OK, I think I have attached a text file copy of a chkrootkit scan I did on my Knoppix system computer, and it mentions some suspicious files and I don't know if I shouldn't worry about them, or if they are something, what I would have to do to remove them. So, I am trying to post them here, and I really don't know if the file uploaded or not. It shows in the window when I push the attach file button, but, I don't see any indicator that the file is attached at this time. When I post I guess I will know. So, if anyone can tell me what these "suspicious files" are about and what I should do about them, I would really appreciate it.
Greetings, E-Tramp.
FWIW, .NET files come with the monthly security updates from Microsoft if
you opt to do recommended Windows Updates.
I presume the .NET material is harmless.
Since I dont use any of their .NET services, these updates have the
somewhat the same characteristic as spam in my situation.
I have to admit I don't get this. Why would there even be .NET files in a Knoppix OS? I don't even know why I would have any files for .NET anything. I certainly haven't installed any .NET on my Knoppix system. Obviously this looks like a directory for a java program in root,usr, but, what does it go to and why? How can I track down what it is doing there?
The following suspicious files and directories were found:
/usr/lib/jvm/.java-1.6.0-openjdk-i386.jinfo /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib/debug/.build-id /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/eclipse/p2/org.eclipse.eq
Leaving out the part that's NOT suspicious...Originally Posted by E-Tramp
I don't know what it all means, but .NET is only part of what you've been told is suspicious.Code:I've re-formatted the 'suspicious' part of your file in post #1: root@Microknoppix:/home/knoppix# sudo chkrootkit Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: /usr/lib/jvm/.java-1.6.0-openjdk-i386.jinfo /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib/debug/.build-id /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data/.settings /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.lock /usr/lib/eclipse/dropins/jdt/plugins/org.eclipse.jdt.debug_3.7.1.dist/.api_description /usr/lib/eclipse/dropins/sdk/plugins/org.eclipse.pde.build_3.7.0.dist/.api_description /usr/lib/eclipse/dropins/sdk/plugins/org.eclipse.pde.build_3.7.0.dist/.options /usr/lib/eclipse/.eclipseproduct /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/28/1/.cp /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/147/1/.cp /usr/lib/eclipse/plugins/org.eclipse.ui.intro.universal_3.2.500.dist/.api_description /usr/lib/eclipse/plugins/org.eclipse.ui.intro.universal_3.2.500.dist/.options /usr/lib/eclipse/plugins/org.eclipse.core.runtime.compatibility.registry_3.5.0.dist/.api_description /usr/lib/eclipse/plugins/org.eclipse.ui.workbench.compatibility_3.2.100.dist/.api_description /usr/lib/xulrunner-1.9.1/.autoreg /usr/lib/python2.6/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/pymodules/python2.6/.path /usr/lib/pymodules/python2.7/.path /usr/lib/icedove/.autoreg /lib/init/rw/.mdadm /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib/debug/.build-id /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data /usr/lib/eclipse/p2/org.eclipse.equinox.p2.engine/profileRegistry/PlatformProfile.profile/.data/.settings /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/28/1/.cp /usr/lib/eclipse/configuration/org.eclipse.osgi/bundles/147/1/.cp /lib/init/rw/.mdadm
Everything seems to be in either /usr/lib or /lib.
Start here, I guess.
a. what is eclipse, anyway.
b. what is .mdadm good for
c. etc...
Last edited by utu; 03-08-2014 at 03:42 AM.
And then there's this to consider:
http://ubuntuforums.org/showthread.php?t=1544017
knoppix@Microknoppix:~$ apropos eclipse
eclipse (1) - extensible tool platform and Java IDE
This is what the system says about eclipse, and it seems to go with the Java .Net platform that as far as I know doesn't exist.
It would appear that the .mdadm file is part of the RAID software. I don't actually have a RAID drives either, but the motherboard is capable of supporting RAID.
knoppix@Microknoppix:~$ apropos .mdadm
mdadm.conf (5) - configuration for management of Software RAID with mdadm
knoppix@Microknoppix:~$ apropos python2.7
python2.7 (1) - an interpreted, interactive, object-oriented programmi...
Above is all I can get with apropos on Python 2.7.
Appearantly all of this has something to do with a .Net framework I don't think is even on my system. Lots of questions no answers!
This is a very good point, but, I still wish I knew why I am looking at .Net entries, as I thought that was a Windows operation.
Posting Permissions
For Lenovo Yoga C740-14IML LCD Touch Screen w/ Bezel 14" FHD 30 Pin 5D10S39587
$100.00
~OVERSTOCK~ 15.6" Lenovo ThinkPad Laptop: 8GB RAM 512 GB SSD Windows 10
$179.99
~LIMITED TIME OFFER~ 14" Lenovo ThinkPad Laptop: Intel i5 QC Windows 11 FHD
$199.97
Lenovo ThinkPad X260 Core i5-6200U 2.30Ghz 8GB Ram No HDD 12.5" Laptop W/AC
$69.95
Lenovo 500w Gen 3 Laptop, 11.6" IPS Glass, N6000, 8GB, 128GB SSD, Win 11 Home
$199.00
Lenovo - Ideapad 3i 15.6" FHD Touch Laptop - Core i5-1155G7 with 8GB Memory -...
$349.99
Lenovo Legion Pro 5i 16" Gaming Laptop RTX 4070 8GB i9-13900HX 16GB RAM 1TB SSD
$1399.99
Lenovo IP 5 16IAU7 16" 2.5K Chromebook i3-1215U 8GB Ram 128GB eMMC Chrome OS
$219.99
Lenovo ThinkPad L15 15.6” FHD Laptop AMD Ryzen 5 16GB RAM 256GB SSD Windows 10
$249.99
Lenovo ThinkPad L15 15.6” FHD Laptop AMD Ryzen 5 16GB RAM 512GB SSD Windows 10
$271.59
Reply With Quote