Need some help with a hacker exorcism....
Michael ODonnell
michael.odonnell at comcast.net
Tue May 18 09:02:00 EDT 2004
I wrote:
>>> CHECKING: "lkm"
>>> You have 17 process hidden for readdir command
>>> You have 17 process hidden for ps command
>>> - WARNING!! INFECTED!! Possible LKM Trojan installed
>>
>>What produced this output?
>
>
>Those look like msgs generated by chkrootkit. FWIW:
>
>chkrootkit does unfortunately generate false positives
I should mention that I was responding to the response
rather than to the original message, and just talking
about chkrootkit in general. However, after re-reading
the original message, I would say that the owner of
the machine in question should definitely be alarmed
and be taking appropriate measures.
More information about the gnhlug-discuss
mailing list