Gentoo Archives: gentoo-security

From: Ned Ludd <solar@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Date: Thu, 17 Dec 2009 12:03:36
Message-Id: 1261048490.5675.4.camel@localhost
In Reply to: [gentoo-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware? by whereislibertyandjustice@Safe-mail.net
On Wed, 2009-12-16 at 21:06 -0500,
whereislibertyandjustice@×××××××××.net wrote:
> In linux binaries, in any linux distro, I've discovered the same strings > which I believe may be due to a virus or trojan. > > Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.
there is none. And I don't think any of the above mention tools actually will dig as deep as symbols of an ELF.
> Whether I run 'strings' on the binary files or view with vim or gedit, here > is what is always seen inside the binaries: > > > __gmon_start__ > _Jv_RegisterClasses
These symbols are normal and nothing to really get over paranoid about. Some years ago I had a patch for uClibc/gcc where I removed the _Jv_R.. weak symbol, but in the end it was not worth it. There is no attack vector there.