than once.
As per my original mail above, these two commands will show you the
hidden processes.
First one asks chkrootkit why it thinks there is an LKM Trojan on the
system.
Second one is the helper script run by chkrootkit that lists the hidden
processes but can be run directly.
I am
mail above, these two commands will show you the
hidden processes.
First one asks chkrootkit why it thinks there is an LKM Trojan on the
system.
Second one is the helper script run by chkrootkit that lists the hidden
processes but can be run directly.
I am still seeing output from
Wackojacko on 16/08/08 13:02, wrote:
Ron Johnson wrote:
On 08/16/08 06:17, Wackojacko wrote:
Hi all
I realise there has been some discussion recently over the merits or
otherwise of chkrootkit, but the last two days it is warning of
hidden processes (ps and readdir).
After googling a
Wackojacko on 16/08/08 13:02, wrote:
Ron Johnson wrote:
On 08/16/08 06:17, Wackojacko wrote:
Hi all
I realise there has been some discussion recently over the merits or
otherwise of chkrootkit, but the last two days it is warning of
hidden processes (ps and readdir).
After googling a
Hi all
I realise there has been some discussion recently over the merits or
otherwise of chkrootkit, but the last two days it is warning of hidden
processes (ps and readdir).
After googling a little further I see this has been a problem in the
past but was unable to find any recent
On 08/16/08 06:17, Wackojacko wrote:
Hi all
I realise there has been some discussion recently over the merits or
otherwise of chkrootkit, but the last two days it is warning of hidden
processes (ps and readdir).
After googling a little further I see this has been a problem in the
past but
Ron Johnson wrote:
On 08/16/08 06:17, Wackojacko wrote:
Hi all
I realise there has been some discussion recently over the merits or
otherwise of chkrootkit, but the last two days it is warning of hidden
processes (ps and readdir).
After googling a little further I see this has been a
Very easily. The very first thing the trojan did after installing itself
was to call home. Home has the address of the trojaned machine. Home can
then check up on its trojan and maintain it and activate it or repair it
as necessary.
On Fri, 24 Aug 2007, Mike Bird wrote:
On Friday 24
Note: top posting fixed. Please don't do that. Also overquoting trimmed.
On Sat, Aug 25, 2007 at 02:43:41AM -0500, Jude DaShiell wrote:
On Fri, 24 Aug 2007, Mike Bird wrote:
On Friday 24 August 2007 17:59, Jude DaShiell wrote:
how these trojans survive is by surviving operating system
On Saturday 25 August 2007 00:43, Jude DaShiell wrote:
Very easily. The very first thing the trojan did after installing itself
was to call home. Home has the address of the trojaned machine. Home can
then check up on its trojan and maintain it and activate it or repair it
as necessary.
process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
eth0: PACKET SNIFFER(/sbin/dhclient3[5654])
snip
--
Am I right in thinking the only thing to do is wipe the machine down
to bare metal and reinstall? I'm not sufficiently knowledgeable to do
On Fri, Aug 24, 2007 at 11:24:35AM -0400, John wrote:
Today's run of chkrootkit produced the following ominous message:
[elided]
Am I right in thinking the only thing to do is wipe the machine down
to bare metal and reinstall? I'm not sufficiently knowledgeable to do
much forensic checking.
Those trojans trash very many files whenever anyone tries surgery on them.
That was found out in a security lab by security professionals. If you
can get to a friends computer and download the dban iso file from
http://dban.sf.net and burn that on a single session CD and boot it up on
the
On Friday 24 August 2007 16:16, Jude DaShiell wrote:
Those trojans trash very many files whenever anyone tries surgery on them.
That was found out in a security lab by security professionals. If you
can get to a friends computer and download the dban iso file from
http://dban.sf.net and burn
On Fri, Aug 24, 2007 at 05:01:21PM -0700, Mike Bird wrote:
Why do you believe a security erasure is needed rather than simply
starting with a fresh block zero? If infected, the OP can use a
Debian Installation CD and make new partition tables.
Good question. I've yet to hear a
how these trojans survive is by surviving operating system reinstalls.
The better trojans hide themselves in several out of the way places on
disks and after adjacent areas have got their new files copy themselves
back into the areas where no more disk wiping by the installer is about to
how these trojans survive is by surviving operating system
reinstalls. The better trojans hide themselves in several out of the way
places on disks and after adjacent areas have got their new files copy
themselves back into the areas where no more disk wiping by the installer
is about to
On Friday 24 August 2007 17:59, Jude DaShiell wrote:
how these trojans survive is by surviving operating system reinstalls.
