# chkrootkit OSX_RSPLUG

## farmer.ro

it seems chkrootkit is reporting something about OSX_RSPLUG is this a false positive or a bad sign?

```
# chkrootkit

ROOTDIR is `/'

Checking `amd'... not found

Checking `basename'... not infected

Checking `biff'... not found

Checking `chfn'... not infected

Checking `chsh'... not infected

Checking `cron'... not infected

Checking `crontab'... not infected

Checking `date'... not infected

Checking `du'... not infected

Checking `dirname'... not infected

Checking `echo'... not infected

Checking `egrep'... not infected

Checking `env'... not infected

Checking `find'... not infected

Checking `fingerd'... not found

Checking `gpm'... not infected

Checking `grep'... not infected

Checking `hdparm'... not found

Checking `su'... not infected

Checking `ifconfig'... not infected

Checking `inetd'... not tested

Checking `inetdconf'... not found

Checking `identd'... not found

Checking `init'... not infected

Checking `killall'... not infected

Checking `ldsopreload'... not infected

Checking `login'... not infected

Checking `ls'... not infected

Checking `lsof'... not found

Checking `mail'... not found

Checking `mingetty'... not found

Checking `netstat'... not infected

Checking `named'... not found

Checking `passwd'... not infected

Checking `pidof'... not infected

Checking `pop2'... not found

Checking `pop3'... not found

Checking `ps'... not infected

Checking `pstree'... not infected

Checking `rpcinfo'... not found

Checking `rlogind'... not found

Checking `rshd'... not found

Checking `slogin'... not found

Checking `sendmail'... not found

Checking `sshd'... not infected

Checking `syslogd'... not tested

Checking `tar'... not infected

Checking `tcpd'... not infected

Checking `tcpdump'... not infected

Checking `top'... not infected

Checking `telnetd'... not found

Checking `timed'... not found

Checking `traceroute'... not found

Checking `vdir'... not infected

Checking `w'... not infected

Checking `write'... fopen: No such file or directory

/bin/ls: cannot access 'write': No such file or directory

not infected

Checking `aliens'... no suspect files

Searching for sniffer's logs, it may take a while... nothing found

Searching for HiDrootkit's default dir... nothing found

Searching for t0rn's default files and dirs... nothing found

Searching for t0rn's v8 defaults... nothing found

Searching for Lion Worm default files and dirs... nothing found

Searching for RSHA's default files and dir... nothing found

Searching for RH-Sharpe's default files... nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothing found

Searching for suspicious files and dirs, it may take a while... nothing found

Searching for LPD Worm files and dirs... nothing found

Searching for Ramen Worm files and dirs... nothing found

Searching for Maniac files and dirs... nothing found

Searching for RK17 files and dirs... nothing found

Searching for Ducoci rootkit... nothing found

Searching for Adore Worm... nothing found

Searching for ShitC Worm... nothing found

Searching for Omega Worm... nothing found

Searching for Sadmind/IIS Worm... nothing found

Searching for MonKit... nothing found

Searching for Showtee... nothing found

Searching for OpticKit... nothing found

Searching for T.R.K... nothing found

Searching for Mithra... nothing found

Searching for LOC rootkit... nothing found

Searching for Romanian rootkit... nothing found

Searching for Suckit rootkit... nothing found

Searching for Volc rootkit... nothing found

Searching for Gold2 rootkit... nothing found

Searching for TC2 Worm default files and dirs... nothing found

Searching for Anonoying rootkit default files and dirs... nothing found

Searching for ZK rootkit default files and dirs... nothing found

Searching for ShKit rootkit default files and dirs... nothing found

Searching for AjaKit rootkit default files and dirs... nothing found

Searching for zaRwT rootkit default files and dirs... nothing found

Searching for Madalin rootkit default files... nothing found

Searching for Fu rootkit default files... nothing found

Searching for ESRK rootkit default files... nothing found

Searching for rootedoor... nothing found

Searching for ENYELKM rootkit default files... nothing found

Searching for common ssh-scanners default files... nothing found

Searching for Linux/Ebury - Operation Windigo ssh... not tested

Searching for 64-bit Linux Rootkit ... nothing found

Searching for 64-bit Linux Rootkit modules... nothing found

Searching for Mumblehard Linux ... nothing found

Searching for Backdoor.Linux.Mokes.a ... nothing found

Searching for Malicious TinyDNS ... nothing found

Searching for Linux.Xor.DDoS ... nothing found

Searching for suspect PHP files... nothing found

Searching for anomalies in shell history files... nothing found

Checking `asp'... not infected

Checking `bindshell'... not infected

Checking `lkm'... chkproc: nothing detected

chkdirs: nothing detected

Checking `rexedcs'... not found

Checking `sniffer'... enp2s0: PF_PACKET(/sbin/dhcpcd, /sbin/dhcpcd)

Checking `w55808'... not infected

Checking `wted'... chkwtmp: nothing deleted

Checking `scalper'... not infected

Checking `slapper'... not infected

Checking `z2'... chklastlog: nothing deleted

Checking `chkutmp'...  The tty of the following user process(es) were not found

 in /var/run/utmp !

! RUID          PID TTY    CMD

! stirici+     3708 tty7   /usr/bin/X -nolisten tcp :0 -auth /home/stiricidiumeasy/.serverauth.3691

! stirici+     3998 pts/0  bash

! stirici+     4001 pts/0  su

! root         4008 pts/0  bash

! root         4321 pts/0  /bin/sh /usr/sbin/chkrootkit

! root         5340 pts/0  /usr/sbin/chkutmp

! root         5341 pts/0  ps ax -o tty,pid,ruser,args

! root        18369 pts/0  dbus-launch --autolaunch f8137703f0f90c716742c8d058555ab2 --binary-syntax --close-stderr

chkutmp: nothing deleted

Checking `OSX_RSPLUG'... not tested
```

----------

## rufnut

I get:

```
chkutmp: nothing deleted

Checking `OSX_RSPLUG'... not infected

```

I don't know why your results are happening.

Maybe this site gives you more clues:

http://services.runescape.com/m=forum/forums.ws?409,410,966,65860317

good luck.

----------

## gerdesj

The output says:

```

Checking `OSX_RSPLUG'... not tested

```

This: http://lmgtfy.com/?q=OSX_RSPLUG leads to this: https://en.wikipedia.org/wiki/RSPlug

I suspect that you are not running chkrootkit on an Apple system and hence it has not bothered checking for the presence of a nasty that will only run on an Apple machine.  

Cheers

Jon

----------

