[users]anti-spyware/ad-ware for linux
Jimmy Wu
jimmywu013 at gmail.com
Thu Aug 30 18:09:01 UTC 2007
On 8/30/07, NoOp <glgxg at sbcglobal.net> wrote:
>
> On 08/30/2007 08:26 AM, NoOp wrote:
> > On 08/29/2007 01:00 PM, Jimmy Wu wrote:
> >> Tried chkrootkit, and everything seems fine, except for these lines:
> >> Checking `lkm'... You have 3 process hidden for readdir command
> >> You have 3 process hidden for ps command
> >> chkproc: Warning: Possible LKM Trojan installed
> >>
> >> Should I be worried, and what should I do?
> >>
> >> Thanks
> >>
> >
> > Google is your friend (sometimes)... you'll find many threads regarding
> > chkrootkit and the possibility of false positives. Google for "Possible
> > LKM Trojan installed". Also:
> >
> > http://www.chkrootkit.org/faq/
> > http://www.chkrootkit.org/faq/#6
> >
> > However, I would take it as serious until you can confirm that it is a
> > false positive. I'd also recommend that you scan using Rootkit Hunter:
> > http://www.rootkit.nl/projects/rootkit_hunter.html
> >
> > $ sudo apt-get install rkhunter
> >
> > to see if it finds the same.
> >
> >
>
> Sorry, forgot to add that after '$ sudo apt-get install rkhunter' do:
>
> $ sudo rkhunter --update
> then
> $ sudo rkhunter -c
>
> Gary
tried rkhunter:
it didn't find LKM trojan, but it did give a Warning with a message
tellingme to "Please inspect" the following hidden files:
/dev/.static
/dev/.udev
/dev/.initramfs
Jimmy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070830/e9e742a3/attachment.html>
More information about the ubuntu-users
mailing list