FW: [plug] GAM SERVER - chkrootkit ?

Craig Foster craig at fostware.net
Fri Dec 2 11:58:47 WST 2005


?
http://ww.chkrootkit.org shows the latest version as 0.46a - just a few versions behind...
 
Maybe it's an oversite they've fixed?

________________________________

From: plug-bounces at plug.org.au on behalf of Ranime
Sent: Fri 02-Dec-05 10:56 AM
To: plug at plug.org.au
Subject: [plug] GAM SERVER - chkrootkit ?



Googled, read but not understood...  I think I need help....

Two Questions  here :

1. My Mandriva 10.2 (LE2005) and 2006 boxes  have two instances of
 'GAM SERVER' 
KPM shows one for 'root' and one for the 'user' as sleeping.
trying to 'KILL' is not allowed and they they momentarily show as
'ZOMBIED' ?

can someone please let me know what 'GAM SERVER' is used for on
Mandriva ?

2. Both boxes when checked with 'chkrootkit' show
Find... INFECTED

again, googling this appears that this may not be a hacked machine, but
a clash between an older chkrootkit 0.43 and the newer kernel
version.....?
can someone please confirm this please ,
has anyone got a solution if needed , or have seen this before ?

The  10.2 box has been used for a long while but the 2006 box has only
just been created in the last week, the only net connection was for ftp
from mirror.pacific for updates
 and the complete contents of 'main media' 
no web or email etc have been used , and no servers should be running
and both machines are behind a nat enabled ADSL and swiched  eth
connection.

TIA for any useful advise.
--
>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<
Regards.
Ranime.

Linux Counter Registered User #302050
Mandriva 10.2 KDE 3.3

sipphone :            17476016164
free world dialup :   630406
_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20051202/e2fe21ff/attachment.html>


More information about the plug mailing list