Possible LKM Trojan , Need Help

To: debian-user@lists.debian.org
Subject: Possible LKM Trojan , Need Help
From: "Thomas H. George" <xyz@spininternet.com>
Date: Sat, 29 Nov 2003 05:49:31 -0500
Message-id: <[🔎] 3FC879BB.6010007@spininternet.com>

chkrootkit reported possible LKM Trojan.  4 processes hidden for ps command.

Before reformating the hard drive and reinstalling Debian, started a dvdbackup using growisofs.The backup of /usr was successful, backup of /var failed with duplicatenames in /rr_moved.

Obviously I would like to delete /rr_moved but it is hidden from me. Isthere any way to do this?

In the mean time I am continuing the backup on the assumption that Imight retrieve specific files without reconatiminating the system.

The backup of /home was successful with the warning "missing whole namefor 'rr_moved'"

Tom

Reply to:

Follow-Ups:
- Re: Possible LKM Trojan , Need Help
  - From: "Jamin W. Collins" <jcollins@asgardsrealm.net>
- Re: Possible LKM Trojan , Need Help
  - From: Brian McGroarty <brian@mcgroarty.net>
- Re: Possible LKM Trojan , Need Help
  - From: Paul Morgan <paulswm@earthlink.net>
- Re: Possible LKM Trojan , Need Help
  - From: Florian Ernst <florian@uni-hd.de>
- Re: Possible LKM Trojan , Need Help
  - From: Hugo Vanwoerkom <hvw59601@care2.com>
- Re: Possible LKM Trojan , Need Help
  - From: Shaul Karl <shaulk@actcom.net.il>
- Pacific Digital Mach52 CD-RW
  - From: alex <radsky@ncia.net>

Prev by Date: Re: freebsd - Re: recommended Virus Scanner?
Next by Date: Re: How to get away with small /var partition
Previous by thread: Re: Help w/Spamassassin via apt-get
Next by thread: Re: Possible LKM Trojan , Need Help
Index(es):
- Date
- Thread