Today's run of chkrootkit produced the following ominous message: ------------------------------------- /etc/cron.daily/chkrootkit:
Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]> Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]> Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]> The following suspicious files and directories were found: /usr/lib/jvm/java-6-sun-1.6.0.02/.systemPrefs /usr/lib/jvm/.java-6-sun.jinfo /usr/lib/xulrunner/.autoreg /usr/lib/iceweasel/.autoreg /lib/init/rw/.ramfs Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]> You have 10 process hidden for readdir command You have 121 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed eth0: PACKET SNIFFER(/sbin/dhclient3[5654]) <snip> ---------------------------------- Am I right in thinking the only thing to do is wipe the machine down to bare metal and reinstall? I'm not sufficiently knowledgeable to do much forensic checking. Thanks for any pointers. -- [EMAIL PROTECTED] ==================================================== GPG key 1024D/99421A63 2005-01-05 EE51 79E9 F244 D734 A012 1CEC 7813 9FE9 9942 1A63 gpg --keyserver subkeys.pgp.net --recv-keys 99421A63
signature.asc
Description: Digital signature