| 1 |
On Tue, Sep 28, 2010 at 7:34 PM, Paul Stear <gentoo@××××××××××××.com> wrote: |
| 2 |
> Hi all, |
| 3 |
> rkhunter runs every day and reports the following:- |
| 4 |
> |
| 5 |
> System checks summary |
| 6 |
> ===================== |
| 7 |
> |
| 8 |
> File properties checks... |
| 9 |
> Files checked: 142 |
| 10 |
> Suspect files: 141 |
| 11 |
> |
| 12 |
> Rootkit checks... |
| 13 |
> Rootkits checked : 246 |
| 14 |
> Possible rootkits: 2 |
| 15 |
> Rootkit names : Xzibit Rootkit, Dica-Kit Rootkit |
| 16 |
> |
| 17 |
> Any idea how I find and remove these Rootkits? |
| 18 |
|
| 19 |
FYI, some info about Dica-Kit from Sophos: |
| 20 |
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdicakit.html |
| 21 |
|
| 22 |
and a quick google search about Xzibit seems to say that rkhunter |
| 23 |
often give false positive for Xzibit. You might want to research about |
| 24 |
Xzibit, and assess whether or not your case is false positive. |
Archives