Chkroot reports LKM troyan, false postive?

From: runlevel0 (
Date: 12/22/03

Date: Mon, 22 Dec 2003 14:04:36 +0000 (UTC)

Hy group,

I run chkrootkit yesterday (22.12.2003) and got all negatives except
for a complaint about:

        "possible lkm troyan"
        "4 processes hidden from ps"

This sound very strange as I just updated to 2.4.23 kernel three days
ago and all the modules are new.

My box does not contain any Windoze, except apps which I can run with

I do not run any server and use firestarter / iptables as firewall.

So I need the following info to get sure:

1) How can I see processes hidden to PS?
2) Would it be possible for a troyan to place a new module for a newly
build kernel (vanilla)?
3) What should I search for and how?
4) Somebody knows about a bug in chkrootkit which could cause this?


Happy Xmas ;)

Relevant Pages

  • Re: Sound gone after yum -y update
    ... Fired up aumix, ... Strange, with kmix it did not seems to work. ... Other strange thing is the sounds worked if i booted with previous kernel, ... playing quake3 without sound is kinky experience :-) ...
  • input method on fc3?
    ... FC3 and soundcard ... >> without problems and sound works fine. ... What modules were loaded with kernel ... I can install and configure samba on Linux as easily as I can install ...
  • Sound userspace drivers (fishing for insight)
    ... about userspace sound drivers for Linux and was like O_o so now I'm ... Write sound; context switch; sound ... syscall into kernel space. ... First off how the heck complex is userspace PCI control, ...
  • 4.6.2 to 4.9 and sound
    ... I used to have sound working perfectly with 4.6.2 and an old SBLive. ... Is there a way I can force the kernel to not recognise the AC97? ... pci0: <PCI bus> on pcib0 ...
  • Re: Question about linux sound...
    ... I either have to close any other apps which may use sound, ... I have an AC'97 sound card and use 2.4.27-2-386 kernel on debian. ... ALSA does have OSS emulation, ...