LKM Trojan (david walcroft)
Philippe Lasfargues
philippe.lasfargues at tele2.fr
Wed Dec 1 06:53:13 UTC 2004
------------------------------
Message: 16
Date: Wed, 01 Dec 2004 10:05:14 +1000
From: david walcroft <david_walcroft at yahoo.com.au>
Subject: LKM Trojan
To: For users of Fedora Core releases <fedora-list at redhat.com>
Message-ID: <41AD0ABA.2010705 at yahoo.com.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
yesterday chkrootkit logged this
Checking `lkm'...
You have 2 process hidden for readdir command
You have 2 process hidden for ps command
Warning: Possible LKM Trojan installed
Today it logs
Checking `lkm'...
You have 4 process hidden for readdir command
You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
Would these be a 'false positive' or for real and if so how do I
confirm and remove any infected process/trojan
Thanks david
------------------------------
Hi David,
Sometimes I have 64 process hidden for readdir command... with chkrootkit.
But nothing wrong with Rootkit Hunter 1.1.8. (http://www.rootkit.nl/)
Please try it and tell me.
Philippe
More information about the fedora-list
mailing list