I got the following indicators: ls INFECTED 22 process hidden for readdir command 22 process hidden for ps command Warning: Possible LKM Trojan installed The number of hidden command changes. Thanks for your input. Norm On Sun, 2004-07-25 at 08:43, Scot L. Harris wrote: > On Sun, 2004-07-25 at 11:36, Norman Nunn wrote: > > In checking the chkrootkit website, I noticed that chkrootkit had not > > been tested (or completed testing) with the 2.6 kernel. Is it reliable > > for FC2? I have some indicator that may prompt me to do a fresh > > reinstall and would appreciate input before I go to that effort. > > Clamscan did not pickup anything for me. > > > > Norm > > What is the indication you are getting? > > Is it processes that appear to be hidden? > > I believe that is a known issue. If you investigate further I believe > those processes are fine. chkrootkit does need to be updated/modified > to correctly identify those processes. > > -- > Scot L. Harris > webid@xxxxxxxxxx > > Nothing is more admirable than the fortitude with which millionaires > tolerate the disadvantages of their wealth. > -- Nero Wolfe >
