Weird Network Manager Problem (Updated)
JD
jd1008 at gmail.com
Sun Sep 26 03:28:36 UTC 2010
On 09/25/2010 07:14 PM, Mike Dwiggins wrote:
> JB,
>
> I figured you or someone else might like to know this. I killed the dhc
> process and cleaned up the .conf files did a restart on Network Manage
> and everything worked!
>
> Ran chkrootkit and it hit on netstat as Infected (imagine that). It
> also reported a possible LKM Trojan intrusion. I then ran rkhunter and
> it threw warnings on the following files:
> /bin/netstat
> /bin/ps
> /usr/bin/top
> /usr/bin/lsof
>
> It also reported undocumented password change and group file changes.
>
> Password I could see with me going through Webmin to reset the root
> password but, I was careful to change nothing else much less groups!
>
> I rebooted and the problem was back just as before!
>
> With that I threw up my hands and have WipeDrive going on the drives in
> DoD mode!
>
> Hope this might help someone!
>
> Again thanks for the help!
>
chkrootkit found this, but I have no idea where the process is:
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
So, if it will not tell me which process it is, how can I find it?
More information about the users
mailing list