The better trojans hide themselves in several out of the way places on
disks and after adjacent areas have got their new files copy themselves
back into the areas where
JOSE - wrote:
entero de la mitad.
He echo esto:
#chkrootkit -x lkm|less
y los resultados ha sido estos:
1.- Sin habrir las X:
-
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
2.- Abriendo las X:
---
ROOTDIR is `/'
###
### Output of: ./chkproc
...
Warning: `//root/.bash_history' file size is zero
nothing found
.
.
Checking `lkm'... You have 9 process hidden for
readdir command
You have 9 process hidden for ps command
Warning: Possible LKM Trojan installed
.
Puedes probar chkrootkit 0.44 de su webpage. Sid es 0.43 y creo que en
la
Hola denuevo [EMAIL PROTECTED]:
Antes de nada quiero agrader la ayuda prestada a las
personas que habeis respondido a mi consulta.
He oteado por San Google y he visto algunas cosas,
aunque de ingles no entiendo ni papa he visto esta
URL:
http://www.wiggy.net/debian/developer-securing/
Creo que
/.bash_history' file size is zero
nothing found
.
.
Checking `lkm'... You have 9 process hidden for
readdir command
You have 9 process hidden for ps command
Warning: Possible LKM Trojan installed
.
.
Checking `sniffer'... lo: not promisc and no packet
sniffer sockets
.
.
eth0: PACKET SNIFFER
...
Warning: `//root/.bash_history' file size is zero
nothing found
.
.
Checking `lkm'... You have 9 process hidden for
readdir command
You have 9 process hidden for ps command
Warning: Possible LKM Trojan installed
.
.
Checking `sniffer'... lo: not promisc and no packet
sniffer sockets
.
.
eth0
Bonjour,
je suis en kernel 2.6.7-1-k7 quand je lance chkrootkit voila ce que
j'obtiens en réponse, dois je le prendre au serieux ou non??
Checking `lkm'... You have10 process hidden for readdir command
You have10 process hidden for ps command
Warning: Possible LKM Trojan installed
en
aussi les archives de la liste, F. Boisson à fait un tit prog
complémentaire (cacheproc si j'ai bonne mémoire).
Checking `lkm'... You have10 process hidden for readdir command
You have10 process hidden for ps command
Warning: Possible LKM Trojan installed
[...]
A+,
J8.
On Mon, 16 Aug 2004, Gregory Pierce wrote:
In running chkrootkit (version 0.43) tonight I got the following
warning:
Checking `lkm'... You have16 process hidden for readdir command
You have16 process hidden for ps command
Warning: Possible LKM Trojan installed
But when I
Hello all,
In running chkrootkit (version 0.43) tonight I got the following
warning:
Checking `lkm'... You have16 process hidden for readdir command
You have16 process hidden for ps command
Warning: Possible LKM Trojan installed
But when I run chkrootkit from KDE it comes up
Hello all,
In running chkrootkit (version 0.43) tonight I got the following
warning:
Checking `lkm'... You have16 process hidden for readdir command
You have16 process hidden for ps command
Warning: Possible LKM Trojan installed
But when I run chkrootkit from KDE it comes up
I ran chkrootkit -x lkm and I got the following output:
debian-dell:/home/gpierce# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 15705: not in readdir output
PID 15705: not in ps output
CWD 15705: /home/gpierce
EXE 15705: /usr/bin/nautilus
PID 15710: not in readdir
Incoming from Gregory Pierce:
In running chkrootkit (version 0.43) tonight I got the following
warning:
Checking `lkm'... You have16 process hidden for readdir command
You have16 process hidden for ps command
Warning: Possible LKM Trojan installed
But when I run
Am 2004-07-31 02:32:24, schrieb Johannes Roettger:
* Michelle Konzack [EMAIL PROTECTED] [2004-07-30 23:02]:
Schon mal geGOGLEd ?
Da findest Du jede menge zum Thema.
Ich muss sagen, ich finde dein Verhalten wenig konstruktiv... AFAIR hat
er um Rat gebeten, und nicht um UTFSE. Ich zumindest
* Michelle Konzack [EMAIL PROTECTED] [2004-07-31 09:57]:
Message eintippen, auf Suchen klicken und dann bekommste
dutzende von Seiten mit den passenden erklärungen...
Wesenlich schnelle als hier auf der Liste
Abgesehen davon habe ich 37 threads innerhalb der lezten
7 Monate auf
Johannes Roettger [EMAIL PROTECTED] writes:
Natürlich ist es ratsam und wünschenswert zuerst Google zu
konsultieren, aber ich würde jetzt unterstellen, dass der Betreffende
dies schon getan hat (aufgrund seines professionellen Verhaltens).
