Results 1 to 3 of 3
  1. #1
    Join Date
    Dec 2005

    [ask] checking finnd file infected

    Hi i just received file infected when scan using chrootkit, anybody can help?

    it said

    "bindshell - infected ( port : 465)"

    is it dangerous? any idea how to fix?

  2. #2
    Join Date
    Dec 2006
    If you're running PortSentry that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp,
    45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).

    You can check if portsentry binds port 465 to itself by executing command netstat -lpn | grep 465.
    Reverse engineering Rocks

  3. #3
    Join Date
    Oct 2002
    State of Disbelief
    Moved from dedicated server tutorials
    Having problems, or maybe questions about WHT? Head over to the help desk!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts