Re: Possible LKM Trojan , Need Help

From: Florian Ernst (florian_at_uni-hd.de)
Date: 11/29/03

Next message: James Hosken: "Apache and PHP"

Date: Sat, 29 Nov 2003 17:19:46 +0100
To: debian-user@lists.debian.org

Hello Thomas!

On Sat, Nov 29, 2003 at 05:49:31AM -0500, Thomas H. George wrote:
>chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.

Wow, hold on, first check
chkrootkit -x lkm
and see whether the report only contains PID 3-6. If so then it's only
a bug, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217278
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525

Cheers,
Flo

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Next message: James Hosken: "Apache and PHP"

Relevant Pages

lkm trojan
... See the scriptfile below. ... Does LKM trojan and the 0's mean that these 4 are sabotaged Loadable ... The last process nevertheless claims to be my ps aux command itself. ... USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ...
(Debian-User)
Re: chkroot warning
... rsina wrote: ... > You have 11 process hidden for ps command ... > Warning: Possible LKM Trojan installed ... This is from the Mandrake list, but it also pertains to the lkm trojan, ...
(comp.os.linux.security)
Re: LKM Trojan (david walcroft)
... You have 2 process hidden for readdir command ... Warning: Possible LKM Trojan installed ...
(Fedora)
lkm trojan
... I just ran chkrootkit on one of my machines at it turned up the ... You have 4 process hidden for ps command ... Warning: Possible LKM Trojan installed ... How do I diagnose this further, and if there is an LKM trojan, how do I ...
(Debian-User)
Re: chkrootkit and vncserver
... > This morning's normal system checks triggered alarms. ... > You have 5 process hidden for ps command ... > Warning: Possible LKM Trojan installed ...
(Fedora)