Re: chkrootkit: possible trojan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 11 September 2004 09:40, Stuart wrote:
>Hi list
>
>On FC2 kernel 2.6.8.1 chkrootkit-0.44 reports a possible trojan
> Adore.
>
>Googling and paging through archives has led me to think that either
> it is a false positive ( either hosted virtual server environment /
> chkrootkit-0.44 reporting falsely), or if it is a true positive,
> the only way to kill it is to nuke the OS.
>
>I haven't been able to lsmod, init 6, etc... which leads me to think
>that it's a true positive.
>
>I would appreciate any advice, there is not much literature out
> there on the subject.
>
>TIA Stu@

I just picked up the latest 0.44 and checked both machines here as 
clean.

So... it rather sounds like its real, so the standard advice is to get 
it off the net and reinstall.  And run yum update as soon as its back 
on the net.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux