chkrootkit: possible trojan
Gene Heskett
gene.heskett at verizon.net
Sat Sep 11 18:42:23 UTC 2004
On Saturday 11 September 2004 09:40, Stuart wrote:
>Hi list
>
>On FC2 kernel 2.6.8.1 chkrootkit-0.44 reports a possible trojan
> Adore.
>
>Googling and paging through archives has led me to think that either
> it is a false positive ( either hosted virtual server environment /
> chkrootkit-0.44 reporting falsely), or if it is a true positive,
> the only way to kill it is to nuke the OS.
>
>I haven't been able to lsmod, init 6, etc... which leads me to think
>that it's a true positive.
>
>I would appreciate any advice, there is not much literature out
> there on the subject.
>
>TIA Stu@
I just picked up the latest 0.44 and checked both machines here as
clean.
So... it rather sounds like its real, so the standard advice is to get
it off the net and reinstall. And run yum update as soon as its back
on the net.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.
More information about the fedora-list
mailing list