Weird results from CHKrootkit

jim.thornton · 01-29-2008, 11:45 PM

I think I've got some very wierd output from chkrootkit.

Code:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... can't exec ./strings-static, not tested
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files...
/tmp/pear/cache/Archive_Tar-1.3.2/Archive/Tar.php
/tmp/pear/cache/PEAR-1.6.1/OS/Guess.php
/tmp/pear/cache/PEAR-1.6.1/System.php
/tmp/pear/cache/PEAR-1.6.1/scripts/peclcmd.php
/tmp/pear/cache/PEAR-1.6.1/scripts/pearcmd.php
/tmp/pear/cache/PEAR-1.6.1/PEAR.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/DependencyDB.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Parser/v1.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Parser/v2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v1.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Generator/v1.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Generator/v2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v2/Validator.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v2/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Package.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Auth.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Test.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Config.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Install.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Mirror.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Channels.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Pickle.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Build.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Remote.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Registry.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Downloader/Package.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Packager.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/RunTest.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Frontend/CLI.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Frontend.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/ChannelFile/Parser.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Exception.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Php.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Ext.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Data.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Test.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Doc.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Script.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Src.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/ErrorStack.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Replace/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Windowseol.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Windowseol/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Postinstallscript.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Postinstallscript/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Unixeol/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Unixeol.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Replace.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Config.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Dependency2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Downloader.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Validator/PECL.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Autoloader.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Validate.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Remote.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Builder.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/XMLParser.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/ChannelFile.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Dependency.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Registry.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST/10.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST/11.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST/13.php
/tmp/pear/cache/Structures_Graph-1.0.2/tests/all-tests.php
/tmp/pear/cache/Structures_Graph-1.0.2/tests/testCase/BasicGraph.php
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph/Node.php
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph/Manipulator/TopologicalSorter.php
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph/Manipulator/AcyclicTest.php

jim.thornton · 01-29-2008, 11:52 PM

Here's the second half... I don't know why this gargled text is there:

Code:

/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph.php
/tmp/pear/cache/Console_Getopt-1.2.3/Console/Getopt.php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
#!/usr/bin/php
<?php
<?php
<?php
<?php
<?php
<?php
IR
__expire_KEY1201499270KEY"/templates/verve/css/csshover.htcTIMEOUT3600__key"/templates/verve/css/csshover.htc__name	resourceCREATE_TIME1201495670UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201495670/templates/verve/css/cIR
__expire_KEY1201652171KEY"/templates/verve/css/csshover.htcTIMEOUT3600__key"/templates/verve/css/csshover.htc__name	resourceCREATE_TIME1201648571UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201648571/templates/verve/css/csshover.htcpIR
__expire_KEY1200882261KEY)/templates/moneytime/css/css_content.cssTIMEOUT3600__key)/templates/moneytime/css/css_content.css__name	resourceCREATE_TIME1200878661UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200878661/templates/IR
__expire_KEY1201498089KEY/phpMyAdmin/phpmyadmin.css.phpTIMEOUT3600__key/phpMyAdmin/phpmyadmin.css.php__name	resourceCREATE_TIME1201494489UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201494489/phpMyAdmin/phpmyadmin.css.phpIR
__expire_KEY1201673918KEY)/templates/moneytime/css/css_content.cssTIMEOUT3600__key)/templates/moneytime/css/css_content.css__name	resourceCREATE_TIME1201670318UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670318/templates/moneytime/css/css_content.cssxVIIR
__expire_KEY1201646896KEY"/includes/js/tabs/tabpane_mini.jsTIMEOUT3600__key"/includes/js/tabs/tabpane_mini.js__name	resourceCREATE_TIME1201643296UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643296/includes/js/tabs/tabpane_mini.jsIR
__expire_KEY1201674599KEY*/webmail/skins/default/images/favicon.icoTIMEOUT3600__key*/webmail/skins/default/images/favicon.ico__name	resourceCREATE_TIME1201670999UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670999/webmail/skins/default/images/favicon.icoIR
__expire_KEY1201673918KEY(/templates/moneytime/js/md_fontsizer.jsTIMEOUT3600__key(/templates/moneytime/js/md_fontsizer.js__name	resourceCREATE_TIME1201670318UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670318/templates/moneytime/js/md_fontsizer.jsxIR
__expire_KEY1200896957KEY/webmail/folders.phpTIMEOUT3600__key/webmail/folders.php__name	resourceCREATE_TIME1200893357UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200893357/webmail/folders.phpIR
__expire_KEY1200978086KEY /roundcube/program/js/common.jsTIMEOUT3600__key
/roundcube/program/js/common.js__name	resourceCREATE_TIME1200974486UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200974486/roundcube/program/js/common.jsIR
__expire_KEY1201673919KEY+/mambots/system/jceutils/jscripts/embed.jsTIMEOUT3600__key+/mambots/system/jceutils/jscripts/embed.js__name	resourceCREATE_TIME1201670319UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670319/mambots/system/jceutils/jscripts/embed.jsIR
__expire_KEY1200876803KEY/phpMyAdmin/db_import.phpTIMEOUT3600__key/phpMyAdmin/db_import.php__name	resourceCREATE_TIME1200873203UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIMEIR
__expire_KEY1201503123KEY/administrator/index2.phpTIMEOUT3600__key/administrator/index2.php__name	resourceCREATE_TIME1201499523UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201499523/administrator/index2.phpIR
__expire_KEY1201655251KEY/administrator/index2.phpTIMEOUT3600__key/administrator/index2.php__name	resourceCREATE_TIME1201651651UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201651651/administrator/index2.phpIR
__expire_KEY1201631764KEY'/webmail/skins/default/pngbehavior.htcTIMEOUT3600__key'/webmail/skins/default/pngbehavior.htc__name	resourceCREATE_TIME1201628164UPDATE_COUNTER1alerted_960903_compressIR
__expire_KEY1201646642KEY'/webmail/skins/default/pngbehavior.htcTIMEOUT3600__key'/webmail/skins/default/pngbehavior.htc__name	resourceCREATE_TIME1201643042UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643042/webmail/skins/default/pIR

jim.thornton · 01-29-2008, 11:52 PM

Finally, part 3:

Code:

__expire_KEY1201646642KEY'/webmail/skins/default/pngbehavior.htcTIR
__expire_KEY1201665651KEY/robots.txtTIMEOUT3600__key/robots.txt__name	resourceCREATE_TIME1201662051UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201662051/robots.txtIR
__expire_KEY1201635414KEY$/templates/verve/js/md_fontsizer.jsTIMEOUT3600__key$/templates/verve/js/md_fontsizer.js__name	resourceCREATE_TIME1201631814UPDATE_COUNTER1alerted_960903_compressionIR
__expire_KEY1201652170KEY$/templates/verve/js/md_fontsizer.jsTIMEOUT3600__key$/templates/verve/js/md_fontsizer.js__name	resourceCREATE_TIME1201648570UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201648570/templates/verve/js/md_fontsizIR
__expire_KEY1201652170KEY$/templates/verve/js/md_fontsizer.jsTIMEOUT3600__key$/templates/verve/js/md_fontsizer.js__name	resourceCREATE_TIME1201648570UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201648570/templates/verve/js/md_fontsizer.jsIR
__expire_KEY1201498092KEY/phpMyAdmin/index.phpTIMEOUT3600__key/phpMyAdmin/index.php__name	resourceCREATE_TIME1201494492UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201494492/phpMyAdmin/index.phpIR
__expire_KEY1201633327KEY'/webmail/skins/default/googiespell.cssTIMEOUT3600__key'/webmail/skins/default/googiespell.css__name	resourceCREATE_TIME1201629727UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201629727/webmail/skins/default/googiespell.cssIR
__expire_KEY1200897186KEY#/webmail/skins/default/splitter.jsTIMEOUT3600__key#/webmail/skins/default/splitter.js__name	resourceCREATE_TIME1200893586UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200893586/webmail/skins/deIR
__expire_KEY1201646656KEY#/webmail/skins/default/splitter.jsTIMEOUT3600__key#/webmail/skins/default/splitter.js__name	resourceCREATE_TIME1201643056UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643056/webmail/skins/default/splitter.jsIR
__expire_KEY1200882887KEY
/phpmyadmin/TIMEOUT3600__key
/phpmyadmin/__name	resourceCREATE_TIME1200879287UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200879287/phpmyadmin/IR
__expire_KEY1201498093KEY*/phpMyAdmin/themes/original/img/error.icoTIMEOUT3600__key*/phpMyAdmin/themes/original/img/error.ico__name	resourceCREATE_TIME1201494493UPDATE_COUNTER1alerted_960903_comprIR
__expire_KEY1201498093IR
__expire_KEY1201633857KEY /includes/jceutils/payments.htmTIMEOUT3600__key
/includes/jceutils/payments.htm__name	resourceCREATE_TIME1201630257UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201630257/includes/jceutils/payments.htmNIIR
__expire_KEY1201631764KEY/webmail/program/js/common.jsTIMEOUT3600__key/webmail/program/js/common.js__name	resourceCREATE_TIME1201628164UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201628164/webmail/program/js/common.jsIR
__expire_KEY1201631725KEY+IR
__expire_KEY1201646642KEY/webmail/program/js/common.jsTIMEOUT3600__key/webmail/program/js/common.js__name	resourceCREATE_TIME1201643042UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643042/webmail/program/js/common.jsIR
__expire_KEY1201673919KEY+/mambots/system/jceutils/jscripts/utils.jsTIMEOUT3600__key+/mambots/system/jceutils/jscripts/utils.js__name	resourceCREATE_TIME1201670319UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670319/mambots/system/jceutils/jscripts/utils.jsIR
__expire_KEY1200882360KEY
 PMA_token
|s:32:"79765c0876bbfc6324e5928337c4710e";PMA_Config|O:10:"PMA_Config":11:{s:14:"default_source";s:30:"./libraries/config.default.php";s:8:"settings";a:191:{s:14:"PmaAbsoluteUri";s:29:"http://extra6.com/phpMyAdmin/";s:28:"PmaNoRelation_DisableWarning";b:1;s:15:"blowfish_secret";s:0:"";s:13:"ServerDefault";i:1;s:9:"MaxDbList";i:100;s:12:"MaxTableList";i:250;s:27:"MaxCharactersInDisplayedSQL";i:1000;s:6:"OBGzip";s:4:"auto";s:21:"PersistentConnections";b:0;s:8:"ForceSSL";b:0;s:13:"ExecTimeLimit";i:300;s:11:"MemoryLimit";i:0;s:16:"SkipLockedTables";b:0;s:7:"ShowSQL";b:1;s:21:"AllowUserDropDatabase";b:0;s:7:"Confirm";b:1;s:17:"LoginCookieRecall";b:1;s:19:"LoginCookieValidity";i:1800;s:16:"LoginCookieStore";i:0;s:20:"LoginCookieDeleteAll";b:1;s:11:"UseDbSearch";b:1;s:23:"IgnoreMultiSubmitErrors";b:0;s:18:"VerboseMultiSubmit";b:1;s:20:"AllowArbitraryServer";b:0;s:14:"LeftFrameLight";b:1;s:15:"LeftFrameDBTree";b:1;s:20:"LeftFrameDBSeparator";s:1:"_";s:23:"LeftFrameTableSeparator";s:2:"__";s:19:"LeftFrameTableLevel";s:1:"1";s:11:"ShowTooltip";b:1;s:18:"ShowTooltipAliasDB";b:0;s:18:"ShowTooltipAliasTB";b:0;s:15:"LeftDisplayLogo";b:1;s:12:"LeftLogoLink";s:8:"main.php";s:18:"LeftLogoLinkWindow";s:4:"main";s:18:"LeftDisplayServers";b:0;s:18:"DisplayServersList";b:0;s:20:"DisplayDatabasesList";s:4:"auto";s:9:"ShowStats";b:1;s:11:"ShowPhpInfo";b:0;s:14:"ShowServerInfo";b:1;s:15:"ShowChgPassword";b:0;s:12:"ShowCreateDb";b:1;s:13:"SuggestDBName";b:1;s:8:"ShowBlob";b:0;s:19:"NavigationBarIconic";b:1;s:7:"ShowAll";b:0;s:7:"MaxRows";i:30;s:5:"Order";s:3:"ASC";s:13:"ProtectBinary";s:4:"blob";s:18:"ShowFunctionFields";b:1;s:11:"CharEditing";s:5:"input";s:10:"InsertRows";i:2;s:23:"ForeignKeyDropdownOrder";a:2:{i:0;s:10:"content-id";i:1;s:10:"id-content";}s:18:"ForeignKeyMaxLimit";i:100;s:7:"ZipDump";b:1;s:8:"GZipDump";b:1;s:8:"BZipDump";b:1;s:13:"CompressOnFly";b:1;s:9:"LightTabs";b:0;s:16:"PropertiesIconic";b:1;s:20:"PropertiesNumColumns";i:1;s:16:"DefaultTabServer";s:8:"main.php";s:18:"DefaultTabDatabase";s:16:"db_structure.php";s:15:"DefaultTabTable";s:17:"tbl_structure.php";s:6:"Export";a:77:{s:6:"format";s:3:"sql";s:11:"compression";s:4:"none";s:6:"asfile";b:0;s:7:"charset";s:0:"";s:8:"onserver";b:0;s:18:"onserver_overwrite";b:0;s:22:"remember_file_template";b:1;s:19:"file_template_table";s:9:"__TABLE__";s:22:"file_template_database";s:6:"__DB__";s:20:"file_template_server";s:10:"__SERVER__";s:11:"ods_columns";b:0;s:8:"ods_null";s:4:"NULL";s:13:"odt_structure";b:1;s:8:"odt_data";b:1;s:11:"odt_columns";b:1;s:12:"odt_relation";b:1;s:12:"odt_comments";b:1;s:8:"odt_mime";b:1;s:8:"odt_null";s:4:"NULL";s:17:"htmlexcel_columns";b:0;s:14:"htmlexcel_null";s:4:"NULL";s:18:"htmlword_structure";b:1;s:13:"htmlword_data";b:1;s:16:"htmlword_columns";b:0;s:13:"htmlword_null";s:4:"NULL";s:11:"xls_columns";b:0;s:8:"xls_null";s:4:"NULL";s:11:"csv_columns";b:0;s:8:"csv_null";s:4:"NULL";s:13:"csv_separator";s:1:";";s:12:"csv_enclosed";s:6:""";s:11:"csv_escaped";s:1:"\";s:14:"csv_terminated";s:4:"AUTO";s:13:"excel_columns";b:0;s:10:"excel_null";s:4:"NULL";s:13:"excel_edition";s:3:"win";s:15:"latex_structure";b:1;s:10:"latex_data";b:1;s:13:"latex_columns";b:1;s:14:"latex_relation";b:1;s:14:"latex_comments";b:1;s:10:"latex_mime";b:1;s:10:"latex_null";s:13:"\textit{NULL}";s:13:"latex_caption";b:1;s:23:"latex_structure_caption";s:17:"strLatexStructure";s:33:"latex_structure_continued_caption";s:35:"strLatexStructure
strLatexContinued";s:18:"latex_data_caption";s:15:"strLatexContent";s:28:"latex_data_continued_caption";s:33:"strLatexContent
strLatexContinued";s:16:"latex_data_label";s:18:"tab:__TABLE__-data";s:21:"latex_structure_label";s:23:"tab:__TABLE__-structure";s:13:"sql_structure";b:1;s:8:"sql_data";b:1;s:17:"sql_compatibility";s:4:"NONE";s:14:"sql_disable_fk";b:0;s:19:"sql_use_transaction";b:0;s:17:"sql_drop_database";b:0;s:14:"sql_drop_table";b:0;s:17:"sql_if_not_exists";b:0;s:22:"sql_procedure_function";b:0;s:18:"sql_auto_increment";b:1;s:14:"sql_backquotes";b:1;s:9:"sql_dates";b:0;s:12:"sql_relation";b:0;s:11:"sql_columns";b:0;s:11:"sql_delayed";b:0;s:10:"sql_ignore";b:0;s:16:"sql_hex_for_blob";b:1;s:8:"sql_type";s:6:"insert";s:12:"sql_extended";b:0;s:18:"sql_max_query_size";i:50000;s:12:"sql_comments";b:0;s:8:"sql_mime";b:0;s:18:"sql_header_comment";s:0:"";s:13:"pdf_structure";b:0;s:8:"pdf_data";b:1;s:16:"pdf_report_title";s:0:"";s:18:"sql_hex_for_binary";b:1;}s:6:"Import";a:17:{s:6:"format";s:3:"sql";s:15:"allow_interrupt";b:1;s:12:"skip_queries";s:1:"0";s:17:"sql_compatibility";s:4:"NONE";s:11:"csv_replace";b:0;s:14:"csv_terminated";s:1:";";s:12:"csv_enclosed";s:1:""";s:11:"csv_escaped";s:1:"\";s:12:"csv_new_line";s:4:"auto";s:11:"csv_columns";s:0:"";s:11:"ldi_replace";b:0;s:14:"ldi_terminated";s:1:";";s:12:"ldi_enclosed";s:1:""";s:11:"ldi_escaped";s:1:"\";s:12:"ldi_new_line";s:4:"auto";s:11:"ldi_columns";s:0:"";s:16:"ldi_local_option";s:4:"auto";}s:15:"MySQLManualBase";s:33:"http://dev.mysql.com/doc/mysql/en";s:15:"MySQLManualType";s:10:"searchable";s:12:"PDFPageSizes";a:5:{i:0;s:2:"A3";i:1;s:2:"A4";i:2;s:2:"A5";i:3;s:6:"letter";i:4;s:5:"legal";}s:18:"PDFDefaultPageSize";s:2:"A4";s:11:"DefaultLang";s:13:"en-iso-8859-1";s:26:"DefaultConnectionCollation";s:15:"utf8_unicode_ci";s:15:"FilterLanguages";s:0:"";s:14:"DefaultCharset";s:10:"iso-8859-1";s:21:"AllowAnywhereRecoding";b:0;s:14:"RecodingEngine";s:4:"auto";s:16:"IconvExtraParams";s:0:"";s:17:"AvailableCharsets";a:30:{i:0;s:10:"iso-8859-1";i:1;s:10:"iso-8859-2";i:2;s:10:"iso-8859-3";i:3;s:10:"iso-8859-4";i:4;s:10:"iso-8859-5";i:5;s:10:"iso-8859-6";i:6;s:10:"iso-8859-7";i:7;s:10:"iso-8859-8";i:8;s:10:"iso-8859-9";i:9;s:11:"iso-8859-10";i:10;s:11:"iso-8859-11";i:11;s:11:"iso-8859-12";i:12;s:11:"iso-8859-13";i:13;s:11:"iso-8859-14";i:14;s:11:"iso-8859-15";i:15;s:12:"windows-1250";i:16;s:12:"windows-1251";i:17;s:12:"windows-1252";i:18;s:12:"windows-1256";i:19;s:12:"windows-1257";i:20;s:6:"koi8-r";i:21;s:4:"big5";i:22;s:6:"gb2312";i:23;s:5:"utf-8";i:24;s:5:"utf-7";i:25;s:14:"x-user-defined";i:26;s:6:"euc-jp";i:27;s:14:"ks_c_5601-1987";i:28;s:7:"tis-620";i:29;s:9:"SHIFT_JIS";}s:17:"LeftPointerEnable";b:1;s:19:"BrowsePointerEnable";b:1;s:18:"BrowseMarkerEnable";b:1;s:12:"TextareaCols";i:40;s:12:"TextareaRows";i:7;s:22:"LongtextDoubleTextarea";b:1;s:18:"TextareaAutoSelect";b:1;s:16:"CharTextareaCols";i:40;s:16:"CharTextareaRows";i:2;s:16:"CtrlArrowsMoving";b:1;s:10:"LimitChars";i:50;s:18:"ModifyDeleteAtLeft";b:1;s:19:"ModifyDeleteAtRight";b:0;s:14:"DefaultDisplay";s:10:"horizontal";s:18:"DefaultPropDisplay";s:10:"horizontal";s:14:"HeaderFlipType";s:3:"css";s:18:"ShowBrowseComments";b:1;s:20:"ShowPropertyComments";b:1;s:11:"RepeatCells";i:100;s:12:"EditInWindow";b:1;s:16:"QueryWindowWidth";i:600;s:17:"QueryWindowHeight";i:400;s:14:"QueryHistoryDB";b:0;s:17:"QueryWindowDefTab";s:3:"sql";s:15:"QueryHistoryMax";i:25;s:10:"BrowseMIME";b:1;s:13:"MaxExactCount";i:20000;s:18:"MaxExactCountViews";i:0;s:11:"WYSIWYG-PDF";b:1;s:12:"NaturalOrder";b:1;s:10:"TitleTable";s:61:"@HTTP_HOST@
