------------------------------
Message: 16
Date: Wed, 01 Dec 2004 10:05:14 +1000
From: david walcroft <david_walcroft@xxxxxxxxxxxx>
Subject: LKM Trojan
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <41AD0ABA.2010705@xxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
yesterday chkrootkit logged this
Checking `lkm'...
You have 2 process hidden for readdir command
You have 2 process hidden for ps command
Warning: Possible LKM Trojan installed
Today it logs
Checking `lkm'...
You have 4 process hidden for readdir command
You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
Would these be a 'false positive' or for real and if so how do I
confirm and remove any infected process/trojan
Thanks david
------------------------------
Hi David,
Sometimes I have 64 process hidden for readdir command... with chkrootkit.
But nothing wrong with Rootkit Hunter 1.1.8. (http://www.rootkit.nl/)
Please try it and tell me.
Philippe
