[plug] Possible LKM Trojan?
Chris Caston
caston at arach.net.au
Wed Dec 3 09:38:38 WST 2003
Thanks mate,
>From the looks of things it is most likely a false positive but I'll
check it out after I've finished "driving all over Perth fixing people
windows machines" for the day.
ClamAV is still going.
regards,
Chris
On Wed, 2003-12-03 at 09:30, Rob Davies wrote:
> Mornin Chris,
>
> Here is a link from the Debian investigation report released last night.
> HTH
>
> http://www.wiggy.net/debian/developer-securing/
>
> The link to full report
> On Wed, 2003-12-03 at 09:11, Chris Caston wrote:
> > Hello,
> >
> > I have just run chkrootkit (for the first time) and got a message saying
> > that I may have an LKM Trojan installed:
> >
> > Checking 'lkm'... You have 9 processes hidden for readdir command
> >
> > You have 9 process hidden for ps command
> > Warning possible LKM trojan installed.
> >
> > Anyone know how to check for this?
> >
> > I've just updated and started running ClamAV (clamscan --recursive)
> > from the root directory. I'll post back if it finds anything.
> >
> > Oh and does LKM stand for Linux Kernel Module?
> >
> > thanks,
> >
> > Chris Caston
> >
> > _______________________________________________
> > plug mailing list
> > plug at plug.linux.org.au
> > http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
>
> _______________________________________________
> plug mailing list
> plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
>
More information about the plug
mailing list