/ @VSERVER@ / @DATABASE@ / @TABLE@ |
@PHPMYADMIN@";s:13:"TitleDatabase";s:51:"@HTTP_HOST@ / @VSERVER@ / @DATABASE@ |
@PHPMYADMIN@";s:11:"TitleServer";s:38:"@HTTP_HOST@ / @VSERVER@ |
@PHPMYADMIN@";s:12:"TitleDefault";s:26:"@HTTP_HOST@ |
@PHPMYADMIN@";s:11:"ErrorIconic";b:1;s:14:"MainPageIconic";b:1;s:14:"ReplaceHelpImg";b:1;s:9:"ThemePath";s:8:"./themes";s:12:"ThemeManager";b:1;s:12:"ThemeDefault";s:8:"original";s:14:"ThemePerServer";b:0;s:17:"DefaultQueryTable";s:24:"SELECT
* FROM %t WHERE
1";s:20:"DefaultQueryDatabase";s:0:"";s:8:"SQLQuery";a:5:{s:4:"Edit";b:1;s:7:"Explain";b:1;s:9:"ShowAsPHP";b:1;s:8:"Validate";b:0;s:7:"Refresh";b:1;}s:9:"UploadDir";s:0:"";s:7:"SaveDir";s:0:"";s:7:"TempDir";s:0:"";s:12:"GD2Available";s:4:"auto";s:14:"TrustedProxies";a:0:{}s:3:"SQP";a:4:{s:7:"fmtType";s:4:"html";s:6:"fmtInd";s:1:"1";s:10:"fmtIndUnit";s:2:"em";s:8:"fmtColor";a:21:{s:7:"comment";s:7:"#808000";s:13:"comment_mysql";s:0:"";s:12:"comment_ansi";s:0:"";s:9:"comment_c";s:0:"";s:5:"digit";s:0:"";s:9:"digit_hex";s:4:"teal";s:13:"digit_integer";s:4:"teal";s:11:"digit_float";s:4:"aqua";s:5:"punct";s:7:"fuchsia";s:5:"alpha";s:0:"";s:16:"alpha_columnTy
pe";s:7:"#FF9900";s:18:"alpha_columnAttrib";s:7:"#0000FF";s:18:"alpha_reservedWord";s:7:"#990099";s:18:"alpha_functionName";s:7:"#FF0000";s:16:"alpha_identifier";s:5:"black";s:13:"alpha_charset";s:7:"#6495ed";s:14:"alpha_variable";s:7:"#800000";s:5:"quote";s:7:"#008000";s:12:"quote_double";s:0:"";s:12:"quote_single";s:0:"";s:14:"quote_backtick";s:0:"";}}s:12:"SQLValidator";a:3:{s:3:"use";b:0;s:8:"username";s:0:"";s:8:"password";s:0:"";}s:3:"DBG";a:2:{s:6:"enable";b:0;s:7:"profile";a:2:{s:6:"enable";b:0;s:9:"threshold";d:0.5;}}s:11:"ColumnTypes";a:27:{i:0;s:7:"VARCHAR";i:1;s:7:"TINYINT";i:2;s:4:"TEXT";i:3;s:4:"DATE";i:4;s:8:"SMALLINT";i:5;s:9:"MEDIUMINT";i:6;s:3:"INT";i:7;s:6:"BIGINT";i:8;s:5:"FLOAT";i:9;s:6:"DOUBLE";i:10;s:7:"DECIMAL";i:11;s:8:"DATETIME";i:12;s:9:"TIMESTAMP";i:13;s:4:"TIME";i:14;s:4:"YEAR";i:15;s:4:"CHAR";i:16;s:8:"TINYBLOB";i:17;s:8:"TINYTEXT";i:18;s:4:"BLOB";i:19;s:10:"MEDIUMBLOB";i:20;s:10:"MEDIUMTEXT";i:21;s:8:"LONGBLOB";i:22;s:8:"LONGTEXT";i:23;s:4:"ENUM";i:24;s:3:"SET";i:25;s:6:"BINARY";i:26;s:9:"VARBINARY";}s:14:"AttributeTypes";a:4:{i:0;s:0:"";i:1;s:6:"BINARY";i:2;s:8:"UNSIGNED";i:3;s:17:"UNSIGNED
ZEROFILL";}s:9:"Functions";a:26:{i:0;s:5:"ASCII";i:1;s:4:"CHAR";i:2;s:7:"SOUNDEX";i:3;s:5:"LCASE";i:4;s:5:"UCASE";i:5;s:3:"NOW";i:6;s:8:"PASSWORD";i:7;s:3:"MD5";i:8;s:4:"SHA1";i:9;s:7:"ENCRYPT";i:10;s:4:"RAND";i:11;s:14:"LAST_INSERT_ID";i:12;s:5:"COUNT";i:13;s:3:"AVG";i:14;s:3:"SUM";i:15;s:7:"CURDATE";i:16;s:7:"CURTIME";i:17;s:9:"FROM_DAYS";i:18;s:13:"FROM_UNIXTIME";i:19;s:10:"PERIOD_ADD";i:20;s:11:"PERIOD_DIFF";i:21;s:7:"TO_DAYS";i:22;s:14:"UNIX_TIMESTAMP";i:23;s:4:"USER";i:24;s:7:"WEEKDAY";i:25;s:6:"CONCAT";}s:19:"RestrictColumnTypes";a:25:{s:7:"VARCHAR";s:9:"FUNC_CHAR";s:7:"TINYINT";s:11:"FUNC_NUMBER";s:4:"TEXT";s:9:"FUNC_CHAR";s:4:"DATE";s:9:"FUNC_DATE";s:8:"SMALLINT";s:11:"FUNC_NUMBER";s:9:"MEDIUMINT";s:11:"FUNC_NUMBER";s:3:"INT";s:11:"FUNC_NUMBER";s:6:"BIGINT";s:11:"FUNC_NUMBER";s:5:"FLOAT";s:11:"FUNC_NUMBER";s:6:"DOUBLE";s:11:"FUNC_NUMBER";s:7:"DECIMAL";s:11:"FUNC_NUMBER";s:8:"DATETIME";s:9:"FUNC_DATE";s:9:"TIMESTAMP";s:9:"FUNC_DATE";s:4:"TIME";s:9:"FUNC_DATE";s:4:"YEAR";s:9:"FUNC_DATE";s:4:"CHAR";s:9:"FUNC_CHAR";s:8:"TINYBLOB";s:9:"FUNC_CHAR";s:8:"TINYTEXT";s:9:"FUNC_CHAR";s:4:"BLOB";s:9:"FUNC_CHAR";s:10:"MEDIUMBLOB";s:9:"FUNC_CHAR";s:10:"MEDIUMTEXT";s:9:"FUNC_CHAR";s:8:"LONGBLOB";s:9:"FUNC_CHAR";s:8:"LONGTEXT";s:9:"FUNC_CHAR";s:4:"ENUM";s:0:"";s:3:"SET";s:0:"";}s:17:"RestrictFunctions";a:3:{s:9:"FUNC_CHAR";a:12:{i:0;s:5:"ASCII";i:1;s:4:"CHAR";i:2;s:7:"SOUNDEX";i:3;s:5:"LCASE";i:4;s:5:"UCASE";i:5;s:8:"PASSWORD";i:6;s:3:"MD5";i:7;s:4:"SHA1";i:8;s:7:"ENCRYPT";i:9;s:14:"LAST_INSERT_ID";i:10;s:4:"USER";i:11;s:6:"CONCAT";}s:9:"FUNC_DATE";a:10:{i:0;s:3:"NOW";i:1;s:7:"CURDATE";i:2;s:7:"CURTIME";i:3;s:9:"FROM_DAYS";i:4;s:13:"FROM_UNIXTIME";i:5;s:10:"PERIOD_ADD";i:6;s:11:"PERIOD_DIFF";i:7;s:7:"TO_DAYS";i:8;s:14:"UNIX_TIMESTAMP";i:9;s:7:"WEEKDAY";}s:11:"FUNC_NUMBER";a:10:{i:0;s:5:"ASCII";i:1;s:4:"CHAR";i:2;s:3:"MD5";i:3;s:4:"SHA1";i:4;s:7:"ENCRYPT";i:5;s:4:"RAND";i:6;s:14:"LAST_INSERT_ID";i:7;s:5:"COUNT";i:8;s:3:"AVG";i:9;s:3:"SUM";}}s:16:"DefaultFunctions";a:4:{s:9:"FUNC_CHAR";s:0:"";s:9:"FUNC_DATE";s:0:"";s:11:"FUNC_NUMBER";s:0:"";s:15:"first_timestamp";s:3:"NOW";}s:12:"NumOperators";a:8:{i:0;s:1:"=";i:1;s:1:">";i:2;s:2:">=";i:3;s:1:"<";i:4;s:2:"<=";i:5;s:2:"!=";i:6;s:4:"LIKE";i:7;s:8:"NOT
LIKE";}s:13:"TextOperators";a:7:{i:0;s:4:"LIKE";i:1;s:10:"LIKE
%...%";i:2;s:8:"NOT
LIKE";i:3;s:1:"=";i:4;s:2:"!=";i:5;s:6:"REGEXP";i:6;s:10:"NOT
REGEXP";}s:13:"EnumOperators";a:2:{i:0;s:1:"=";i:1;s:2:"!=";}s:12:"SetOperators";a:2:{i:0;s:2:"IN";i:1;s:6:"NOT
IN";}s:13:"NullOperators";a:2:{i:0;s:7:"IS NULL";i:1;s:11:"IS NOT
NULL";}s:14:"UnaryOperators";a:2:{s:7:"IS NULL";i:1;s:11:"IS NOT
NULL";i:1;}s:8:"fontsize";s:3:"82%";s:29:"PmaAbsoluteUri_DisableWarning";b:1;s:7:"Servers";a:1:{i:1;a:31:{s:4:"host";s:9:"localhost";s:4:"port";s:0:"";s:6:"socket";s:0:"";s:3:"ssl";b:0;s:12:"connect_type";s:3:"tcp";s:9:"extension";s:5:"mysql";s:8:"compress";b:0;s:11:"controluser";s:0:"";s:11:"controlpass";s:0:"";s:9:"auth_type";s:4:"http";s:4:"user";s:4:"root";s:8:"password";s:0:"";s:13:"SignonSession";s:0:"";s:9:"SignonURL";s:0:"";s:9:"LogoutURL";s:0:"";s:10:"nopassword";b:0;s:7:"only_db";s:0:"";s:7:"hide_db";s:0:"";s:7:"verbose";s:0:"";s:5:"pmadb";s:0:"";s:13:"bookmarktable";s:0:"";s:8:"relation";s:0:"";s:10:"table_info";s:0:"";s:12:"table_coords";s:0:"";s:9:"pdf_pages";s:0:"";s:11:"column_info";s:0:"";s:7:"history";s:0:"";s:15:"designer_coords";s:0:"";s:13:"verbose_check";b:1;s:9:"AllowRoot";b:1;s:9:"AllowDeny";a:2:{s:5:"order";s:0:"";s:5:"rules";a:0:{}}}}s:6:"Server";a:31:{s:4:"host";s:9:"localhost";s:4:"port";s:0:"";s:6:"socket";s:0:"";s:3:"ssl";b:0;s:12:"connect_type";s:3:"tcp";s:9:"extension";s:5:"mysql";s:8:"compress";b:0;s:11:"controluser";s:0:"";s:11:"controlpass";s:0:"";s:9:"auth_type";s:4:"http";s:4:"user";s:15:"theverve_joomla";s:8:"password";s:11:"valleyskate";s:13:"SignonSession";s:0:"";s:9:"SignonURL";s:0:"";s:9:"LogoutURL";s:0:"";s:10:"nopassword";b:0;s:7:"only_db";s:0:"";s:7:"hide_db";s:0:"";s:7:"verbose";s:0:"";s:5:"pmadb";s:0:"";s:13:"bookmarktable";s:0:"";s:8:"relation";s:0:"";s:10:"table_info";s:0:"";s:12:"table_coords";s:0:"";s:9:"pdf_pages";s:0:"";s:11:"column_info";s:0:"";s:7:"history";s:0:"";s:15:"designer_coords";s:0:"";s:13:"verbose_check";b:1;s:9:"AllowRoot";b:1;s:9:"AllowDeny";a:2:{s:5:"order";s:0:"";s:5:"rules";a:0:{}}}s:13:"ShowMysqlInfo";b:0;s:13:"ShowMysqlVars";b:0;s:10:"QueryFrame";b:1;s:12:"QueryFrameJS";b:1;s:17:"ShowHttpHostTitle";b:1;s:16:"SetHttpHostTitle";s:0:"";s:9:"docSQLDir";s:0:"";s:12:"FileRevision";s:17:"$Revision:
2.41
$";s:20:"collation_connection";s:15:"utf8_unicode_ci";s:11:"PMA_VERSION";s:6:"2.11.3";s:17:"PMA_THEME_VERSION";i:2;s:20:"PMA_THEME_GENERATION";i:2;s:19:"PMA_PHP_INT_VERSION";i:50205;s:19:"PMA_PHP_STR_VERSION";s:5:"5.2.5";s:14:"PMA_IS_WINDOWS";i:0;s:10:"PMA_IS_IIS";i:0;s:10:"PMA_IS_GD2";i:1;s:10:"PMA_USR_OS";s:3:"Win";s:19:"PMA_USR_BROWSER_VER";s:3:"5.0";s:21:"PMA_USR_BROWSER_AGENT";s:7:"MOZILLA";s:13:"enable_upload";b:1;s:15:"max_upload_size";i:2097152;s:8:"is_https";b:0;s:9:"NaviWidth";i:200;s:9:"NaviColor";s:7:"#000000";s:14:"NaviBackground";s:7:"#D0DCE0";s:16:"NaviPointerColor";s:7:"#000000";s:21:"NaviPointerBackground";s:7:"#9999CC";s:21:"NaviDatabaseNameColor";s:7:"#0000FF";s:9:"MainColor";s:7:"#000000";s:14:"MainBackground";s:7:"#F5F5F5";s:18:"BrowsePointerColor";s:7:"#000000";s:23:"BrowsePointerBackground";s:7:"#CCFFCC";s:17:"BrowseMarkerColor";s:7:"#000000";s:22:"BrowseMarkerBackground";s:7:"#FFCC99";s:10:"FontFamily";s:10:"sans-serif";s:15:"FontFamilyFixed";s:9:"monospace";s:6:"Border";i:0;s:12:"ThBackground";s:7:"#D3DCE3";s:7:"ThColor";s:7:"#000000";s:5:"BgOne";s:7:"#E5E5E5";s:5:"BgTwo";s:7:"#D5D5D5";s:12:"theme-update";s:8:"original";s:8:"Bookmark";a:0:{}}s:6:"source";s:16:"./config.inc.php";s:12:"source_mtime";i:1200794208;s:20:"default_source_mtime";i:1197118043;s:9:"set_mtime";i:1201494488;s:17:"error_config_file";b:0;s:25:"error_config_default_file";b:0;s:13:"error_pma_uri";b:0;s:14:"default_server";a:31:{s:4:"host";s:9:"localhost";s:4:"port";s:0:"";s:6:"socket";s:0:"";s:3:"ssl";b:0;s:12:"connect_type";s:3:"tcp";s:9:"extension";s:5:"mysql";s:8:"compress";b:0;s:11:"controluser";s:0:"";s:11:"controlpass";s:0:"";s:9:"auth_type";s:6:"config";s:4:"user";s:4:"root";s:8:"password";s:0:"";s:13:"SignonSession";s:0:"";s:9:"SignonURL";s:0:"";s:9:"LogoutURL";s:0:"";s:10:"nopassword";b:0;s:7:"only_db";s:0:"";s:7:"hide_db";s:0:"";s:7:"verbose";s:0:"";s:5:"pmadb";s:0:"";s:13:"bookmarktable";s:0:"";s:8:"relation";s:0:"";s:10:"table_info";s:0:"";s:12:"table_coords";s:0:"";s:9:"pdf_pages";s:0:"";s:11:"column_info";s:0:"";s:7:"history";s:0:"";s:15:"designer_coords";s:0:"";s:13:"verbose_check";b:1;s:9:"AllowRoot";b:1;s:9:"AllowDeny";a:2:{s:5:"order";s:0:"";s:5:"rules";a:0:{}}}s:4:"done";b:0;}PMA_Theme_Manager|O:17:"PMA_Theme_Manager":7:{s:12:"_themes_path";s:8:"./themes";s:6:"themes";a:2:{s:15:"darkblue_orange";O:9:"PMA_Theme":7:{s:7:"version";s:3:"2.9";s:4:"name";s:15:"Darkblue/orange";s:2:"id";s:15:"darkblue_orange";s:4:"path";s:24:"./themes/darkblue_orange";s:8:"img_path";s:29:"./themes/darkb
lue_orange/img/";s:5:"types";a:3:{i:0;s:4:"left";i:1;s:5:"right";i:2;s:5:"print";}s:10:"mtime_info";i:1197118043;}s:8:"original";O:9:"PMA_Theme":7:{s:7:"version";s:3:"2.9";s:4:"name";s:8:"Original";s:2:"id";s:8:"original";s:4:"path";s:17:"./themes/original";s:8:"img_path";s:22:"./themes/original/img/";s:5:"types";a:3:{i:0;s:4:"left";i:1;s:5:"right";i:2;s:5:"print";}s:10:"mtime_info";i:1197118043;}}s:11:"cookie_name";s:9:"pma_theme";s:10:"per_server";b:0;s:12:"active_theme";s:8:"original";s:5:"theme";O:9:"PMA_Theme":7:{s:7:"version";s:3:"2.9";s:4:"name";s:8:"Original";s:2:"id";s:8:"original";s:4:"path";s:17:"./themes/original";s:8:"img_path";s:22:"./themes/original/img/";s:5:"types";a:3:{i:0;s:4:"left";i:1;s:5:"right";i:2;s:5:"print";}s:10:"mtime_info";i:1197118043;}s:13:"theme_default";s:8:"original";}PMA_Theme|r:645;navi_limit_offset|i:0;table_limit_offset|i:0;^

Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... not tested: can't exec
Checking `rexedcs'... not found
Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `w55808'... not infected
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... not tested: can't exec ./chklastlog
Checking `chkutmp'... not tested: can't exec ./chkutmp

Any help as to why this is doing this would be greatly appreciated.

unSpawn · 01-30-2008, 07:25 AM

0. Not the right PWD.

Quote:

Checking `ldsopreload'... can't exec ./strings-static, not tested

This means you didn't run CRT from the directory where it resides and that is a bad idea since it still can't find the compiled helper binaries on its own.

1. Suspicious files.

Quote:

Searching for suspect PHP files...

New in CRT-0.48, the code looks like this:

Code:

   1109       printn "Searching for suspect PHP files... "; fi
   1110       files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
   1111       fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | grep php 2> /dev/null`"

This piece of code searches the directorynames "/tmp" and "/var/tmp" for filenames that end in ".php". The first line of each result is then grepped for the string "php" and the result of that is shown.

There are a few problems attached to this:
- it is an inflexible approach: the directorynames are hardcoded in the source, what if you configured another directory?,
- it is crude: only filenames that end in ".php" are found: no variations like say ".php3" or include files or PHP files that just don't have the extension,
- it is not doing anything but signal that a file has the case-sensitive string "php".
- its header says "suspect" but that is only true there should not be any PHP scripts in temporary directories (which shouldn't be the case), but a script is only hostile if the PHP code allows hostile actions.

You'll see false postivies if you run CRT while using /tmp as a temporary directory for unpacking and installing PHP-based applications. Not to promote Rootkit Hunter but that's why I added "suspscan" (which is off by default) to be configurable and only look for terms (updates and additions welcome) that signal hostile intentions.

2. Dunno
I think we're missing some lines before "Searching for anomalies in shell history files... nothing found". Maybe you didn't paste right.
I'd run CRT again in debug mode (cd /wherever/its/installedorcompiled; sh -vx ./chkrootkit --any-args-you-need 2>&1 | tee ./chkrootkit.tee ) and attach that to a post to the crt-users mailing list for Nelson to answer.