Chkroot reports LKM troyan, false postive?

From: runlevel0 (
Date: 12/22/03

Date: Mon, 22 Dec 2003 14:04:36 +0000 (UTC)

Hy group,

I run chkrootkit yesterday (22.12.2003) and got all negatives except
for a complaint about:

        "possible lkm troyan"
        "4 processes hidden from ps"

This sound very strange as I just updated to 2.4.23 kernel three days
ago and all the modules are new.

My box does not contain any Windoze, except apps which I can run with

I do not run any server and use firestarter / iptables as firewall.

So I need the following info to get sure:

1) How can I see processes hidden to PS?
2) Would it be possible for a troyan to place a new module for a newly
build kernel (vanilla)?
3) What should I search for and how?
4) Somebody knows about a bug in chkrootkit which could cause this?


Happy Xmas ;)