Will mounting sda6 to run rkhunter allow the malware to become active?
I think I've got malware on my laptop. You see, I got suspicious disc activity
after accessing a dodgey website.
So I'm going to run rkhunter on the laptop from a live knoppix USB stick.
My linux system is on partition /dev/sda6. Presumably I need to actually MOUNT
sda6 in order to run rkhunter on it (or am I wrong). But if I mount it, does
this allow the malware to become active and do nasty things?
I'm only just starting to learn about malware scanners, and was proposing to run
the following on the laptop: rkhunter, chkrootkit, and clamtk or clamav. Will
running all 3 programs be sufficient in searching for malware?
I acquired the malware while running linux on sda6, but do I need to check for
this malware on the other partitions too (sda1, sda2, and sda3 are for Windows,
and sda5 is linux swap)?
Is rkhunter better than chkrootkit or vice versa?
Many thanks.
|