Hidden files warning
> Hi i use linspire for a few days now and because i was hacked like a week or to ago (when i used mandrake OS) i scan my system more often with rkhunter and Clamav clamscan.
> > the results at the end of both scans were 0 found, but rootkithunter gave a warning when scanning hidden files in the /etc.java directory with the message that i should check that directory. > > i turned on the option view hidden files and went in that Dir. i found 2 empty files > But they where modified at the day all was installed. System checks * Allround tests Checking hostname... Found. Hostname is bodhisatva Checking for passwordless user accounts... OK Checking for differences in user accounts... OK. No changes. Checking for differences in user groups... OK. No changes. Checking boot.local/rc.local file... - /etc/rc.local [ Not found ] - /etc/rc.d/rc.local [ Not found ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ] - /etc/init.d/boot.local [ Not found ] Checking rc.d files... [ Not found ] Checking history files Bourne Shell [ OK ] * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.devfsd /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory) [Press <ENTER> to continue] MD5 MD5 compared: 0 Incorrect MD5 checksums: 0 File scan Scanned files: 328 Possible infected files: 0 Application scan Vulnerable applications: 0 Scanning took 80 seconds ----------------------------------------------------------------------- Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl) Can there be some hidden files i realy can not see, can that be dangerous and should i be worried? |
What happened when you checked the /etc/.java directory? Just because a directory is hidden doesn't mean that you can't see it - open your file browser (I'm guessing yours is Konqueror) and click View --> Show Hidden Files.
If I remember correctly, RootKit Hunter can sometimes bring up false positives. |
If I remember correctly, RootKit Hunter can sometimes bring up false positives.
Yep. RkHunter will normally flag anything outside of /home that's a hidden file. Check text files manually to make sure that they're not malicious. |
Thnx i always hve the option show/vieuw hidden files on and when i check the files manualy it looks normal so i guess all is allright
|
All times are GMT -5. The time now is 12:33 AM. |