Re: chkrootkit...lkm trojan?... only from gnome [from debian-user]
From: s. keeling (keeling_at_spots.ab.ca)
Date: 08/17/04
- Previous message: Kevin Mark: "Re: Serial terminal in testing?"
- In reply to: Gregory Pierce: "chkrootkit...lkm trojan?... only from gnome"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 16 Aug 2004 21:05:17 -0600 To: debian-user@lists.debian.org
Incoming from Gregory Pierce:
>
> In running chkrootkit (version 0.43) tonight I got the following
> warning:
>
> Checking `lkm'... You have 16 process hidden for readdir command
> You have 16 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> But when I run chkrootkit from KDE it comes up clean. Can I really be
> compromised and chkrootkit detect a trojan from within gnome but not
> when I am running from KDE?
>
> I am not at all sure what to do from here. Should I just start from
> scratch and re-install everything?
I think all chkrootkit installs should be accompanied by a banner
(which demands acknowledgement) which mentions what new users should
do when chkrootkit tells them something appears to be fishy.
- check the chkrootkit archives( http://marc.theaimsgroup.com/?l=chkrootkit-users)
- send questions and queries to the chkrootkit mailing list
(users@chkrootkit.org).
- Don't panic!
-- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Kevin Mark: "Re: Serial terminal in testing?"
- In reply to: Gregory Pierce: "chkrootkit...lkm trojan?... only from gnome"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
