Author Topic: Can I Safely Delete A Rkhunter File?  (Read 7621 times)

Adler

  • Newbie
  • *
  • Posts: 27
    • View Profile
    • Biotech Manager
on: March 05, 2015, 10:38:29 AM
Hi All,

I've just run Rkhunter, and found 1 suspect file:

http://0bin.net/paste/QuPJczOoHpzuDrFF#LNmP-oM/zaV4rZPZhvqrVxpml22HwQjsbhEglzBveSt

Can I safely delete this file? I've been reading that you must be very carefully reacting to any Rkhunter issues. BTW, I am running BB 4.0, and have run ClamTk, and deleted all issues, that I found.

Thanks in advance for any responses.

« Last Edit: March 05, 2015, 01:49:51 PM by ZEROF »

Adler
Serious Scientist - In The Deserts of Arizona


Adler

  • Newbie
  • *
  • Posts: 27
    • View Profile
    • Biotech Manager
Reply #1 on: March 05, 2015, 12:51:43 PM
Hi All,

This has now become very weird.

Normally, when I open terminal I get this:

XXXXX@XXXXX-HP-Spectre-XT-Ultrabook-PC:~$


I am in the last 1/2 hour getting this:

XXXXX@sachem:~$

Help! Have I been seriously hacked?

Adler
Serious Scientist - In The Deserts of Arizona


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #2 on: March 05, 2015, 01:47:22 PM
Man, what you are talking about? If your hostname was replaced it's because you used anonymous mode. If that is not the case check your auth logs. If you get some warrnings from rootkit and av scanners, open that files with any editor and see if they have some strange code inside etc.

Anyway this is BackBox community forum and not "save my pc". And use some paste services when you post terminal logs.
« Last Edit: March 05, 2015, 01:53:57 PM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #3 on: March 06, 2015, 02:55:50 PM
Help! Have I been seriously hacked?
Yes!! You are under attack!! Disconnect all your machines ASAP!!

una voce libera รจ sempre liberatrice
under_r00t