Doing some research this morning on the lkm trojan thing revealed that most 
likely it is a false positive and found out about a 'better' program (less 
false positives). 

If anyone is interested it s rkhunter. http://www.rootkit.nl/ (is that 
netherland?)

On Friday 17 February 2006 11:45 pm, Jeremy C. Reed wrote:
> On Fri, 17 Feb 2006, Mike wrote:
> > Well, it seems it is all okay (not that I would know). I suppose I should
> > run chkroot kit daily and see if anything new shoes up.
>
> I don't think it is okay.
>
> > > 	Checking 'lkm' ... You have      4 process hidden for ps command
> > > 	Warning: Possible LKM Trojan installed
> > >
> > > Is this bad?
>
> Yes.
>
> I would track that down more. Install tcpdump and then run it to see yoru
> network traffic. But then again, that may not help if something hides its
> tracks there too.
>
> Disconnect the box from the internet. Reboot with a live CD and use it to
> research your problem more. (Using the md5sum example I showed in other
> email as one thing to do.)
>
>  Jeremy C. Reed
>
>  	  	 	 Media Relations and Publishing Services
> 	  	 	 http://www.reedmedia.net/
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss