Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 23:37
All times are UTC - 4
 Forum index » Off-Topic Area » Security
chkrootkit says Stardust /sbin/init INFECTED with Suckit
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [20 Posts]   Goto page: Previous 1, 2
Author Message
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 05 Mar 2010, 07:17    Post subject:  

so which anti rootkit program would show least such false positives?

I tested Rootkit Revealer and it showed 406xxx that is fourhundredsixthousand things that it did not like.

Too much to go through to know if there is something to look deeper into.

what about Gmer is that only a remover and not teller of what it wants to remove before it do it?



Maybe the easiest thing for a newbie is to look for activity on the port 55 or something. Not that I know how to do this but that program is built into puppy from scratch I guess so easy to use of somebody tells how to get it going.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
tasmod


Joined: 04 Dec 2008
Posts: 1461
Location: North Lincolnshire. UK

PostPosted: Fri 05 Mar 2010, 12:27    Post subject:  

nooby,

If you visit this part of the forum be prepared to get paranoid about Puppy and security.

Ease off, it's never as bad as it seems. Wink

_________________
Rob
-
The moment after you press "Post" is the moment you actually see the typso Cool
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sat 06 Mar 2010, 02:58    Post subject:  

If you trust Puppy as provided by Barry to be initially free from malware, you could create md5sums of all the files, store them on a read-only medium, and then verify them from time to time to make sure nothing changed. That would help you notice if any files changed.

It won't help you notice if new things are added without changing existing stuff. For example, scripts placed into /etc/init.d/, /etc/profile.d/, and /root/Startup will be run automatically as Puppy boots (and also whenever you open a terminal, in the case of profile.d). Also, files in /etc/udev/rules.d/ can execute commands when hardware is detected or removed.

If you don't add files to Puppy very often, you could do a remaster after it's set up and start from a fresh pup_save.2fs file. Then you could look at the contents of the pup_save.2fs file from time to time to see if there's anything suspicious in it. (If you frequently install or modify things this won't work because it will quickly fill up with a bunch of stuff that's legit.)

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 06 Mar 2010, 15:41    Post subject:  

I found this interesting text today searching for puppy and rootkits detection.

http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html

one of the commentators wrote

Quote:
# Randy on Dec 2 1:22, 2009

I wonder if one could just boot to a Linux boot CD like Puppy and remove the infected dll files.


Can one use pfind to look for known rootkit names or are the encrypted and don't show up?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3357
Location: Oregon

PostPosted: Sat 06 Mar 2010, 16:34    Post subject:  

dll files are Windows ones and the key word here is infected.
Randomly going through windows and deleting DLL files that are supposedly infected may kill windows.
If one is concerned, do a backup of things you want to keep and reinstall windows.
The only dll files you would find in Puppy would be from an installation of wine.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [20 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0541s ][ Queries: 12 (0.0077s) ][ GZIP on ]