 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Sat 25 May 2013, 14:07 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
chkrootkit says Stardust /sbin/init INFECTED with Suckit
|
 
|
View previous topic :: View next topic |
| Page 2 of 2 [20 Posts] | Goto page: Previous 1, 2 |
| Author | Message | ||||
|---|---|---|---|---|---|
|
nooby
Joined: 29 Jun 2008 Posts: 9392 Location: SwedenEurope |
so which anti rootkit program would show least such false positives? I tested Rootkit Revealer and it showed 406xxx that is fourhundredsixthousand things that it did not like. Too much to go through to know if there is something to look deeper into. what about Gmer is that only a remover and not teller of what it wants to remove before it do it? Maybe the easiest thing for a newbie is to look for activity on the port 55 or something. Not that I know how to do this but that program is built into puppy from scratch I guess so easy to use of somebody tells how to get it going. _________________ I'm a noob so I use Google Search of Puppy Forum |
||||
|
|||||
 |
|||||
tasmod
 Joined: 04 Dec 2008 Posts: 1459 Location: North Lincolnshire. UK |
nooby, If you visit this part of the forum be prepared to get paranoid about Puppy and security. Ease off, it's never as bad as it seems. 
_________________ Rob - The moment after you press "Post" is the moment you actually see the typso  |
||||
|
|||||
|
|||||
Pizzasgood
 Joined: 04 May 2005 Posts: 6270 Location: Knoxville, TN, USA |
If you trust Puppy as provided by Barry to be initially free from malware, you could create md5sums of all the files, store them on a read-only medium, and then verify them from time to time to make sure nothing changed. That would help you notice if any files changed. It won't help you notice if new things are added without changing existing stuff. For example, scripts placed into /etc/init.d/, /etc/profile.d/, and /root/Startup will be run automatically as Puppy boots (and also whenever you open a terminal, in the case of profile.d). Also, files in /etc/udev/rules.d/ can execute commands when hardware is detected or removed. If you don't add files to Puppy very often, you could do a remaster after it's set up and start from a fresh pup_save.2fs file. Then you could look at the contents of the pup_save.2fs file from time to time to see if there's anything suspicious in it. (If you frequently install or modify things this won't work because it will quickly fill up with a bunch of stuff that's legit.) _________________ Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib  |
||||
|
|||||
|
|||||
|
nooby
Joined: 29 Jun 2008 Posts: 9392 Location: SwedenEurope |
I found this interesting text today searching for puppy and rootkits detection. http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html one of the commentators wrote
Can one use pfind to look for known rootkit names or are the encrypted and don't show up? _________________ I'm a noob so I use Google Search of Puppy Forum |
||||
|
|||||
|
|||||
8-bit
 Joined: 03 Apr 2007 Posts: 3018 Location: Oregon |
dll files are Windows ones and the key word here is infected. Randomly going through windows and deleting DLL files that are supposedly infected may kill windows. If one is concerned, do a backup of things you want to keep and reinstall windows. The only dll files you would find in Puppy would be from an installation of wine. |
||||
|
|||||
|
|||||
| Page 2 of 2 [20 Posts] | Goto page: Previous 1, 2 |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Security |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group