Find the answer to your Linux question:
Results 1 to 2 of 2
In linux binaries, in any linux distro, I've discovered the same strings which I believe may be due to a virus or trojan. Yet, clamav, rkhunter, chkrootkit do not detect ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2009
    Posts
    2

    virus or trojan?


    In linux binaries, in any linux distro, I've discovered the same strings which I believe may be due to a virus or trojan.

    Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.

    Whether I run 'strings' on the binary files or view with vim or gedit, here is what is always seen inside the binaries:


    __gmon_start__
    _Jv_RegisterClasses

    Followed by commands which differ within each binary.

    If, by some luck, I've downloaded a fresh Linux ISO where binaries do not include the above two strings followed by commands, after I run an update the updated binaries suddenly contain the above two strings and other, what I believe to be, rogue strings.

    I've avoided the possible infection with an OpenBSD install, yet all the Linux installations and burned ISOs contain binaries with the above two strings followed by commands.

    Google results are vague, some suggest shell backdoors, any help?

  2. #2
    Just Joined!
    Join Date
    Oct 2009
    Posts
    18
    I believe it has to do with GCC. Here are a couple of post about it. I just did a search of "_Jv_RegisterClasses "

    protocol-vit.blogspot.com/2008/06/yet-another-gcc-optimization.html

    ww.ciselant.de/projects/gcc_printf/gcc_printf.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •