Re: chkrootkit...lkm trojan?... only from gnome [from debian-user]

To: debian-user@lists.debian.org
Cc: chkrootkit <users@chkrootkit.org>
Subject: Re: chkrootkit...lkm trojan?... only from gnome [from debian-user]
From: "s. keeling" <keeling@spots.ab.ca>
Date: Mon, 16 Aug 2004 21:05:17 -0600
Message-id: <[🔎] 20040817030517.GA14503@infidel.spots.ab.ca>
In-reply-to: <[🔎] 1092702693.15772.10.camel@localhost.localdomain>
References: <[🔎] 1092702693.15772.10.camel@localhost.localdomain>

Incoming from Gregory Pierce:
> 
> In running chkrootkit (version 0.43) tonight I got the following
> warning:
> 
> 	Checking `lkm'... You have    16 process hidden for readdir command
> You have    16 process hidden for ps command
> Warning: Possible LKM Trojan installed
> 
> But when I run chkrootkit from KDE it comes up clean.  Can I really be
> compromised and chkrootkit detect a trojan from within gnome but not
> when I am running from KDE?
> 
> I am not at all sure what to do from here.  Should I just start from
> scratch and re-install everything?

I think all chkrootkit installs should be accompanied by a banner
(which demands acknowledgement) which mentions what new users should
do when chkrootkit tells them something appears to be fishy.

  - check the chkrootkit archives( http://marc.theaimsgroup.com/?l=chkrootkit-users)

  - send questions and queries to the chkrootkit mailing list
    (users@chkrootkit.org).

  - Don't panic!


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to:

References:
- chkrootkit...lkm trojan?... only from gnome
  - From: Gregory Pierce <prcg@mac.com>

Prev by Date: Re: Serial terminal in testing?
Next by Date: Re: Serial terminal in testing?
Previous by thread: Re: chkrootkit...lkm trojan?... only from gnome
Next by thread: chkrootkit...lkm trojan?... only from gnome
Index(es):
- Date
- Thread