> Hi i use linspire for a few days now and because i was hacked like a week or to ago (when i used mandrake OS) i scan my system more often with rkhunter and Clamav clamscan.
>
> the results at the end of both scans were 0 found, but rootkithunter gave a warning when scanning hidden files in the /etc.java directory with the message that i should check that directory.
>
> i turned on the option view hidden files and went in that Dir. i found 2 empty files
> But they where modified at the day all was installed.
System checks
* Allround tests
Checking hostname... Found. Hostname is bodhisatva
Checking for passwordless user accounts... OK
Checking for differences in user accounts... OK. No changes.
Checking for differences in user groups... OK. No changes.
Checking boot.local/rc.local file...
- /etc/rc.local [ Not found ]
- /etc/rc.d/rc.local [ Not found ]
- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]
Checking rc.d files... [ Not found ]
Checking history files
Bourne Shell [ OK ]
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.devfsd /etc/.java
/etc/.pwd.lock
---------------
Please inspect: /etc/.java (directory)
[Press <ENTER> to continue]
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 328
Possible infected files: 0
Application scan
Vulnerable applications: 0
Scanning took 80 seconds
-----------------------------------------------------------------------
Do you have some problems, undetected rootkits, false positives, ideas
or suggestions?
Please e-mail me by filling in the contact form (@
http://www.rootkit.nl)
Can there be some hidden files i realy can not see, can that be dangerous and should i be worried?