chkrootkit - Scan for Rootkits

By -

This guide explains how to find rootkits, worms, Loadable Kernel Modules(LKMs) using chkrootkit. But first we need to install chkroot package before we start using it. 

sudo apt-get -y install chkrootkit

Now run the following command to check for presence of infected binaries.

sudo chkroot

chkroot command checks for following worms, rootkits and LKMs

  • lrk3, lrk4, lrk5, lrk6 (and variants)
  • Solaris rootkit
  • FreeBSD rootkit
  • t0rn (and variants)
  • Ambient's Rootkit (ARK)
  • Ramen Worm
  • rh[67]-shaper
  • RSHA
  • Romanian rootkit
  • RK17
  • Lion Worm
  • Adore Worm
  • LPD Worm
  • kenny-rk
  • Adore LKM
  • ShitC Worm
  • Omega Worm
  • Wormkit Worm
  • Maniac-RK
  • dsc-rootkit
  • Ducoci rootkit
  • x.c Worm
  • RST.b trojan
  • duarawkz
  • knark LKM
  • Monkit
  • Hidrootkit
  • Bobkit
  • Pizdakit
  • t0rn v8.0
  • Showtee
  • Optickit
  • T.R.K
  • MithRa's Rootkit
  • George
  • SucKIT
  • Scalper
  • Slapper A, B, C and D
  • OpenBSD rk v1
  • Illogic rootkit
  • SK rootkit
  • sebek LKM
  • Romanian rootkit
  • LOC rootkit
  • shv4 rootkit
  • Aquatica rootkit
  • ZK rootkit
  • 55808.A Worm
  • TC2 Worm
  • Volc rootkit
  • Gold2 rootkit
  • Anonoying rootkit
  • Shkit rootkit
  • AjaKit rootkit
  • zaRwT rootkit
  • Madalin rootkit
  • Fu rootkit
  • Kenga3 rootkit
  • ESRK rootkit
  • rootedoor rootkit
  • Enye LKM
  • Lupper.Worm
  • shv5

Comments

Anonymous said…
i type chkrootkit. it says it detecs possibles trojan. can it clean as well?
December 23, 2008 at 2:41 PM
Vamsee said…
No, Its just an early warning system.
December 23, 2008 at 3:04 PM
Anonymous said…
The name of the command as well as of the package is chkrootkit not chkroot
February 3, 2010 at 4:30 PM
Post a Comment

Popular posts from this blog

Easy network traffic shaping on your ubuntu system

By -
Traffic shaping on Linux system used to require knowledge of lot of things like iptables, qdiscs & networking protocols. Things have changed and now there are couple of tools which handle all of this complexity without requiring much knowledge. And one of them is wondershaper . First install wondershaper by issuing following command. sudo apt-get -y install wondershaper Use following command template to make it work right away. sudo wondershaper <interface name> <down speed> <up speed> Where interface name is your network interface name like eth0 or eth1 or wifi0 and down speed , up speed are self explanatory and specified in kilo bits per second. So sample command will look like sudo wondershaper eth0 512 512 To disable wondershaper from controlling particular interface use following command. sudo wondershaper clear <interface name> To make these changes permanent add following lines to /etc/network/interfaces under relevant interface section.
Read more

Multi touch for any,all synaptics touchpad

By -
Multi-touch became trendy after iphone came up with it. We are seeing many new laptops with multi-touch. At hardware level, there is nothing special that you need, to make multi-touch work. You can also do two-finger scroll and two-finger tap to right/middle click. Also, three-finger tap, but, for me it is very hard to press three fingers at the same time(1 out of 10). Create new file gksudo gedit /etc/hal/fdi/policy/11-x11-synaptics.fdi Paste the following code into the file and save it. <?xml version="1.0" encoding="ISO-8859-1"?> <deviceinfo version="0.2"> <device> <match key="info.capabilities" contains="input.touchpad"> <merge key="input.x11_driver" type="string">synaptics</merge> <merge key="input.x11_options.SHMConfig" type="string">On</merge> <merge key="input.x11_options.EmulateTwoFingerMinZ"
Read more

winetricks - install wine application perquisites with ease

By -
As most of us know wine is used to run windows applications on linux. But setting it up always has been pain. For example if your windows program requires some prerequisites that aren't shipped or not implemented in wine then you have to go for hunting on net. Examples include mscore fonts, Internet Explorer, DCOM, etc. And this guide explains how to install winetricks on ubuntu. Crossover office has a little wizard that will download install all the prerequisites of a particular software but It costs money to use. But there is one little known tool called winetricks which you can use to automate that stuff for free. Finally you can concentrate on something productive rather than hunting for some obscure stuff. Download winetricks Use following commands to get winetricks and set it up. wget http://www.kegel.com/wine/winetricks chmod +x winetricks Using winetricks For example if you want to install Microsoft Core fonts use following command. ./winetricks corefonts
Read more