[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 28/01/11 18:04, Paul Sutton wrote: > > just running chkrootkit is there anything below i should be worried > about ? I don't think so. > Checking `aliens'... > /dev/shm/pulse-shm-3620034508 This is the most worrying, but appears to be a common false positive for chkrootkit, so now an excellent name to use for your root kit. If you use pulse audio (and many GNU/Linux installs do), then this is probably fine. > Searching for suspicious files and dirs, it may take a while... The > following suspicious files and directories were found: > /usr/lib/pymodules/python2.6/.path > /usr/lib/pymodules/python2.6/PyQt4/uic/widget-plugins/.noinit > /usr/lib/thunderbird-3.1.7/.autoreg /usr/lib/xulrunner-1.9.2.13/.autoreg > /usr/lib/firefox-3.6.13/.autoreg It is just finding various "hidden" files, they look plausibly boring. > wlan0: PACKET SNIFFER(/sbin/wpa_supplicant[1086], /sbin/dhclient3[1772]) The wireless software sniffs the wireless interface - sounds plausibly normal. > xulrunner sounds familar but not in the sense its malicious or anything, XUL (XML user interface) is the GUI language bit of Firefox and Thunderbird amongst other apps. XULrunner is a (very common) runtime for that language, so it suggests you are running software written by, or using libraries by, Mozilla. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq