Test with Chkrootkit
Norman Nunn
npnunn at swbell.net
Sun Jul 25 16:06:13 UTC 2004
Thinks for the leads, I removed the current version of chkrootkit and
installed the latest from the chkrootkit site and all the indicators
went away.
Thanks very much
Norm
On Sun, 2004-07-25 at 08:52, Norman Nunn wrote:
> I got the following indicators:
>
> ls INFECTED
> 22 process hidden for readdir command
> 22 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> The number of hidden command changes.
>
> Thanks for your input.
>
> Norm
>
> On Sun, 2004-07-25 at 08:43, Scot L. Harris wrote:
> > On Sun, 2004-07-25 at 11:36, Norman Nunn wrote:
> > > In checking the chkrootkit website, I noticed that chkrootkit had not
> > > been tested (or completed testing) with the 2.6 kernel. Is it reliable
> > > for FC2? I have some indicator that may prompt me to do a fresh
> > > reinstall and would appreciate input before I go to that effort.
> > > Clamscan did not pickup anything for me.
> > >
> > > Norm
> >
> > What is the indication you are getting?
> >
> > Is it processes that appear to be hidden?
> >
> > I believe that is a known issue. If you investigate further I believe
> > those processes are fine. chkrootkit does need to be updated/modified
> > to correctly identify those processes.
> >
> > --
> > Scot L. Harris
> > webid at cfl.rr.com
> >
> > Nothing is more admirable than the fortitude with which millionaires
> > tolerate the disadvantages of their wealth.
> > -- Nero Wolfe
> >
>
More information about the users
mailing list