Results 1 to 2 of 2
In linux binaries, in any linux distro, I've discovered the same strings which I believe may be due to a virus or trojan.
Yet, clamav, rkhunter, chkrootkit do not detect ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-11-2009 #1Just Joined!
- Join Date
- Dec 2009
- Posts
- 2
virus or trojan?
In linux binaries, in any linux distro, I've discovered the same strings which I believe may be due to a virus or trojan.
Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.
Whether I run 'strings' on the binary files or view with vim or gedit, here is what is always seen inside the binaries:
__gmon_start__
_Jv_RegisterClasses
Followed by commands which differ within each binary.
If, by some luck, I've downloaded a fresh Linux ISO where binaries do not include the above two strings followed by commands, after I run an update the updated binaries suddenly contain the above two strings and other, what I believe to be, rogue strings.
I've avoided the possible infection with an OpenBSD install, yet all the Linux installations and burned ISOs contain binaries with the above two strings followed by commands.
Google results are vague, some suggest shell backdoors, any help?
- 12-12-2009 #2Just Joined!
- Join Date
- Oct 2009
- Posts
- 18
I believe it has to do with GCC. Here are a couple of post about it. I just did a search of "_Jv_RegisterClasses "
protocol-vit.blogspot.com/2008/06/yet-another-gcc-optimization.html
ww.ciselant.de/projects/gcc_printf/gcc_printf.html
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
