Chkrootkit runs every night on my server. Normally there is no problem found. Today, though I saw these lines:

Searching for suspicious files and dirs, it may take a while... /usr/lib/.libgcrypt.so.11.hmac /usr/lib/firefox-3.0.15/.autoreg /usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libfipscheck.so.1.hmac /usr/lib/qt-3.3/etc/settings/.qtrc.lock /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /usr/lib/qt-3.3/etc/settings/.kstylerc.lock /usr/lib/perl5/5.8.8/i386-linux- thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread- multi/auto/DCOP/.packlist /usr/lib/gtk-2.0/immodules/.relocation-tag /lib/.libssl.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac /lib/.libcrypto.so.0.9.8e.hmac /lib/.libssl.so.6.hmac

Could these lines have been caused by crashing applications? I had a runaway situation first thing this morning, possibly caused by not restarting some application affected by yesterday's updates, and it was so severe that I couldn't even find out which application was causing it.

Anne