Re: LKM Trojan installed
From: Bruce Garlock (bruceg@garlockprinting.com)
Date: 02/08/03
- Previous message: Cal Peake: "Re: LKM Trojan installed"
- In reply to: Rivanor P. Soares: "LKM Trojan installed"
- Next in thread: Zow: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 07 Feb 2003 21:51:22 -0500 From: Bruce Garlock <bruceg@garlockprinting.com> To: "Rivanor P. Soares" <rivanor@bol.com.br>
Rivanor P. Soares wrote:
> While running 'chkrootkit' at my box (RH 7.3) I saw the following:
>
> Checking `lkm'... You have 69 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Could this be *true* ? How can I discover it?
>
> Cheers...
>
> Rivanor.
Make sure you are running chkrootkit 0.39, as there are fixes in
chkproc.c I had some problems with version 0.38, and when I tried 0.37,
I didn't get the 'xx process hidden for ps command', and the warning.
Updating to 0.39 showed no warnings either. If you are running 0.39,
please follow the advise of the other posts. My guess is that 0.38 has
a bug, with chkproc, but you can always contatct the author to verify.
HTH...
Bruce
- Next message: Nathan Yocom: "Re: LKM Trojan installed"
- Previous message: Cal Peake: "Re: LKM Trojan installed"
- In reply to: Rivanor P. Soares: "LKM Trojan installed"
- Next in thread: Zow: "Re: LKM Trojan installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
