Re: LKM Trojan (david walcroft)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

------------------------------

Message: 16
Date: Wed, 01 Dec 2004 10:05:14 +1000
From: david walcroft <david_walcroft@xxxxxxxxxxxx>
Subject: LKM Trojan
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <41AD0ABA.2010705@xxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi,
    yesterday chkrootkit logged this

Checking `lkm'...
 You have     2 process hidden for readdir command
You have     2 process hidden for ps command
Warning: Possible LKM Trojan installed

Today it logs

Checking `lkm'...
You have     4 process hidden for readdir command
You have     4 process hidden for ps command
Warning: Possible LKM Trojan installed

Would these be a 'false positive' or for real and if so how do I
confirm and remove any infected process/trojan

  Thanks   david



------------------------------

Hi David,

Sometimes I have 64 process hidden for readdir command... with chkrootkit.
But nothing wrong with Rootkit Hunter 1.1.8. (http://www.rootkit.nl/)

Please try it and tell me.

Philippe

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux