From owner-freebsd-security@FreeBSD.ORG Sun Apr 13 07:17:41 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47C4B37B401 for ; Sun, 13 Apr 2003 07:17:41 -0700 (PDT) Received: from MailBox.iNES.RO (MailBox.iNES.RO [80.86.96.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34CEA43FAF for ; Sun, 13 Apr 2003 07:17:40 -0700 (PDT) (envelope-from Alexandru.Balan@iNES.RO) Received: from [192.168.0.135] (Support.Local.iNES.RO [192.168.0.135] (may be forged)) by MailBox.iNES.RO (8.12.8/8.12.5) with ESMTP id h3DEHc5b021705; Sun, 13 Apr 2003 17:17:38 +0300 From: Alexandru Balan To: "Nickolay A. Kritsky" In-Reply-To: <11418603780.20030413180746@internethelp.ru> References: <1050241980.32076.26.camel@BSD.iNES.RO> <11418603780.20030413180746@internethelp.ru> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-3LvR8UoXItrXR4SI7Kq1" Organization: iNES Advertising Message-Id: <1050243458.869.0.camel@BSD.iNES.RO> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 13 Apr 2003 17:17:38 +0300 X-RAVMilter-Version: 8.4.1(snapshot 20020919) (MailBox.iNES.RO) cc: freebsd-security@freebsd.org Subject: Re: chfn, chsh, ls, ps - INFECTED X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 14:17:41 -0000 --=-3LvR8UoXItrXR4SI7Kq1 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Yes it is 5.x, I'm truly sorry if it was posted before but i just subscribe. I'll search in the archives. Thank you On Sun, 2003-04-13 at 17:07, Nickolay A. Kritsky wrote: > Hello Alexandru, >=20 > Sunday, April 13, 2003, 5:53:00 PM, you wrote: >=20 > AB> My machine got hacked a few days ago through the samba bug. I > AB> reinstalled everything cvsuped src-all, and ran chkrootkit. No more L= KM > AB> but still... > AB> Can anyone please advise ? >=20 > AB> bash-2.05b# chkrootkit | grep INFECTED > AB> Checking `chfn'... INFECTED > AB> Checking `chsh'... INFECTED > AB> Checking `date'... INFECTED > AB> Checking `ls'... INFECTED > AB> Checking `ps'... INFECTED >=20 > This was mentioned on this list before. Is your system 5.x ? >=20 > ;------------------------------------------- > ; NKritsky > ; mailto:nkritsky@internethelp.ru --=20 Jy --=-3LvR8UoXItrXR4SI7Kq1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+mXGCXj/84bdgpDIRAqdDAJ4kvFOaF8Z12wRDMWhWD0CpOXbCzACfSjcP zG0qLI++1We4XeDizAF7O1Y= =/TVq -----END PGP SIGNATURE----- --=-3LvR8UoXItrXR4SI7Kq1--