Ver. 2.16.0.4104
Downloaded 01-02-2013 and loaded to 4GB usb stick. Booted from usb stick and ran chkrootkit on 01-03-2013. Found rootkit "Suckit" in "/sbin/init INFECTED!!" Ran
chkrootkit twice and verified same warning. Am fairly new to linux - please advise.
Regards
Dennis
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
On my NST system (it's a hard drive install and has been updated - so it's not identical to yours), I do not see this issue when running chkrootkit (/bin/init looks OK on my report).
Please verify that the sha1 checksum on the ISO image you downloaded is: 49c833616e3b434899876fcf1f46732b656eb9c2
And that the md5 is: 695d72ea0f73e9e29da9bf10fe5da795
If those look correct, please describe how you created your live USB boot stick. In particular, did you use the tools on the NST ISO, or some third party utility?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
MD5 and Checksum hash's are ok - same as in your message. USB tool used in my Windows XP-SP3 is liveusb-creator-3.11.7 with size on HD of 9,342,976 bytes. I do not remember the download URL of the executable. I do not have any linux OS's running on any of my home computers. I am using 4GB USB sticks
(reformated before use) to FAT32 as bootable forensics, virus/malware and NST systems/applications.
I suppose that I need to download a new version of liveusb-creator. Any ideas
where I can get a guaranteed clean windows version?
Regards
Dennis
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I haven't tried a Windows version of the liveusb-creator in awhile, so I'm not sure what to recommend to you.
I will try downloading the NST ISO image tomorrow and creating a live USB stick using the current version of the liveusb-creator on the NST systems. It might be that liveusb-creator needs to install a special /bin/init for it's boot sequence which is triggering a false positive on the chkroot test. I will let you know what I find out tomorrow.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If it helps, I usually use a program called Unetbootin to create my live USB drives on Windows. I've used it for several different distributions, including Ubuntu and NST and have never had any issues.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ver. 2.16.0.4104
Downloaded 01-02-2013 and loaded to 4GB usb stick. Booted from usb stick and ran chkrootkit on 01-03-2013. Found rootkit "Suckit" in "/sbin/init INFECTED!!" Ran
chkrootkit twice and verified same warning. Am fairly new to linux - please advise.
Regards
Dennis
On my NST system (it's a hard drive install and has been updated - so it's not identical to yours), I do not see this issue when running chkrootkit (/bin/init looks OK on my report).
Please verify that the sha1 checksum on the ISO image you downloaded is: 49c833616e3b434899876fcf1f46732b656eb9c2
And that the md5 is: 695d72ea0f73e9e29da9bf10fe5da795
For example:
If those look correct, please describe how you created your live USB boot stick. In particular, did you use the tools on the NST ISO, or some third party utility?
MD5 and Checksum hash's are ok - same as in your message. USB tool used in my Windows XP-SP3 is liveusb-creator-3.11.7 with size on HD of 9,342,976 bytes. I do not remember the download URL of the executable. I do not have any linux OS's running on any of my home computers. I am using 4GB USB sticks
(reformated before use) to FAT32 as bootable forensics, virus/malware and NST systems/applications.
I suppose that I need to download a new version of liveusb-creator. Any ideas
where I can get a guaranteed clean windows version?
Regards
Dennis
I haven't tried a Windows version of the liveusb-creator in awhile, so I'm not sure what to recommend to you.
I will try downloading the NST ISO image tomorrow and creating a live USB stick using the current version of the liveusb-creator on the NST systems. It might be that liveusb-creator needs to install a special /bin/init for it's boot sequence which is triggering a false positive on the chkroot test. I will let you know what I find out tomorrow.
If it helps, I usually use a program called Unetbootin to create my live USB drives on Windows. I've used it for several different distributions, including Ubuntu and NST and have never had any issues.