[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Possible LKM Trojan installed

Subject: RE: [cobalt-users] Possible LKM Trojan installed
From: aljuhani <aljuhani@xxxxxxxxx>
Date: Sat Feb 15 13:03:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hello,

If it is not showing on the second run then there is nothing to worry about.  
The FAQ item 6 at (http://www.chkrootkit.org) says:

"6. How accurate is chkproc? 
If you run chkproc on a server that runs lots of short time processes it could 
report some false positives. chkproc compares the ps output with the /proc 
contents. If processes are created/killed during this operation chkproc could 
point out these PIDs as suspicious."

aljuhani@xxxxxxxxx

==Orignial Message==
Hi every body,

I just ran latest chrootkit-0.39a and got:

Checking `lkm'... You have     2 process hidden for readdir command
You have     2 process hidden for ps command
Warning: Possible LKM Trojan installed

After checking logs I ran ./chrootkit -x and didn't find anything.

Reran ./chrootkit and now I got:

Checking `lkm'... nothing detected

Any idea?
Was it misunderstood or just vanished ?

TIA

Jorge Ceballos Valdés
EscuelaEnLinea.com.mx
Aplicaciones Especiales por Internet
Plaza Villa de Madrid 3 - 203,
Col. Roma
México D.F. 06700
Tels (01+52) 55 - 5207-8481 y 8709
Fax  (01+52) 55 -5207-7941

Prev by Date: [cobalt-users] Possible LKM Trojan installed
Next by Date: Re: [cobalt-users] Cobalt RaQ3i
Previous by thread: [cobalt-users] Possible LKM Trojan installed
Next by thread: [cobalt-users] Raq 4i: The password file is locked..???

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index