Hi. On Tue, 25 Feb 2014 16:48:37 +1100 Scott Ferguson <scott.ferguson.debian.u...@gmail.com> wrote:
> Please note the difference between *are/is* installed, and *were* installed. There's a difference, indeed. > I would expect dpkg -S to fail if those packages had been wrongly > removed (corrupting dpkg database) but the pam and man files are > extremely unlikely to be the result of malware. The OP never responded > to my query about the other files that would have been installed - or > checked the installation history with dpkg --get-selections (it won't > show if purge was run, but then, those files would likely not be left). My guess is that this situation is the result of invoking: dpkg -X *deb / or, simply unpacking a tarball into /. But your guess is as good as mine. What I cannot understand is how exactly removing a package would fix this issue if both apt and dpkg claim that the package is not installed. > It is possible[*1] vmtoolsd is a trojan - though that scenario means the > rest of it's expected files would likely be there (and dpkg -S would > find it) - an md5sum is a simple way to check. If you browse this part of thread up, you'll see that OP did checked the root filesystem with debsums, and debsums haven't found anything. Therefore I agree that it's unlikely that vmtoolsd is a malware. > Simply re-installing a system because some one "suspects" a security > breach - will zero evidence to support the suspicion, is not a good > idea. Agreed. That's why I wrote earlier that no reinstall is necessary. > By all mean re-install from a known clean source - but first check > to see if the installation was legitimate (check package selections > status), check "suspect" file/s. Otherwise it confirms nothing and do > even less to help detect and defend against real malware. > > Always test when security is in doubt - but it's probably not a good > idea to rule out user error. Yet, there is another thing - OP claims that he didn't install anything like this. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140225101059.4ab6fc61ff53039be28f7...@gmail.com
