On Saturday 11 September 2004 09:40, Stuart wrote: >Hi list > >On FC2 kernel 2.6.8.1 chkrootkit-0.44 reports a possible trojan > Adore. > >Googling and paging through archives has led me to think that either > it is a false positive ( either hosted virtual server environment / > chkrootkit-0.44 reporting falsely), or if it is a true positive, > the only way to kill it is to nuke the OS. > >I haven't been able to lsmod, init 6, etc... which leads me to think >that it's a true positive. > >I would appreciate any advice, there is not much literature out > there on the subject. > >TIA Stu@ I just picked up the latest 0.44 and checked both machines here as clean. So... it rather sounds like its real, so the standard advice is to get it off the net and reinstall. And run yum update as soon as its back on the net. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.26% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attorneys please note, additions to this message by Gene Heskett are: Copyright 2004 by Maurice Eugene Heskett, all rights reserved.