On 9/25/2010 8:28 PM, JD wrote: > > On 09/25/2010 07:14 PM, Mike Dwiggins wrote: >> JB, >> >> I figured you or someone else might like to know this. I killed the dhc >> process and cleaned up the .conf files did a restart on Network Manage >> and everything worked! >> >> Ran chkrootkit and it hit on netstat as Infected (imagine that). It >> also reported a possible LKM Trojan intrusion. I then ran rkhunter and >> it threw warnings on the following files: >> /bin/netstat >> /bin/ps >> /usr/bin/top >> /usr/bin/lsof >> >> It also reported undocumented password change and group file changes. >> >> Password I could see with me going through Webmin to reset the root >> password but, I was careful to change nothing else much less groups! >> >> I rebooted and the problem was back just as before! >> >> With that I threw up my hands and have WipeDrive going on the drives in >> DoD mode! >> >> Hope this might help someone! >> >> Again thanks for the help! >> > chkrootkit found this, but I have no idea where the process is: > > Checking `lkm'... You have 1 process hidden for readdir command > You have 1 process hidden for ps command > chkproc: Warning: Possible LKM Trojan installed > > > So, if it will not tell me which process it is, how can I find it? > Beats me, this is where it gets above my head! I had enough problems with it I just went Scorched Earth. There should be a lesser way but, I am not that good and admit it! -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
