Bonjour 
[code]debian:/home/jean-louis# chkrootkit
ROOTDIR is /' Checkingamd’… not found
Checking basename'... not infected Checkingbiff’… not found
Checking chfn'... not infected Checkingchsh’… not infected
Checking cron'... not infected Checkingcrontab’… not infected
Checking date'... not infected Checkingdu’… not infected
Checking dirname'... not infected Checkingecho’… not infected
Checking egrep'... not infected Checkingenv’… not infected
Checking find'... not infected Checkingfingerd’… not found
Checking gpm'... not found Checkinggrep’… not infected
Checking hdparm'... not infected Checkingsu’… not infected
Checking ifconfig'... not infected Checkinginetd’… not infected
Checking inetdconf'... not found Checkingidentd’… not found
Checking init'... not infected Checkingkillall’… not infected
Checking ldsopreload'... not infected Checkinglogin’… not infected
Checking ls'... not infected Checkinglsof’… not infected
Checking mail'... not found Checkingmingetty’… not found
Checking netstat'... not infected Checkingnamed’… not found
Checking passwd'... not infected Checkingpidof’… not infected
Checking pop2'... not found Checkingpop3’… not found
Checking ps'... not infected Checkingpstree’… not infected
Checking rpcinfo'... not infected Checkingrlogind’… not found
Checking rshd'... not found Checkingslogin’… not infected
Checking sendmail'... not found Checkingsshd’… not found
Checking syslogd'... not tested Checkingtar’… not infected
Checking tcpd'... not infected Checkingtcpdump’… not infected
Checking top'... not infected Checkingtelnetd’… not found
Checking timed'... not found Checkingtraceroute’… not infected
Checking vdir'... not infected Checkingw’… not infected
Checking write'... not infected Checkingaliens’… no suspect files
Searching for sniffer’s logs, it may take a while… nothing found
Searching for rootkit HiDrootkit’s default files… nothing found
Searching for rootkit t0rn’s default files… nothing found
Searching for t0rn’s v8 defaults… nothing found
Searching for rootkit Lion’s default files… nothing found
Searching for rootkit RSHA’s default files… nothing found
Searching for rootkit RH-Sharpe’s default files… nothing found
Searching for Ambient’s rootkit (ark) default files and dirs… nothing found
Searching for suspicious files and dirs, it may take a while… The following suspicious files and directories were found:
/usr/lib/xulrunner-1.9/.autoreg /usr/lib/pymodules/python2.5/.path /usr/lib/iceweasel/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo /lib/init/rw/.ramfs
Searching for LPD Worm files and dirs… nothing found
Searching for Ramen Worm files and dirs… nothing found
Searching for Maniac files and dirs… nothing found
Searching for RK17 files and dirs… nothing found
Searching for Ducoci rootkit… nothing found
Searching for Adore Worm… nothing found
Searching for ShitC Worm… nothing found
Searching for Omega Worm… nothing found
Searching for Sadmind/IIS Worm… nothing found
Searching for MonKit… nothing found
Searching for Showtee… nothing found
Searching for OpticKit… nothing found
Searching for T.R.K… nothing found
Searching for Mithra… nothing found
Searching for LOC rootkit… nothing found
Searching for Romanian rootkit… nothing found
Searching for Suckit rootkit… nothing found
Searching for Volc rootkit… nothing found
Searching for Gold2 rootkit… nothing found
Searching for TC2 Worm default files and dirs… nothing found
Searching for Anonoying rootkit default files and dirs… nothing found
Searching for ZK rootkit default files and dirs… nothing found
Searching for ShKit rootkit default files and dirs… nothing found
Searching for AjaKit rootkit default files and dirs… nothing found
Searching for zaRwT rootkit default files and dirs… nothing found
Searching for Madalin rootkit default files… nothing found
Searching for Fu rootkit default files… nothing found
Searching for ESRK rootkit default files… nothing found
Searching for rootedoor… nothing found
Searching for ENYELKM rootkit default files… nothing found
Searching for common ssh-scanners default files… nothing found
Searching for suspect PHP files… nothing found
Searching for anomalies in shell history files… nothing found
Checking asp'... not infected Checkingbindshell’… not infected
Checking lkm'... chkproc: nothing detected chkdirs: nothing detected Checkingrexedcs’… not found
Checking sniffer'... lo: not promisc and no packet sniffer sockets Checkingw55808’… not infected
Checking wted'... chkwtmp: nothing deleted Checkingscalper’… not infected
Checking slapper'... not infected Checkingz2’… chklastlog: nothing deleted
Checking chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 2071 tty3 /sbin/getty 38400 tty3 ! root 2074 tty6 /sbin/getty 38400 tty6 ! root 2793 pts/0 dbus-launch --autolaunch 663dcdb457e5fe498110ec404ae2fbbb --binary-syntax --close-stderr ! root 2697 pts/0 /usr/lib/libgksu/gksu-run-helper /usr/bin/x-terminal-emulator ! root 2797 pts/0 gnome-pty-helper ! root 2706 pts/0 gnome-terminal ! root 2705 pts/0 sh -c /usr/bin/x-terminal-emulator ! root 2684 pts/0 /bin/su root -c /usr/lib/libgksu/gksu-run-helper "/usr/bin/x-terminal-emulator" chkutmp: nothing deleted CheckingOSX_RSPLUG’… not infected
debian:/home/jean-louis# [/code]
Voilà c’est surtout toutes ces lignes à la fin qui m’inquiète… et comme j’y connais rien c’est pas fait pour me rassurer. ça veut dire quoi tous ces processus ? Pour info ça a commencé à être le bordel après un trifouillage entre les sources sid et testing pour installer la version sid de nautilus (et dépendances) sur une squeeze tout en testant aptitude-gtk qui est vraiment impressionnant (soit dit en passant)
alors juste après avoir réussi la mise à jour d’un certains nombre de paquets, ça à été un gros bordel:
même après redémarrage le processeur qui mouline comme un bon et le moniteur de processus gnome qui m’affiche des processus sans nom apparaissant sporadiquement parmi les autres + chkrootkit m’anonçant une possible intrusion du vers lkm
après réinstallation en downgrade des paquets concerné c’est de nouveaux plus cool… reste cette série de ligne que je ne connais pas… des idées?
Merci d’avance…