Erstmal danke für die Unterstützung. :)
Natürlich
Hallo!
Bei meinem letzten regelmässigen Test mit chkrootkit fiel diesem ein
versteckter Prozess auf. Beim anschliessenden zweiten Durchlauf
allerdings gab es keinerlei Fehlermeldungen.
Ich habe das System sofort heruntergefahren und mit dem chkrootkit einer
Knoppix-CD getestet - keine
On Fri, Jul 30, 2004 at 07:41:08PM +0200, Stephan Windmüller wrote:
Bei meinem letzten regelmässigen Test mit chkrootkit fiel diesem ein
versteckter Prozess auf. Beim anschliessenden zweiten Durchlauf
allerdings gab es keinerlei Fehlermeldungen.
Jo, frag mal Google zu dem Thema, chkrootkit
Am Freitag 30 Juli 2004 19:41 schrieb Stephan Windmüller:
Hallo!
Bei meinem letzten regelmässigen Test mit chkrootkit fiel diesem ein
versteckter Prozess auf. Beim anschliessenden zweiten Durchlauf
allerdings gab es keinerlei Fehlermeldungen.
Ich habe das System sofort heruntergefahren und
Am 2004-07-30 19:41:08, schrieb Stephan Windm?ller:
Hallo!
Bei meinem letzten regelmässigen Test mit chkrootkit fiel diesem ein
versteckter Prozess auf. Beim anschliessenden zweiten Durchlauf
allerdings gab es keinerlei Fehlermeldungen.
Ich habe das System sofort heruntergefahren und mit
gerhard [EMAIL PROTECTED] writes:
Der Kernel ist selbstgebaut und enthält den Openwall-Patch.
Welchen kernel verwendest Du ? Bei bestimmten kernel (= 2.6 oder
andere kernel mit NPTL) ist das ein bekannter false-positiv.
Es handelt sich um einen 2.4.26, allerdings weiss ich nicht, was NPTL
für
Torsten Schneider [EMAIL PROTECTED] writes:
Bei meinem letzten regelmässigen Test mit chkrootkit fiel diesem ein
versteckter Prozess auf. Beim anschliessenden zweiten Durchlauf
allerdings gab es keinerlei Fehlermeldungen.
Jo, frag mal Google zu dem Thema, chkrootkit verhaut sich an an der
* Michelle Konzack [EMAIL PROTECTED] [2004-07-30 23:02]:
Schon mal geGOGLEd ?
Da findest Du jede menge zum Thema.
Ich muss sagen, ich finde dein Verhalten wenig konstruktiv... AFAIR hat
er um Rat gebeten, und nicht um UTFSE. Ich zumindest empfinde seine
Anfrage als absolut legitim.
IMHO,
Hi I am replying to the LKM trojan thing, i have seen this in my install
too.
Last night i reinstalled, and i 1fresh install 2unplugged the
net And run chkrootkit imiadiatly after install done.it said 3
processpossible trojan installed...i would have to believe this is a
bug
Hi,
further to my 4 hidden processes, ps finds exactly 4 processes with
PID # 0!
See the scriptfile below.
I later found out that top numbers these processes as 3,4,5 6, same
sequence.
The names of the processes
I find this hard to understand:
Does LKM trojan and the 0's mean that these 4
Hello '@(none)'!
On Sat, Feb 07, 2004 at 10:35:20AM +0100, @(none) wrote:
further to my 4 hidden processes, ps finds exactly 4 processes with
PID # 0!
[...]
[EMAIL PROTECTED]:/home/ijbd# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.076
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Feb 07, 2004 at 10:35:20AM +0100, @(none) wrote:
Does LKM trojan and the 0's mean that these 4 are sabotaged Loadable
Kernel Modules?
Not necessarily. RTFArchives.
- --
.''`. Paul Johnson [EMAIL PROTECTED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Dec 22, 2003 at 08:38:59AM -0700, user list wrote:
How do I diagnose this further, and if there is an LKM trojan, how do I
remove it?
Please read the archives and chkrootkit's bug reports. This is likely
a known bug. Check against the bug
I just ran chkrootkit on one of my machines at it turned up the
following:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
How do I diagnose this further, and if there is an LKM trojan, how do I
remove it?
Art Edwards
--
To UNSUBSCRIBE
for ps command
Warning: Possible LKM Trojan installed
How do I diagnose this further, and if there is an LKM trojan, how do I
remove it?
Art Edwards
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
--
To UNSUBSCRIBE
? SW 17:52 0:00 [bdflush]
root 6 0.0 0.0 0 0 ? SW 17:52 0:00 [kupdated]
Pourquoi donc ? Un bug dans la version instable ?
Moi je suis en testing avec le même problème à priori
Un chkrootkit -q donne :
You have 7 process hidden for ps command
Warning: Possible LKM
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
Before reformating the hard drive and reinstalling Debian, started a dvd
backup using growisofs.
The backup of /usr was successful, backup of /var failed with duplicate
names in /rr_moved.
Obviously I would like
On Sat, Nov 29, 2003 at 05:49:31AM -0500, Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217278
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=219730
Before reformating the hard drive
On Sat, Nov 29, 2003 at 05:49:31AM -0500, Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
Do you have any other evidence of the LKM Trojan, beyond chkrootkit's
output?
I think you may just be looking at a bug that's not yet been worked
out
On Sat, 29 Nov 2003 05:49:31 -0500, Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
Before reformating the hard drive and reinstalling Debian, started a dvd
backup using growisofs.
The backup of /usr was successful, backup of /var failed
Hello Thomas!
On Sat, Nov 29, 2003 at 05:49:31AM -0500, Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
Wow, hold on, first check
chkrootkit -x lkm
and see whether the report only contains PID 3-6. If so then it's only
a bug, see
http
Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps
command.
Bug in chrootkit. Check Debian Bugs. Has been discussed here before.
Before reformating the hard drive and reinstalling Debian, started a dvd
backup using growisofs.
The backup of /usr
On Sat, Nov 29, 2003 at 05:49:31AM -0500, Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
Are you aware to, for example, the section titled `Running chkrootkit'
of http://www.wiggy.net/debian/developer-securing?
I don't know
On Sat, Nov 29, 2003 at 10:58:31AM -0500, Paul Morgan wrote:
On Sat, 29 Nov 2003 05:49:31 -0500, Thomas H. George wrote:
chkrootkit reported possible LKM Trojan. 4 processes hidden for ps command.
Before reformating the hard drive and reinstalling Debian, started a dvd
backup using
On Sat, Nov 29, 2003 at 09:39:30AM -0500, Thomas H. George wrote:
I still must learn about the /rr_moved directory which blocks my
In case it helps : rr_moved is the name used for a special directory on
iso9660 filesystems when using Rock Ridge extensions. IIRC it is needed
because standard
On Sat, 29 Nov 2003 21:10:14 +0100, Thomas H. George wrote:
I still must learn about the /rr_moved directory which blocks my
backups but this is a separate issue so I will post a separate question.
man mkisofs, look for rr_moved in various capitalizations.
--
Best Regards, | Hi! I'm a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Nov 16, 2003 at 05:10:00PM +0100, Kjetil Kjernsmo wrote:
(shouldn't this be more severe than wishlist, I mean, as the reporter
says it almost gives people a heartattack...?)
No. /usr/share/doc/chkrootkit/README.Debian
- --
.''`.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Nov 16, 2003 at 04:52:56PM +, Richard Kimber wrote:
You just upgraded to unstable, eh? :-)
It happens in testing too.
bugreport chkrootkit and look for the bug in question and attach that
information if you don't already see it.
-
It seems that I have been infected with the LKM trojan. Below is what I
received from running chkrootkit. I was wondering is there is a way to
find out how I was infected, and more importantly is there a quick and
easy way to remove it.
Checking `lkm'... You have 4 process hidden for ps
On Sunday 16 November 2003 16:41, Gerard Ceraso wrote:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
You just upgraded to unstable, eh? :-)
I did the same thing a few weeks ago, and was as shocked as you. But I
googled the archives
On Sun, 16 Nov 2003 17:10:00 +0100
Kjetil Kjernsmo [EMAIL PROTECTED] wrote:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
You just upgraded to unstable, eh? :-)
It happens in testing too.
--
Richard Kimber
http
yup I am running unstable. I was going crazy over here.
~gerard
On Sun, 2003-11-16 at 11:52, Richard Kimber wrote:
On Sun, 16 Nov 2003 17:10:00 +0100
Kjetil Kjernsmo [EMAIL PROTECTED] wrote:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan
le Sun, Nov 02, 2003 at 11:18:28PM +0100, Michel Luc à écrit :
Je suis en unstable :
root1 0.0 0.0 1372 476 ? S12:21 0:00 init [2]
root 2 0.0 0.0 00 ? SW 12:21 0:00 [keventd]
root 3 0.0 0.0 00 ? SWN 12:21 0:00 [ksoftirqd_CPU0]
Ainsi parla [EMAIL PROTECTED] le 308ème jour de l'an 2003:
J'ai le même probléme, j'ai trouvé un rapport de bug sur le BTS qui
parle de ça, mais, j'avoue ne pas y comprendre grand chose :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
je suis en unstable avec un noyau compilé a
Am 2003-11-02 16:51:43, schrieb Jean-Claude AYGALENQ:
Bonsoir,
Je crois bien que ma machine est infectée.
(Je suis sous debian/instable: noyau 2.4.22
;-)
C'est un BUG !!!
Utilisee 'top' et les process sont visible...
Pas de panique
Michelle
--
Registered Linux-User #280138 with the Linux
Le Dimanche 02 Novembre 2003 23:33, Sylvain LE GALL a écrit :
C'est pas des process user !
C'est des processes kernel : priorité absolue et hors de toute forme de
gestion de process ( pas de memoire, pas de CPU... un truc du kernel
space quoi ).
Pour ceux que je connais :
- kswapd :
process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... Checking `w55808'... not infected
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... nothing deleted
:
---
Checking `bindshell'... not infected
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... Checking `w55808'... not infected
Checking `wted'... nothing deleted
Checking `scalper
J'ai la même sortie que toi pour ./chkrootkit -x lkm
Et je suis certain de ne pas être infecté. A moins que depuis 1H ma
Debian/Sid toute fraiche ne soit corrompue ;)
De même, 4 processus non listés dans ps. Par contre, j'ai aussi 4
processus avec un PID de 0 dans ps aux :
root 3
VETSEL Patrice wrote:
J'ai la même sortie que toi pour ./chkrootkit -x lkm
Et je suis certain de ne pas être infecté.
Itou
--
: __ __ __ __ __ __ [EMAIL PROTECTED]
: /_// __ // __ //_// __ // / phone.: +48 32 285 5276
: / / / /_/ // /_/ / / / / /_/ // /
J'ai aussi le même message.
J'ai reinstallé le package procps pour être sûr de ma commande ps, le
«problème» persiste.
Je suis allé dans /proc pour voir ce que contiennent les répertoires
correspondants aux pid incriminés : ça resseemble à un clone du pid 1
sauf qu'il y a un lien symbolique
Bonjour et merci de vos reponses si promptes,
De même, 4 processus non listés dans ps. Par contre, j'ai aussi 4
processus avec un PID de 0 dans ps aux :
root 3 0.0 0.0 0 0 ? SW Nov01 0:00 [kapmd]
root 0 0.0 0.0 0 0 ? SWN Nov01 0:00
Le Dimanche 2 Novembre 2003 19:53, Jean-Claude AYGALENQ a écrit :
[ ... ]
Malgre tout, pourrait-on savoir pourquoi donc ces 4 process
(ksoftirqd_CPU0, kswapd, bdflush, kupdated)
ne se voient pas attribuer de pid.
Sur ma debian/stable (ma passerelle) il n'y pas ce genre de problemes:
Bonjour,
On Sun, Nov 02, 2003 at 07:53:43PM +0100, Jean-Claude AYGALENQ wrote:
Bonjour et merci de vos reponses si promptes,
De même, 4 processus non listés dans ps. Par contre, j'ai aussi 4
processus avec un PID de 0 dans ps aux :
root 3 0.0 0.0 0 0 ? SW
Apart from the LKM trojan warning i'm also getting:
Checking `scalper'... Warning: Possible Scalper Worm installed
Running SID(update every day)
False alarm aswell i presume?
Cheers
At 20:18 28-10-2003 -0500, Thomas R. Shemanske wrote:
Micha Feigin wrote:
I got the following output from
See also bug report filed on chkrootkit:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217278
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Monday 27 October 2003 23:37, Micha Feigin wrote:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
Uh-oh, I'm seeing this too... I have just upgraded to unstable...
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic
Micha Feigin wrote:
I got the following output from chkrootkit but couldn't find any
explenation on what processes don't appear:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
I recently (two weeks) built a new box behind a firewall. A friend
I got the following output from chkrootkit but couldn't find any
explenation on what processes don't appear:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
How do I check this?
I also got:
Checking `wted'... 1 deletion(s) between Tue Oct 7
Pessoal, passei o chkrootkit, última versão (0.41), e está acusando o seguinte:
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
O servidor é woody com kernel 2.4.18 e em outros servidores isto
'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
O servidor é woody com kernel 2.4.18 e em outros servidores isto não
acontece. LKM não é Linux Kernel Module? Seria um módulo pro kernel com
código
83 matches
Mail list logo
