Jump to content
Posted 25 April 2016 - 08:58 PM
Posted 25 April 2016 - 11:41 PM
Please provide the details of your system. (OS name and version)
As this could be a false positive would you mind doing a scan with 'chkrootkit'
Also open a terminal window and type:
ls (that's the letters L and S,lowercase)
Post back with the results.
Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux
and a custom Linux From Scratch server hosting a bunch of top secret stuff.
Posted 26 April 2016 - 10:22 AM
it's HIGHLY likely this is a false positiive .. you can see what ARK 1.0 and 1.0.1 replaced here:
WARNING .. if you decide to download the archives on that page, DO NOT run any of the included binaries .. in fact there's no need to download the archive (or even visit the page), it lists the binaries that are replaced, so you just need to check these:-
syslogd, login, sshd, ls, du, ps, pstree, killall, and netstat
haven't been replaced on your system.
I guess you can either reinstall those, or check their hashes against known good versions.
ARK dates from 2000, so the chances of you actually being backdoored are small .. but worth checking nonetheless.
Edited by Linux_User, 26 April 2016 - 10:31 AM.
0 members, 0 guests, 0 anonymous users