[plug] GAM SERVER - chkrootkit ?
Lance Duivenbode
lduivenb at iinet.net.au
Fri Dec 2 11:02:02 WST 2005
Perhaps a check to see if anything is listening would also be a good idea?
Run 'netstat --listening --tcp --numeric-ports' to get a complete list.
Ranime wrote:
>Googled, read but not understood... I think I need help....
>
>Two Questions here :
>
>1. My Mandriva 10.2 (LE2005) and 2006 boxes have two instances of
> 'GAM SERVER'
>KPM shows one for 'root' and one for the 'user' as sleeping.
>trying to 'KILL' is not allowed and they they momentarily show as
>'ZOMBIED' ?
>
>can someone please let me know what 'GAM SERVER' is used for on
>Mandriva ?
>
>2. Both boxes when checked with 'chkrootkit' show
>Find... INFECTED
>
>again, googling this appears that this may not be a hacked machine, but
>a clash between an older chkrootkit 0.43 and the newer kernel
>version.....?
>can someone please confirm this please ,
>has anyone got a solution if needed , or have seen this before ?
>
>The 10.2 box has been used for a long while but the 2006 box has only
>just been created in the last week, the only net connection was for ftp
>from mirror.pacific for updates
> and the complete contents of 'main media'
>no web or email etc have been used , and no servers should be running
>and both machines are behind a nat enabled ADSL and swiched eth
>connection.
>
>TIA for any useful advise.
>
>
More information about the plug
mailing list