Sabayon Community

[No.2]

My fire wall firestarter says I have cheese worm trying to talk on 10008 yet I can't find any sign of it; no /tmp.cheese and a clean sweep with KlamAV of the whole system.

I just had aMule start by its self with my whole / dir shared! It crashed every time I tried to change that.

Should I be worried?

[arjay]

Well, I wouldn't like it, especially given your aMule situation. It was supposedly an attempt to close a port opened by the Linux.lion.worm and wasn't considered harmful when first released years ago. I'd try to find and remove:

Linux.Cheese.Worm

Take a look at your /etc/inetd.conf to see if it's been modified too. You sound like you're aware of it, so I may not be telling you anything you don't already know.

I'd also emerge and run rkhunter, just cuz it's a good idea.

Code: Select all

emerge -v rkhunter

Run that regularly if you don't already. I've never had a problem with the cheese.worm myself, and am basically trying to remember the discussions and solutions I heard. Maybe someone else actually had to deal with it and can offer more information. Good-luck!

[No.2]

Thanks for the reply.

Ran rkhunter and chkrootkit and nothing I have xinetd.conf so cheese wouldn't have modded that. Makes me think it is a false id by the firewall. It is trying to use 10008 though...

Still scratching my head re aMule reinstalled it and not happened since...

[arjay]

You're right...very strange. It may be something with firestarter, but I haven't received any complaints from fs. Will check the log and if I see anything, I'll get back. G'luck!

[cvill64]

very odd, could have been a corrupted build and the way it was asking was flagged as suspicious as an virus must have root access to do any damage