[Rkhunter-users] How to get rid of Dica Kit?
Brought to you by:
dogsbody
From: Petter C. <pet...@me...> - 2011-09-11 00:24:05
|
Hi, found your nice software and ran it. Seems I have a root kit. How do I get rid of it? Any suggestions? Running OSx 10.7.1 on a new MB Pro Best regards, Petter Log file looks like this: KLST-445:rkhunter-1.3.8 petter$ sudo sh installer.sh --layout default --install Password: Checking system for: Rootkit Hunter installer files: found A web file download command: curl found Starting installation: Checking installation directory "/usr/local": it exists and is writable. Checking installation directories: Directory /usr/local/share/doc/rkhunter-1.3.8: creating: OK Directory /usr/local/share/man/man8: creating: OK Directory /etc: exists and is writable. Directory /usr/local/bin: exists and is writable. Directory /usr/local/lib: exists and is writable. Directory /var/lib: exists and is writable. Directory /usr/local/lib/rkhunter/scripts: creating: OK Directory /var/lib/rkhunter/db: creating: OK Directory /var/lib/rkhunter/tmp: creating: OK Directory /var/lib/rkhunter/db/i18n: creating: OK Installing check_modules.pl: OK Installing filehashsha.pl: OK Installing stat.pl: OK Installing readlink.sh: OK Installing backdoorports.dat: OK Installing mirrors.dat: OK Installing programs_bad.dat: OK Installing suspscan.dat: OK Installing rkhunter.8: OK Installing ACKNOWLEDGMENTS: OK Installing CHANGELOG: OK Installing FAQ: OK Installing LICENSE: OK Installing README: OK Installing language support files: OK Installing rkhunter: OK Installing rkhunter.conf: OK Installation complete KLST-445:rkhunter-1.3.8 petter$ rkhunter -c -sk -bash: /usr/local/bin/rkhunter: Permission denied KLST-445:rkhunter-1.3.8 petter$ sudo rkhunter -c -sk [ Rootkit Hunter version 1.3.8 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Skipped ] Performing file properties checks Checking for prerequisites [ Warning ] /usr/bin/awk [ OK ] /usr/bin/basename [ OK ] /usr/bin/curl [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/du [ OK ] /usr/bin/egrep [ OK ] /usr/bin/env [ OK ] /usr/bin/fgrep [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/fuser [ Warning ] /usr/bin/grep [ OK ] /usr/bin/groups [ OK ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/login [ OK ] /usr/bin/mail [ OK ] /usr/bin/mktemp [ OK ] /usr/bin/more [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ OK ] /usr/bin/readlink [ OK ] /usr/bin/sed [ OK ] /usr/bin/sort [ OK ] /usr/bin/stat [ OK ] /usr/bin/strings [ OK ] /usr/bin/su [ OK ] /usr/bin/sudo [ OK ] /usr/bin/tail [ OK ] /usr/bin/top [ OK ] /usr/bin/touch [ OK ] /usr/bin/tr [ OK ] /usr/bin/uname [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/w [ OK ] /usr/bin/wc [ OK ] /usr/bin/whatis [ Warning ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/shasum [ Warning ] /usr/bin/dscl [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/cp [ OK ] /bin/csh [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/kill [ OK ] /bin/ls [ OK ] /bin/mv [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/sh [ OK ] /bin/test [ OK ] /bin/launchctl [ OK ] /usr/sbin/chown [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/cron [ OK ] /usr/sbin/lsof [ OK ] /usr/sbin/netstat [ OK ] /usr/sbin/newsyslog [ OK ] /usr/sbin/sysctl [ OK ] /usr/sbin/syslogd [ OK ] /usr/sbin/vipw [ OK ] /sbin/dmesg [ OK ] /sbin/fsck [ OK ] /sbin/ifconfig [ OK ] /sbin/md5 [ OK ] /sbin/mount [ OK ] /sbin/nologin [ OK ] /sbin/route [ OK ] /usr/local/bin/rkhunter [ OK ] /usr/libexec/tcpd [ OK ] /etc/rkhunter.conf [ OK ] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] Adore Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] Boonana Trojan [ Not found ] cb Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Warning ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] FreeBSD Rootkit [ Not found ] Fu Rootkit [ Not found ] Fuck`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] iLLogiC Rootkit [ Not found ] Inqtana Worm (Variant A) [ Not found ] Inqtana Worm (Variant B) [ Not found ] Inqtana Worm (Variant C) [ Not found ] IntoXonia-NG Rootkit [ Not found ] Irix Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] ld-linuxv.so Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] OS X Rootkit [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx2 Rootkit [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] 'Spanish' Rootkit [ Not found ] Suckit Rootkit [ Not found ] SunOS Rootkit [ Not found ] SunOS / NSDAP Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] Togroot Rootkit [ Not found ] T0rn Rootkit [ Not found ] trNkit Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] Vampire Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] weaponX Rootkit [ Not found ] Xzibit Rootkit [ Not found ] X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ] Performing additional rootkit checks Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ Warning ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Performing Darwin specific checks [ Skipped ] Checking the network... Performing checks on the network ports Checking for backdoor ports [ None found ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for system startup files [ Warning ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ None found ] Performing system configuration file checks Checking for SSH configuration file [ Found ] Checking if SSH root access is allowed [ Warning ] Checking if SSH protocol v1 is allowed [ Warning ] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories [ Warning ] Checking application versions... Checking version of Apache [ OK ] Checking version of Bind DNS [ OK ] Checking version of OpenSSL [ OK ] Checking version of PHP [ OK ] Checking version of Procmail MTA [ OK ] Checking version of OpenSSH [ OK ] System checks summary ===================== File properties checks... Required commands check failed Files checked: 88 Suspect files: 3 Rootkit checks... Rootkits checked : 160 Possible rootkits: 1 Rootkit names : Dica-Kit Rootkit Applications checks... Applications checked: 6 Suspect applications: 0 The system checks took: 47 seconds All results have been written to the log file (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) KLST-445:rkhunter-1.3.8 petter$ |