Help - Search - Members - Calendar
Full Version: Help Whit Rootkit Removal!
Linuxhelp > Support > Technical Support
frosst
hi, i am kinda newbie in unix and i jsut rented a dedicated server and i whant to keep it clean of rootkits and exploits and stuuf like this. I chked it whi CHKROOTKIT and i says that the bindshell is infected, but i dont know what to do next: "Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... Checking `rexedcs'... not found"
If you could helpe me please whit some adiveces (for newbie...not advenced, step by step) i would pe very greatfull and also some tips for keeping the server clean of this stuff would be great to.


Thank you very much in advance!
jetblackz
Rent, you say. Then you're not the owner of the box. So maybe the CO is watching you.
hughesjr
There is a program called portSentry/klaxon that can cause false positives with that test ... as can many other things.

Here is a reference:
http://www.linuxquestions.org/questions/sh...?threadid=47083

If your linux box has the command lsof, issue this command to see what program is listening on which ports:

lsof -i -T | less
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.