lkm trojan
Mike
bmike101 at cox.net
Sun Feb 19 06:35:48 MST 2006
Doing some research this morning on the lkm trojan thing revealed that most
likely it is a false positive and found out about a 'better' program (less
false positives).
If anyone is interested it s rkhunter. http://www.rootkit.nl/ (is that
netherland?)
On Friday 17 February 2006 11:45 pm, Jeremy C. Reed wrote:
> On Fri, 17 Feb 2006, Mike wrote:
> > Well, it seems it is all okay (not that I would know). I suppose I should
> > run chkroot kit daily and see if anything new shoes up.
>
> I don't think it is okay.
>
> > > Checking 'lkm' ... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
> > >
> > > Is this bad?
>
> Yes.
>
> I would track that down more. Install tcpdump and then run it to see yoru
> network traffic. But then again, that may not help if something hides its
> tracks there too.
>
> Disconnect the box from the internet. Reboot with a live CD and use it to
> research your problem more. (Using the md5sum example I showed in other
> email as one thing to do.)
>
> Jeremy C. Reed
>
> Media Relations and Publishing Services
> http://www.reedmedia.net/
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list