From owner-freebsd-questions@FreeBSD.ORG Thu Jan 29 00:52:06 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65B58106566B for ; Thu, 29 Jan 2009 00:52:06 +0000 (UTC) (envelope-from lumiwa@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id 144CD8FC14 for ; Thu, 29 Jan 2009 00:52:05 +0000 (UTC) (envelope-from lumiwa@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so2882593yxb.13 for ; Wed, 28 Jan 2009 16:52:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=kCqQjbwKZ/Hxsf7RnlVR/ihi3/+J/oez3MA0KIQAMYs=; b=Dbv7HxKOCEts6i9cQoosPmBoqVxj9ck+7L3FgSmmPv6NZfjZoWrcfLa2MRDVhwMK67 JaORd0/jbno0LcYIvv8uX4RTvTbcdrSx1ENNsEE5isKqGQwZONmReYSG4ux6iCBaHmBP CJa7aZBATbyKOfsRWkV+zD2oST927kJyyV25s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:message-id; b=NW299sGxQQoMukmqq9T3DYBr6f8sc2DeE9ajnd5qzYWHkAMJphpFCyIwvgWjgNLHmp DVFkYyCAL61tFwxSinS4/xZoSxkE9q2jiq28XolAJkZqf6qIOKvMzZeZkcLz+dDs/B1E zQBW9Fx6hWc0YAIWGFLpN8wMkYof5O1gS9Eaw= Received: by 10.100.137.12 with SMTP id k12mr444547and.55.1233190325155; Wed, 28 Jan 2009 16:52:05 -0800 (PST) Received: from ?192.168.0.100? (CPE-65-29-54-222.wi.res.rr.com [65.29.54.222]) by mx.google.com with ESMTPS id c28sm21181914anc.25.2009.01.28.16.52.03 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 28 Jan 2009 16:52:04 -0800 (PST) From: ajtiM To: Glen Barber Date: Wed, 28 Jan 2009 18:51:48 -0600 User-Agent: KMail/1.9.10 References: <200901281613.43066.lumiwa@gmail.com> <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> In-Reply-To: <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901281851.48369.lumiwa@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: chkrootkit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2009 00:52:06 -0000 On Wednesday 28 January 2009 16:30:54 Glen Barber wrote: > On Wed, Jan 28, 2009 at 5:13 PM, ajtiM wrote: > > Hi! > > > > My system: new installed FreeBSD 7.1, KDE 3.5.10 > > > > I ran chkrootkit and I got: > > > > ... > > Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary > > file ... > > ... > > Searching for t0rn's default files and dirs... nothing found > > Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) > > rootkit installed... > > Have you properly updated chrootkit? If so, it appears you have a > rootkit on your system. How old is the installation? I installed chkrootkit from the ports and I have FreeBSD 7.1 about one week and just FreeBSD is on computer. Fresh installation and IMO I visited just "safe" web pages. I have a desktop computer, cable Internet. I have Skype installed but I didn't use yet.