Information about Suspicious files

The files listed here were found in some infected/owned machines. They are not part of any rootkit, but some “crackers” use them. They can be a log of some sniffer, a sniffer or a lot of other things.

Take a careful look if you find any of these files in your system.

More Information

N/A

Origin of Rule

N/A

File

  • etc/rc.d/init.d/rc.modules
  • lib/ldd.so
  • usr/man/muie
  • usr/X11R6/include/pain
  • usr/bin/sourcemask
  • usr/bin/ras2xm
  • usr/bin/ddc
  • usr/bin/jdc
  • usr/sbin/in.telnet
  • sbin/vobiscum
  • usr/sbin/jcd
  • usr/sbin/atd2
  • usr/bin/ishit
  • usr/bin/.etc
  • usr/bin/xstat
  • var/run/.tmp
  • usr/man/man1/lib/.lib
  • usr/man/man2/.man8
  • var/run/.pid
  • lib/.so
  • lib/.fx
  • lib/lblip.tk
  • usr/lib/.fx
  • var/local/.lpd
  • dev/rd/cdb
  • dev/.rd/
  • usr/lib/pt07
  • usr/bin/atm
  • tmp/.cheese
  • dev/.arctic
  • dev/.xman
  • dev/srd0
  • dev/ptyzx
  • dev/ptyzg
  • dev/xdf1
  • dev/ttyop
  • dev/ttyof
  • dev/hd5
  • dev/hd6
  • dev/hd7
  • dev/hdx1
  • dev/hdx2
  • dev/xdf2
  • dev/ptyp
  • dev/ptyr
  • */.src
  • *last.cgi
  • *nobody.cgi
  • *void.cgi
  • *all4one.cgi
  • *xntps
  • */.xman
  • */.arctic
  • *psybnc
  • *mech.session
  • *sshdu

Note

All files with an “*” need to be search in all system

Table Of Contents

Previous topic

Information about Old Rootkits

Next topic

Information about the T.R.K rootkit