LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-06-2005, 12:47 AM   #1
matchgirl
LQ Newbie
 
Registered: Oct 2005
Posts: 4

Rep: Reputation: 0
Virus Attacked!


Good day,

I had this virus on my server - After scanning using trendmicro, they prompt me that the name of this virus is ELF.HACKTOP.A

I tried to delete using trendmicro and manually myself but it failed. Any ideas?
 
Old 10-06-2005, 02:31 AM   #2
d00bid00b
Member
 
Registered: Aug 2005
Location: London, UK
Distribution: Debian Testing
Posts: 157

Rep: Reputation: 31
Have you tried ClamAV - that has a detect and delete function? There is some info on this trojan here
 
Old 10-06-2005, 08:22 AM   #3
RanDrake10
Member
 
Registered: Oct 2004
Location: Florida
Distribution: Debian
Posts: 319

Rep: Reputation: 30
Is this a Windows server?
I have never seen Trendmicro run on linux. It's an Internet Explorer only thing.

Have you tried booting a liveCD and removing it that way?
 
Old 10-06-2005, 02:21 PM   #4
tuubaaku
Member
 
Registered: Oct 2004
Distribution: Slackware, Mint
Posts: 122

Rep: Reputation: 16
Re: Virus Attacked!

Quote:
Originally posted by matchgirl
Good day,

I had this virus on my server - After scanning using trendmicro, they prompt me that the name of this virus is ELF.HACKTOP.A

I tried to delete using trendmicro and manually myself but it failed. Any ideas?
What system are you running?
 
Old 10-12-2005, 07:54 PM   #5
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 52
This isn't a virus, its a rootkit (something manually installed by an attacker after they've already compromised your box by other means). A virus is a program that automatically self-replicates between systems, in the process compromising them.
http://www.trendmicro.com/vinfo/viru...%5FHACKTOP%2EA
http://en.wikipedia.org/wiki/Rootkit

Anyway definitions aside you should do the following:
1) Disconnect your machine from the internet
2) Boot off a LiveCD (Knoppix, PCLinuxOS, your distro's install CD in rescue mode)
3) Run chkrootkit, rkhunter or a similar rootkit hunter (Knoppix has chkrootkit I think) to make sure the TrendMicro warning isn't a false positive
3b (optional) ) Look through the logs of the infected install and try and see how the attacker got in. Especially look through /var/log/messages and apache logs. Do you run something with known vulnerabilities like phpBB on a webserver? What version of what distro are you using? Do you keep up with security updates?
4) If the the rootkit is confirmed backup your user data (important stuff in /home, /var and /etc) and reinstall Linux.
 
Old 03-06-2006, 05:16 AM   #6
matchgirl
LQ Newbie
 
Registered: Oct 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Sorry for the late reply.

I am running on Linux. As I am quite new to Linux OS, please kindly advice me on how to prevent all these attacks as well as virus from the server.

Is there any component to upgrade or install which might be helpful?

Thank you =)
 
Old 03-06-2006, 08:29 AM   #7
tuubaaku
Member
 
Registered: Oct 2004
Distribution: Slackware, Mint
Posts: 122

Rep: Reputation: 16
what distrobution of Linux are you running?

You might want to read the basic security stuff at the top of this forum - do things like disable any extra services, make sure your system is updated, ... So, if you're just running a web server, don't be running extra services that aren't absolutely necessary, and make sure your apache is updated.
 
Old 03-06-2006, 08:39 AM   #8
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
6 months after...

The OP needs to read the answers maybe before asking new questions
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
netstat - Am I being attacked? techrolla Linux - Security 4 08-02-2007 07:58 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
I think I've been attacked! smacky Linux - Security 7 10-21-2003 03:39 AM
Have I been attacked? tangle Linux - Security 6 08-03-2003 09:33 PM
Being Attacked? andy18 Linux - Security 1 05-11-2003 12:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration