Ubuntu

Think I have a rootkit installed and can't remove

Asked by John Garry Zuidema

In /ect the files (sudors gshadow gshadow- group shadow- shadow passwd-) have no type cant edit and have
red emblems that I have never seen

In gparted not able to partition drives they have a lock first sector starts at 63
Listed as /dev/hda1 PATH /./dev.static/dev

Also when I run lokkit to change firewall I'am not able to same with gnome-lokkit

Another problem not able to install virus detection software

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
John Garry Zuidema (jgz) said : 		#1

Also to note when I did a fresh install in the details section it showed files from ice.org being intalled
Looked at the site and don't believe they are part of UBUNTU also to note the iptables update took a
very long time

Revision history for this message
John Garry Zuidema (jgz) said : 		#2

Just thought of something else. Before the fresh install I noticed In my top panel a network applet that
had no properties available and you couldn't uninstall it. Also In my fresh install its saying their are updates
and i have not set that value.

Revision history for this message
Robert Di Gioia (digioiar) said : 		#3

have you tried running either rkhunter or chkrootkit? both are in the repositories...

btw, I can understand updates being available for a fresh install, there have been several updates since 7.10 came out...and the CDs don't have them...

Revision history for this message
John Garry Zuidema (jgz) said : 		#4

I thought you could get help on UBUNTU
Not able to install chrootkit from package manager
Also my message logs sys logs look funny. I want to find some to look at them
to give their opinion

Revision history for this message
linuxonbute (normanelliott) said : 		#5

Start again with a fresh install and tell it to use the whole disc :-

Boot from your install disc which should just be a live cd.

When it finishes you will NOT have installed it.

There will be an Icon on the desktop called INSTALL.

click on that to install Ubuntu on the hard disc.

If this doesn't cure your problems then I think that

either you are not really doing a fresh install

or the disc you are installing from has a rootkit on it.

Revision history for this message
linuxonbute (normanelliott) said : 		#6

Start again with a fresh install and tell it to use the whole disc :-

Boot from your install disc which should just be a live cd.

When it finishes you will NOT have installed it.

There will be an Icon on the desktop called INSTALL.

click on that to install Ubuntu on the hard disc.

If this doesn't cure your problems then I think that

either you are not really doing a fresh install

or the disc you are installing from has a rootkit on it.

Can you help with this problem?

Provide an answer of your own, or ask John Garry Zuidema for more information if necessary.

To post a message you must log in.