :::* 506/avahi-daemon: r
Meglio essere protagonisti della propria tragedia che spettatori della propria vita .Quando l'ultima fiamma sarà spenta, l'ultimo fiume avvelenato, l'ultimo pesce catturato, allora capirete che non si può mangiare denaro.
- giacomosmit
- Imperturbabile Insigne
- Messaggi: 3225
- Iscrizione: venerdì 3 dicembre 2010, 22:04
Re: [Risolto] sono infetto? e ora che faccio?
Salva l'Ucraina!
Chi c’è in linea
Visualizzano questa sezione: 0 utenti iscritti e 13 ospiti