Re: LKM Trojan (david walcroft)
From: Philippe Lasfargues (philippe.lasfargues_at_tele2.fr)
Date: 12/01/04
- Previous message: William M. Quarles: "Re: Recent Fedora Core kernels (plus my SPEC file for 2.6.8-1.541 with Athlon support)"
- Next in thread: david walcroft: "Re: LKM Trojan (david walcroft)"
- Reply: david walcroft: "Re: LKM Trojan (david walcroft)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: fedora-list@redhat.com Date: Wed, 01 Dec 2004 07:53:13 +0100
------------------------------
Message: 16
Date: Wed, 01 Dec 2004 10:05:14 +1000
From: david walcroft <david_walcroft@yahoo.com.au>
Subject: LKM Trojan
To: For users of Fedora Core releases <fedora-list@redhat.com>
Message-ID: <41AD0ABA.2010705@yahoo.com.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
yesterday chkrootkit logged this
Checking `lkm'...
You have 2 process hidden for readdir command
You have 2 process hidden for ps command
Warning: Possible LKM Trojan installed
Today it logs
Checking `lkm'...
You have 4 process hidden for readdir command
You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
Would these be a 'false positive' or for real and if so how do I
confirm and remove any infected process/trojan
Thanks david
------------------------------
Hi David,
Sometimes I have 64 process hidden for readdir command... with chkrootkit.
But nothing wrong with Rootkit Hunter 1.1.8. (http://www.rootkit.nl/)
Please try it and tell me.
Philippe
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: William M. Quarles: "Re: Recent Fedora Core kernels (plus my SPEC file for 2.6.8-1.541 with Athlon support)"
- Next in thread: david walcroft: "Re: LKM Trojan (david walcroft)"
- Reply: david walcroft: "Re: LKM Trojan (david walcroft)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
