Weird Network Manager Problem (Updated)

Mike Dwiggins mike at azdwiggins.com
Sun Sep 26 03:34:24 UTC 2010


  On 9/25/2010 8:28 PM, JD wrote:
>
> On 09/25/2010 07:14 PM, Mike Dwiggins wrote:
>>     JB,
>>
>> I figured you or someone else might like to know this.  I killed the dhc
>> process and cleaned up the .conf files did a restart on Network Manage
>> and everything worked!
>>
>> Ran chkrootkit and it hit on netstat as Infected (imagine that).  It
>> also reported a possible LKM Trojan intrusion.  I then ran rkhunter and
>> it threw warnings on the following files:
>> /bin/netstat
>> /bin/ps
>> /usr/bin/top
>> /usr/bin/lsof
>>
>> It also reported undocumented password change and group file changes.
>>
>> Password I could see with me going through Webmin to reset the root
>> password but, I was careful to change nothing else much less groups!
>>
>> I rebooted and the problem was back just as before!
>>
>> With that I threw up my hands and have WipeDrive going on the drives in
>> DoD mode!
>>
>> Hope this might help someone!
>>
>> Again thanks for the help!
>>
> chkrootkit found this, but I have no idea where the process is:
>
> Checking `lkm'... You have     1 process hidden for readdir command
> You have     1 process hidden for ps command
> chkproc: Warning: Possible LKM Trojan installed
>
>
> So, if it will not tell me which process it is, how can I find it?
>
Beats me, this is where it gets above my head!  I had enough problems 
with it I just went Scorched Earth.  There should be a lesser way but, I 
am not that good and admit it!



More information about the users mailing list