Possible LKM Trojan , Need Help

• Previous message: Paul Morgan: "Re: freebsd - Re: recommended Virus Scanner?"
• Next in thread: Jamin W. Collins: "Re: Possible LKM Trojan , Need Help"
• Reply: Jamin W. Collins: "Re: Possible LKM Trojan , Need Help"
• Reply: Brian McGroarty: "Re: Possible LKM Trojan , Need Help"
• Reply: Paul Morgan: "Re: Possible LKM Trojan , Need Help"
• Reply: Florian Ernst: "Re: Possible LKM Trojan , Need Help"
• Reply: Hugo Vanwoerkom: "Re: Possible LKM Trojan , Need Help"
• Reply: Shaul Karl: "Re: Possible LKM Trojan , Need Help"
• Reply: alex: "Pacific Digital Mach52 CD-RW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 29 Nov 2003 05:49:31 -0500
To: debian-user@lists.debian.org

chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.

Before reformating the hard drive and reinstalling Debian, started a dvd
backup using growisofs.
The backup of /usr was successful, backup of /var failed with duplicate
names in /rr_moved.

Obviously I would like to delete /rr_moved but it is hidden from me. Is
there any way to do this?

In the mean time I am continuing the backup on the assumption that I
might retrieve specific files without reconatiminating the system.

The backup of /home was successful with the warning "missing whole name
for 'rr_moved'"

Tom

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Paul Morgan: "Re: freebsd - Re: recommended Virus Scanner?"
• Next in thread: Jamin W. Collins: "Re: Possible LKM Trojan , Need Help"
• Reply: Jamin W. Collins: "Re: Possible LKM Trojan , Need Help"
• Reply: Brian McGroarty: "Re: Possible LKM Trojan , Need Help"
• Reply: Paul Morgan: "Re: Possible LKM Trojan , Need Help"
• Reply: Florian Ernst: "Re: Possible LKM Trojan , Need Help"
• Reply: Hugo Vanwoerkom: "Re: Possible LKM Trojan , Need Help"
• Reply: Shaul Karl: "Re: Possible LKM Trojan , Need Help"
• Reply: alex: "Pacific Digital Mach52 CD-RW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

• Re: Backup Exec 11d - weird System Account credential failures, maybe SQL issue
  ... but the first backup job ... "Authentication failed on connection to the server
  - make sure tha ... "successful - used server credentials" ... like 30 seconds -
  but is successful) ... (microsoft.public.backoffice.smallbiz)
• Re: growisofs ejects when finished
  ... > I am using growisofs to backup to DVD. ... > subsequent
  backups don't cost one mount (since, as I recall, each mount ... (Debian-User)
• mksysb question
  ... I wrote a script to run occasionally for creating a mksysb. ... Populating the
  CD or DVD file system... ... Copying backup to the CD or DVD file system... ...
  mkrr_fs was successful. ... (AIX-L)
• Re: mksysb question
  ... same DVD merrily until it finished. ... MKSYSB through SMIT. ...
  Copying backup to the CD or DVD file system... ... mkrr_fs was successful. ...
  (AIX-L)
• RE: Windows 2003 SP1 NTbackup
  ... Contact MS and ask for hotfix 902389. ... If it is not successful, ...
  > Works in Windows XP but not in Windows 2003 or Windows 2003 SmallBusiness. ... >>
  AIT Tape drives as backup devices which have always worked perfectly. ... (microsoft.public.windows.server.general)