Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Ned Ludd <solar@g.o>
Subject: Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Date: Thu, 17 Dec 2009 03:14:50 -0800
On Wed, 2009-12-16 at 21:06 -0500,
whereislibertyandjustice@... wrote:
> In linux binaries, in any linux distro, I've discovered the same strings
> which I believe may be due to a virus or trojan.
> 
> Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.
there is none. And I don't think any of the above mention tools actually
will dig as deep as symbols of an ELF.

> Whether I run 'strings' on the binary files or view with vim or gedit, here
> is what is always seen inside the binaries:
> 
> 
> __gmon_start__
> _Jv_RegisterClasses

These symbols are normal and nothing to really get over paranoid about.
Some years ago I had a patch for uClibc/gcc where I removed the _Jv_R..
weak symbol, but in the end it was not worth it. 
There is no attack vector there.




References:
gmonstart / jvregisterclasses in tons of binaries with commands,malware?
-- whereislibertyandjustice
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Next by thread:
portage/rsync question
Previous by date:
Re: gmonstart / jvregisterclasses in tons of binaries with commands,malware?
Next by date:
portage/rsync question


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.