On Sun, 2004-07-25 at 11:52, Norman Nunn wrote: > I got the following indicators: > > ls INFECTED > 22 process hidden for readdir command > 22 process hidden for ps command > Warning: Possible LKM Trojan installed > > The number of hidden command changes. > > Thanks for your input. > chkrootkit reports 11 hidden processes on my laptop. But that number may vary depending on what you are running. Of more concern is the ls INFECTED output in your partial report. See if you can get a good copy of ls and compare the byte size, md5sum and permissions on it. Below is what my system reports. -rwxr-xr-x 1 root root 80688 May 4 12:26 /bin/ls md5sum /bin/ls d319011a3eb49338fe333753b0cfd7bc /bin/ls You need to track that down asap to figure out what that is. It has been awhile but I ran through the exercise to examine what processes were hidden. I want to say it was the ones in []'s when you do a ps -eaf but I don't know if I remember that correctly. I am sure someone here will set me straight on this. :) -- Scot L. Harris webid@xxxxxxxxxx Advancement in position.
