On Sun, 2004-07-25 at 18:48, John Dangler wrote: > cat /proc/<pid>/cmdline... > > I just installed chkrootkit and I got the " Warning: Possible LKM Trojan > installed". So I ran the chkproc, and then ran 'cat /proc/<pid>/cmdline on > the processes. Nothing looks out of place. I'm running 2.6.6 FC2. Of the > 8 hidden processes, 3 have turned up > "nautilus--no-default-window--sm-client-iddefault3" > > Not sure what these are, but everything else turned up "not infected" > Thanks for the tip about chkrootkit. I'm also looking into clamav... > > Regards, > > John > > BTW, I'm using version 0.43 on a 2.6 kernel. Works fine, as far as I > can tell. Read the rest of this thread. There is a known problem with some versions of chkrootkit on Fedora. It wrongly identifies a number of processes as hidden. The original poster reported that the latest version from the chkrootkit site no longer has this problem. -- Scot L. Harris webid@xxxxxxxxxx Your analyst has you mixed up with another patient. Don't believe a thing he tells you.
