On 09/25/2010 07:14 PM, Mike Dwiggins wrote: > JB, > > I figured you or someone else might like to know this. I killed the dhc > process and cleaned up the .conf files did a restart on Network Manage > and everything worked! > > Ran chkrootkit and it hit on netstat as Infected (imagine that). It > also reported a possible LKM Trojan intrusion. I then ran rkhunter and > it threw warnings on the following files: > /bin/netstat > /bin/ps > /usr/bin/top > /usr/bin/lsof > > It also reported undocumented password change and group file changes. > > Password I could see with me going through Webmin to reset the root > password but, I was careful to change nothing else much less groups! > > I rebooted and the problem was back just as before! > > With that I threw up my hands and have WipeDrive going on the drives in > DoD mode! > > Hope this might help someone! > > Again thanks for the help! > chkrootkit found this, but I have no idea where the process is: Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed So, if it will not tell me which process it is, how can I find it? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
