possible LKM rootkit infection
George Toft
plug-discuss@lists.plug.phoenix.az.us
Wed, 19 Jun 2002 07:52:32 -0400
Please post your results when you reach resolution.
George
--
If you feel you have received a virus from me, please read
http://www.georgetoft.com/virus.html
because it wasn't me!
--
technomage wrote:
>
> ok, my rootkit checker spit out a line that has me concerned.
> it read back checking for LKM and found 4 processes that were invisible to
> both readdir and ps.
>
> This has me a little nervous now. I need to know if I am actually infected
> and if so, how bad and what I can do about it.
>
> I need assistance ASAP here.
>
> I can be reached via telephone at (623)849-9515 or respond directly by e-mail.
> if anyone has answers for me, I'd appreciate it.
>
> thanks.
>
> --
> I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
> numbered!
> My life is my own - No. 6
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss