Test with Chkrootkit
Norman Nunn
npnunn at swbell.net
Sun Jul 25 15:52:13 UTC 2004
I got the following indicators:
ls INFECTED
22 process hidden for readdir command
22 process hidden for ps command
Warning: Possible LKM Trojan installed
The number of hidden command changes.
Thanks for your input.
Norm
On Sun, 2004-07-25 at 08:43, Scot L. Harris wrote:
> On Sun, 2004-07-25 at 11:36, Norman Nunn wrote:
> > In checking the chkrootkit website, I noticed that chkrootkit had not
> > been tested (or completed testing) with the 2.6 kernel. Is it reliable
> > for FC2? I have some indicator that may prompt me to do a fresh
> > reinstall and would appreciate input before I go to that effort.
> > Clamscan did not pickup anything for me.
> >
> > Norm
>
> What is the indication you are getting?
>
> Is it processes that appear to be hidden?
>
> I believe that is a known issue. If you investigate further I believe
> those processes are fine. chkrootkit does need to be updated/modified
> to correctly identify those processes.
>
> --
> Scot L. Harris
> webid at cfl.rr.com
>
> Nothing is more admirable than the fortitude with which millionaires
> tolerate the disadvantages of their wealth.
> -- Nero Wolfe
>
More information about the users
mailing list