Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 899
  • Last Modified:

/etc/cron.daily/chkrootkit: The following suspicious files and directories were found: /lib/init/rw/.ramfs INFECTED (PORTS: 6667)

Hi I receive a mail from cron :

/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.ramfs

INFECTED (PORTS:  6667)


I do not know what does this mean. Can someone please help me?
0
toffee_natividad
Asked:
toffee_natividad
  • 3
  • 3
1 Solution
 
amprantiCommented:
Tha a service using port 6667 is running on your linux!
Port 6667 is usually used by an IRC server

Check what services run to your linux (ps axuf)
0
 
toffee_natividadAuthor Commented:
I could not see the port 6667
0
 
amprantiCommented:
You dont see a port doing "ps axuf"
You can see a application that runs without your permission...


Telnet <yourip> 6667
Does it open? If yes, means that something listens to that port...
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
toffee_natividadAuthor Commented:
how do I do the telnet? I am sorry, should I do it on the windows XP machine command prompt or on that server where it gave me the error?, what command should I run?
0
 
toffee_natividadAuthor Commented:
Should I run  netstat -ln ?
0
 
amprantiCommented:
yes , netstat -n shoud provide some good info

You do telnet like that:

telnet <erverip> 6667
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now