Snoopy1966
6th December 2006, 02:16 PM
Hello,
I did a scan with a virus scanner yesterday and found I was phissed!! I downloaded a virus scanner I think from Firewing1 link that found it. Today I ran the virus scanner again and found some problems too. I think it was OK because I was trying to install Clamav and there is a test file in it and the scanner picked it up. There was something in Mozilla as well.
OK now to the subject I used rkhunter again this morning and got the following results
System checks
* Allround tests
Checking hostname... Found. Hostname is localhost.localdomain
Checking for passwordless user accounts... OK
Checking for differences in user accounts... Found differences
Info:
----------------------
< exim:x:93:93::/var/spool/exim:/sbin/nologin
< clamilt:x:102:103:Clamav Milter User:/var/run/clamav-milter:/sbin/nologin
----------------------
Info: Some items have been added (items marked with '<')
Checking for differences in user groups... Found differences
Info:
----------------------
< mail:x:12:mail,exim
> mail:x:12:mail
< exim:x:93:
< clamilt:x:103:
What do these results mean and what can I do to fix this. I am very surprised to have been phissed and have a virus if it really is one. I feel unsafe now.
I have FireStarter firewall installed now. Should I shut off the firewall that is with FC6 and just run Firestarter?
What to do to make my system more secure? I thought this stuff would be behind me. I never got phissed before. I am having problems trying to install a virus scanner for real time protection. I was trying to install AVG and no luck there at all.
This is from chkroot
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/qt-3.3/etc/settings/.qtrc.lock /usr/lib/qt-3.3/etc/settings/.kstylerc.lock /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock
Checking `sniffer'... ath0: PF_PACKET(/usr/sbin/wpa_supplicant, /sbin/dhclient)
Checking `z2'... user root deleted or never logged from lastlog!
What to do?? :(
I did a scan with a virus scanner yesterday and found I was phissed!! I downloaded a virus scanner I think from Firewing1 link that found it. Today I ran the virus scanner again and found some problems too. I think it was OK because I was trying to install Clamav and there is a test file in it and the scanner picked it up. There was something in Mozilla as well.
OK now to the subject I used rkhunter again this morning and got the following results
System checks
* Allround tests
Checking hostname... Found. Hostname is localhost.localdomain
Checking for passwordless user accounts... OK
Checking for differences in user accounts... Found differences
Info:
----------------------
< exim:x:93:93::/var/spool/exim:/sbin/nologin
< clamilt:x:102:103:Clamav Milter User:/var/run/clamav-milter:/sbin/nologin
----------------------
Info: Some items have been added (items marked with '<')
Checking for differences in user groups... Found differences
Info:
----------------------
< mail:x:12:mail,exim
> mail:x:12:mail
< exim:x:93:
< clamilt:x:103:
What do these results mean and what can I do to fix this. I am very surprised to have been phissed and have a virus if it really is one. I feel unsafe now.
I have FireStarter firewall installed now. Should I shut off the firewall that is with FC6 and just run Firestarter?
What to do to make my system more secure? I thought this stuff would be behind me. I never got phissed before. I am having problems trying to install a virus scanner for real time protection. I was trying to install AVG and no luck there at all.
This is from chkroot
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/qt-3.3/etc/settings/.qtrc.lock /usr/lib/qt-3.3/etc/settings/.kstylerc.lock /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock
Checking `sniffer'... ath0: PF_PACKET(/usr/sbin/wpa_supplicant, /sbin/dhclient)
Checking `z2'... user root deleted or never logged from lastlog!
What to do?? :(
