Adam Hardy wrote:
However, using #chkrootkit -x lkm and #/usr/lib/chkrootkit/chkproc -v -vWacko,you haven't got a script that does that have you? (Identifying the process that is hidden from /proc/PID?) Seems a bit laborious doing it manually more than once.Adam
As per my original mail above, these two commands will show you the hidden processes.
First one asks chkrootkit why it thinks there is an LKM Trojan on the system.
Second one is the helper script run by chkrootkit that lists the hidden processes but can be run directly.
I am still seeing output from these commands, but the daily chkrootkit email warning of LKM Trojan has now disappeared!!