OK, I think I have attached a text file copy of a chkrootkit scan I did on my Knoppix system computer, and it mentions some suspicious files and I don't know if I shouldn't worry about them, or if they are something, what I would have to do to remove them. So, I am trying to post them here, and I really don't know if the file uploaded or not. It shows in the window when I push the attach file button, but, I don't see any indicator that the file is attached at this time. When I post I guess I will know. So, if anyone can tell me what these "suspicious files" are about and what I should do about them, I would really appreciate it.
Greetings, E-Tramp.
FWIW, .NET files come with the monthly security updates from Microsoft if
you opt to do recommended Windows Updates.
I presume the .NET material is harmless.
Since I dont use any of their .NET services, these updates have the
somewhat the same characteristic as spam in my situation.
I have to admit I don't get this. Why would there even be .NET files in a Knoppix OS? I don't even know why I would have any files for .NET anything. I certainly haven't installed any .NET on my Knoppix system. Obviously this looks like a directory for a java program in root,usr, but, what does it go to and why? How can I track down what it is doing there?
The following suspicious files and directories were found:
/usr/lib/jvm/.java-1.6.0-openjdk-i386.jinfo /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib/debug/.build-id /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/eclipse/p2/org.eclipse.eq
Leaving out the part that's NOT suspicious...Originally Posted by E-Tramp
I don't know what it all means, but .NET is only part of what you've been told is suspicious.Code:I've re-formatted the 'suspicious' part of your file in post #1: root@Microknoppix:/home/knoppix# sudo chkrootkit Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: /usr/lib/jvm/.java-1.6.0-openjdk-i386.jinfo /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib/debug/.build-id /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data/.settings /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.lock /usr/lib/eclipse/dropins/jdt/plugins/org.eclipse.jdt.debug_3.7.1.dist/.api_description /usr/lib/eclipse/dropins/sdk/plugins/org.eclipse.pde.build_3.7.0.dist/.api_description /usr/lib/eclipse/dropins/sdk/plugins/org.eclipse.pde.build_3.7.0.dist/.options /usr/lib/eclipse/.eclipseproduct /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/28/1/.cp /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/147/1/.cp /usr/lib/eclipse/plugins/org.eclipse.ui.intro.universal_3.2.500.dist/.api_description /usr/lib/eclipse/plugins/org.eclipse.ui.intro.universal_3.2.500.dist/.options /usr/lib/eclipse/plugins/org.eclipse.core.runtime.compatibility.registry_3.5.0.dist/.api_description /usr/lib/eclipse/plugins/org.eclipse.ui.workbench.compatibility_3.2.100.dist/.api_description /usr/lib/xulrunner-1.9.1/.autoreg /usr/lib/python2.6/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/pymodules/python2.6/.path /usr/lib/pymodules/python2.7/.path /usr/lib/icedove/.autoreg /lib/init/rw/.mdadm /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib/debug/.build-id /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data/.settings /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/28/1/.cp /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/147/1/.cp /lib/init/rw/.mdadm
Everything seems to be in either /usr/lib or /lib.
Start here, I guess.
a. what is eclipse, anyway.
b. what is .mdadm good for
c. etc...
Last edited by utu; 03-08-2014 at 03:42 AM.
And then there's this to consider:
http://ubuntuforums.org/showthread.php?t=1544017
knoppix@Microknoppix:~$ apropos eclipse
eclipse (1) - extensible tool platform and Java IDE
This is what the system says about eclipse, and it seems to go with the Java .Net platform that as far as I know doesn't exist.
It would appear that the .mdadm file is part of the RAID software. I don't actually have a RAID drives either, but the motherboard is capable of supporting RAID.
knoppix@Microknoppix:~$ apropos .mdadm
mdadm.conf (5) - configuration for management of Software RAID with mdadm
knoppix@Microknoppix:~$ apropos python2.7
python2.7 (1) - an interpreted, interactive, object-oriented programmi...
Above is all I can get with apropos on Python 2.7.
Appearantly all of this has something to do with a .Net framework I don't think is even on my system. Lots of questions no answers!
This is a very good point, but, I still wish I knew why I am looking at .Net entries, as I thought that was a Windows operation.
Posting Permissions
***NEW*** BCM RX67Q Gaming Motherboard | Intel Q67 2nd/3rd Gen. | LGA1155 | DDR3
$29.77
ASUS H110M-R Motherboard Intel 6th/7th Gen LGA1151 DDR4 Micro-ATX i/o shield
$42.00
Asus H110M-C Rev 1.03 mATX Desktop Motherboard LGA 1151/Socket H4 DDR4 SDRAM
$26.99
Gigabyte Z370P D3 ATX Z370 LGA1151 Motherboard (Support Intel 6/7th 8th 9th)
$59.99
ASUS H310M-A R2.0 ATX LGA1151 DDR4 Desktop Motherboard USB 3.0 w/ I/O Shield
$39.99
MSI A320M-A Pro mATX AM4 Motherboard (Ryzen 1000-5000 Ready)
$49.99
MSI A320M-A PRO AM4 AMD A320 USB3.2 Gen1 Micro-ATX Motherboard
$46.99
ASUS Prime Q270M-C LGA1151 DP HDMI VGA SATA 6GB/s USB 3.0 MicroATX Motherboard
$37.99
Gigabyte GA-B150M-D3H GSM LGA 1151 DDR4 Desktop Motherboard mATX
$60.72
Asrock Z390 Phantom Gaming 4S/AC Wifi 8th/9th Gen Intel 1151 Motherboard Bulk
$47.41
Reply With Quote