Doing some research this morning on the lkm trojan thing revealed that most likely it is a false positive and found out about a 'better' program (less false positives). If anyone is interested it s rkhunter. http://www.rootkit.nl/ (is that netherland?) On Friday 17 February 2006 11:45 pm, Jeremy C. Reed wrote: > On Fri, 17 Feb 2006, Mike wrote: > > Well, it seems it is all okay (not that I would know). I suppose I should > > run chkroot kit daily and see if anything new shoes up. > > I don't think it is okay. > > > > Checking 'lkm' ... You have 4 process hidden for ps command > > > Warning: Possible LKM Trojan installed > > > > > > Is this bad? > > Yes. > > I would track that down more. Install tcpdump and then run it to see yoru > network traffic. But then again, that may not help if something hides its > tracks there too. > > Disconnect the box from the internet. Reboot with a live CD and use it to > research your problem more. (Using the md5sum example I showed in other > email as one thing to do.) > > Jeremy C. Reed > > Media Relations and Publishing Services > http://www.reedmedia.net/ > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss