Results 1 to 3 of 3
  1. #1
    Join Date
    Jun 2006
    Location
    Ahh' UnderPants
    Posts
    1,012

    Chkrootkit scan shows many suspicious files and directories

    Hi Masters, I need your help,

    My chkrootkit scan shows me a lot of files in suspicious files and directories, It didnt used to show like this before, but for last 1 month my server is very unstable, it has a lot of heavy mysql processess without many websites using mysql, I can see updatedb and find process in the top command results, and system load goes upto 50-60 making eveything unusable.

    the following is the listing of suspicious files and directories according to chkrootkir result, is mt system compromised? What is suggested for me?

    Searching for suspicious files and dirs, it may take a while...
    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Digest/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Storable/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/CIDR/Lite/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/IO/Socket/SSL/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Module/Build/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/mytop/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/mod_perl2/.packlist /usr/lib/gtk-2.0/immodules/.relocation-tag /lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac



  2. #2
    Join Date
    Feb 2006
    Location
    Buffalo NY
    Posts
    1,348
    Quote Originally Posted by Woooo View Post
    Hi Masters, I need your help,

    My chkrootkit scan shows me a lot of files in suspicious files and directories, It didnt used to show like this before, but for last 1 month my server is very unstable, it has a lot of heavy mysql processess without many websites using mysql, I can see updatedb and find process in the top command results, and system load goes upto 50-60 making eveything unusable.

    the following is the listing of suspicious files and directories according to chkrootkir result, is mt system compromised? What is suggested for me?
    Those are likely fine - you'll need to understand that chkrootkit (and others like rkhunter) tend to report a lot of false positives as it's going solely on characteristics of files, scripts, and so forth (uses perl / awk / sed / etc to try to find things).

    Those just look like left over perl stuff, I wouldn't worry too much.
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Let's Encrypt Sponsor.

  3. #3
    Join Date
    Jun 2006
    Location
    Ahh' UnderPants
    Posts
    1,012
    Oh thankyou sir

    I am worryfree now.



Similar Threads

  1. suspicious files in tmp
    By UnrealSilence in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-25-2006, 02:43 PM
  2. INFECTED bindshell from chkrootkit scan...
    By xxkylexx in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-16-2006, 11:57 AM
  3. CHKrootkit Scan Details -bindshell infected- how can i fix?
    By cyberturk in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-01-2006, 10:36 PM
  4. suspicious files on server
    By Hosting Champ in forum Hosting Security and Technology
    Replies: 9
    Last Post: 06-25-2005, 08:34 PM
  5. CHKROOTKIT shows:Slapper Worm installed
    By jpayam in forum Hosting Security and Technology
    Replies: 6
    Last Post: 05-15-2004, 06:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •