Virus | Quick Tips by Monowar

Scan your Linux Systems using Rootkit Hunter

2014-06-172017-06-15 Monowar Leave a comment

rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.

Installing rkhunter (Rootkit Hunter) in RHEL, CentOS and Fedora

Step 1: Download rkhunter

#cd /tmp
#wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Step 2: Install rkhunter

#tar -xvf rkhunter-1.4.0.tar.gz
#cd rkhunter-1.4.0
#./installer.sh –layout default –install

Step 3: Update rkhunter

#/usr/local/bin/rkhunter –update
#/usr/local/bin/rkhunter –propupd

Step 4: Set Cronjob and Email Alerts

# vi /etc/cron.daily/rkhunter.sh

Add the following codes into the “rkhunter.sh” file and change the Server name and Email Address accordingly.

#!/bin/sh
(
/usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run (ServerName)’ [email protected]

Step 5: After that set permission on the file.

#chmod 755 /etc/cron.daily/rkhunter.sh

Step 6: Manual Scan and Usage

#rkhunter –check

Folder Option disable problem! Solve it.

2009-07-052017-06-15 Monowar Leave a comment

How to solve Folder Option disable problem.

If you get your Folder Option is disable in the Tools Menu then you can solve this problem using Group Policy Editor.

1. Click Start Button then Run
2. Type gpedit.msc and press enter
3. Click (User Configuration>Administrative Templates>Windows Component >Windows Explorer)
4. Now double click on Remove the Folder Option menu item from the tools menu (You will get it in the right panel)
5. Select Enable radio button from Settings then press ok
6. Now restart your pc
7. Problem is solved

How to Scan a Windows Network for Conficker Virus from Mac OS X

2009-06-162017-06-15 Monowar Leave a comment

The Conficker Virus is Windows only but it’s garnering a lot of attention, so if you’re on a Windows LAN at home, work, or school, you may want to check if the Windows machines are vulnerable or infected with Conficker. You can do this from your immune Mac OS X machine pretty easily with a cool command line utility called nmap. Here are the steps:

1) First you need to install the command line tool nmap
2) Use nmap to search your LAN for vulnerabilities to Conficker by using the following command:
nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 192.168.0.1-254
Note: Be sure to substitute the IP range for your LAN, so this may be something other than the IP range above, like 10.1.1.10-100 3) Examine the output of nmap, you are looking for something like this to tell if you have a problem:
Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely INFECTED
|_ regsvc DoS: VULNERABLE