[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    Re: [opensuse-security] gmonstart / jvregisterclasses in tons of binaries with commands,malware?
From:       Marcus Meissner <meissner () suse ! de>
Date:       2009-12-17 15:19:53
Message-ID: 20091217151953.GF4504 () suse ! de
[Download RAW message or body]

On Wed, Dec 16, 2009 at 09:28:54PM -0500, whereislibertyandjustice@Safe-mail.net wrote:
> In linux binaries, in any linux distro, I've discovered the same strings
> which I believe may be due to a virus or trojan.
> 
> Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.
> 
> Whether I run 'strings' on the binary files or view with vim or gedit, here
> is what is always seen inside the binaries:
> 
> 
> __gmon_start__
> _Jv_RegisterClasses

These are two expected symbols and are runtime hooks for gmon and the
GNU java runtime. They are supposed to be there and do not constitue a breakin.

Ciao, Marcus
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]