Re: LKM Trojan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: LKM Trojan
From: Pedro Fernandes Macedo <webmaster@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 30 Nov 2004 22:20:53 -0200
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

david walcroft wrote:

Would these be a 'false positive' or for real and if so how do I
confirm and remove any infected process/trojan

 Thanks   david

There's a high chance that these are false positives... Run chkrootkit with the verbose option and it'll show the PID of the processes... Then , check the /proc/$PID/ directory.. the "status" file will give u the program name... and the other files (specially environ and cmdline) will give more details. and for the path of the file , check the symlink "exe" in that folder..

I used to have lots of false positives , so I just quit using chkrootkit (as my machine isnt all that sensitive and I secured it the best I can..)..

--
Pedro Macedo

Follow-Ups:
- Re: LKM Trojan
  - From: Rahul Sundaram

References:
- LKM Trojan
  - From: david walcroft

Prev by Date: Re: fedora and iPod
Next by Date: Re: LKM Trojan
Previous by thread: LKM Trojan
Next by thread: Re: LKM Trojan
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux