Can I Safely Delete A Rkhunter File?

Started by Adler, March 05, 2015, 10:38:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Adler

March 05, 2015, 10:38:29 AM Last Edit: March 05, 2015, 01:49:51 PM by ZEROF
Hi All,

I've just run Rkhunter, and found 1 suspect file:

http://0bin.net/paste/QuPJczOoHpzuDrFF#LNmP-oM/zaV4rZPZhvqrVxpml22HwQjsbhEglzBveSt

Can I safely delete this file? I've been reading that you must be very carefully reacting to any Rkhunter issues. BTW, I am running BB 4.0, and have run ClamTk, and deleted all issues, that I found.

Thanks in advance for any responses.

Adler
Serious Scientist - In The Deserts of Arizona

Adler

#1
March 05, 2015, 12:51:43 PM
Hi All,

This has now become very weird.

Normally, when I open terminal I get this:

XXXXX@XXXXX-HP-Spectre-XT-Ultrabook-PC:~$

I am in the last 1/2 hour getting this:

XXXXX@sachem:~$

Help! Have I been seriously hacked?
Adler
Serious Scientist - In The Deserts of Arizona

ZEROF

#2
March 05, 2015, 01:47:22 PM Last Edit: March 05, 2015, 01:53:57 PM by ZEROF
Man, what you are talking about? If your hostname was replaced it's because you used anonymous mode. If that is not the case check your auth logs. If you get some warrnings from rootkit and av scanners, open that files with any editor and see if they have some strange code inside etc.

Anyway this is BackBox community forum and not "save my pc". And use some paste services when you post terminal logs.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

weVeg

#3
March 06, 2015, 02:55:50 PM
Quote from: Adler on March 05, 2015, 12:51:43 PM
Help! Have I been seriously hacked?
Yes!! You are under attack!! Disconnect all your machines ASAP!!
una voce libera รจ sempre liberatrice
under_r00t
Print
Go Up Pages1
User actions