[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] trojan possibly found - how do you delete them ?

Subject: Re: [cobalt-users] trojan possibly found - how do you delete them ?
From: steve@xxxxxxxxx
Date: Sun Oct 26 12:09:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 26 Oct 2003 12:07:20 -0600, "Ted" wrote

> 
> Checking `lkm'... You have     1 process hidden for
> readdir command
> You have     1 process hidden for ps command
> Warning: Possible LKM Trojan installed
> 
> found this at the post install run of chkrootkit for
> cobalt's.
> any ideas? 
> 


I had this personally not long ago and, managed to
remove them (briefly). It even infected the virus
scanner.

Unfortunately, after about 5 days they came back, so
clearly I missed something, despite scanning every file
and finding the infected ones and repairing them.

Somehow it manages to live on somewhere and come back
and haunt you.

Only real solution is a complete reload.


Bassi

Prev by Date: Re: [cobalt-users] [RaQ4] Adding 2nd drive
Next by Date: [cobalt-users] Backup solutions for Cobalt RAQ550's
Previous by thread: Re: [cobalt-users] trojan possibly found - how do you delete them ?
Next by thread: [cobalt-users] Moving server

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index