possible LKM rootkit infection
Scott Brewster
plug-discuss@lists.plug.phoenix.az.us
Wed, 19 Jun 2002 06:40:30 -0700 (PDT)
What are the processes that are invisible? Are any of them using a high/odd
port number? IE ssh on port 37337? Any other info you can provide about this
would also be helpful. IE how is your system connected to the net?
Also, (curiosity on my part)what are using for a rootkit checker?
scott
--- technomage <technomage-hawke@cox.net> wrote:
> ok, my rootkit checker spit out a line that has me concerned.
> it read back checking for LKM and found 4 processes that were invisible to
> both readdir and ps.
>
> This has me a little nervous now. I need to know if I am actually infected
> and if so, how bad and what I can do about it.
>
> I need assistance ASAP here.
>
> I can be reached via telephone at (623)849-9515 or respond directly by
> e-mail.
> if anyone has answers for me, I'd appreciate it.
>
> thanks.
>
> --
> I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
> numbered!
> My life is my own - No. 6
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
> to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com