Well, it seems it is all okay (not that I would know). I suppose I should run chkroot kit daily and see if anything new shoes up. and I do disconnect the network (if down eth0 or power off).... I don't leave my computer on overnight (usually) or even on durring the day.. bmike1@0[bmike1]$ sudo env SSH_AGENT_PID=2476 TERM=xterm SHELL=/bin/bash XDM_MANAGED=/var/run/xdmctl/xdmctl-:0,maysd,mayfn,sched,rsvd QTDIR=/usr/share/qt3 OLDPWD=/home/bmike1 USER=root SSH_AUTH_SOCK=/tmp/ssh-aJsV2448/agent.2448 KDEDIR=/usr KONSOLE_DCOP=DCOPRef(konqueror-26933,konsole) PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/ bin KONSOLE_DCOP_SESSION=DCOPRef(konqueror-26933,session-1) PWD=/home/bmike1 LANG=en_US HOME=/home/bmike1 SHLVL=1 LOGNAME=root DISPLAY=:0 _=/usr/bin/sudo SUDO_COMMAND=/usr/bin/env SUDO_USER=bmike1 SUDO_UID=1000 SUDO_GID=1000 bmike1@0[bmike1]$ ls -l /tmp/ssh-aJsV2448/agent.2448 srwxr-xr-x 1 bmike1 bmike1 0 2006-02-17 16:47 /tmp/ssh-aJsV2448/ agent.2448 bmike1@0[bmike1]$ ls -l /tmp/ssh-*/agent* srwxr-xr-x 1 bmike1 bmike1 0 2006-02-17 16:47 /tmp/ssh-aJsV2448/ agent.2448 bmike1@0[bmike1]$ On Friday 17 February 2006 07:58 pm, Mike wrote: > uh-ohhh > > Checking `sshd' ... /usr/bin/strings: Warning: `/' is not an ordinary file > not infected > > Checking 'lkm' ... You have 4 process hidden for ps command > Warning: Possible LKM Trojan installed > > Is this bad? > > On Friday 17 February 2006 07:17 pm, Mike Garfias wrote: > > try chkrootkit > > > > Mike spoke forth with the blessed manuscript: > > > how do you do it? I mean, will there be a new process (ps -e) or > > > something? > > > > > > --------------------------------------------------- > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > To subscribe, unsubscribe, or to change you mail settings: > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change you mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss