Author Topic: Can I Safely Delete A Rkhunter File? (Read 7822 times)

Adler · **on:** March 05, 2015, 10:38:29 AM

Hi All,

I've just run Rkhunter, and found 1 suspect file:

http://0bin.net/paste/QuPJczOoHpzuDrFF#LNmP-oM/zaV4rZPZhvqrVxpml22HwQjsbhEglzBveSt

Can I safely delete this file? I've been reading that you must be very carefully reacting to any Rkhunter issues. BTW, I am running BB 4.0, and have run ClamTk, and deleted all issues, that I found.

Thanks in advance for any responses.

Adler · **Reply #1 on:** March 05, 2015, 12:51:43 PM

Hi All,

This has now become very weird.

Normally, when I open terminal I get this:

XXXXX@XXXXX-HP-Spectre-XT-Ultrabook-PC:~$

I am in the last 1/2 hour getting this:

XXXXX@sachem:~$

Help! Have I been seriously hacked?

ZEROF · **Reply #2 on:** March 05, 2015, 01:47:22 PM

Man, what you are talking about? If your hostname was replaced it's because you used anonymous mode. If that is not the case check your auth logs. If you get some warrnings from rootkit and av scanners, open that files with any editor and see if they have some strange code inside etc.

Anyway this is BackBox community forum and not "save my pc". And use some paste services when you post terminal logs.

weVeg · **Reply #3 on:** March 06, 2015, 02:55:50 PM

Quote from: Adler on March 05, 2015, 12:51:43 PM

Help! Have I been seriously hacked?

Yes!! You are under attack!! Disconnect all your machines ASAP!!

Author Topic: Can I Safely Delete A Rkhunter File? (Read 7822 times)

Adler

Can I Safely Delete A Rkhunter File?

Adler

Re: Can I Safely Delete A Rkhunter File?

ZEROF

Re: Can I Safely Delete A Rkhunter File?

weVeg

Re: Can I Safely Delete A Rkhunter File?