[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Houston, I May Have a Problem (chkrootkit Results)

On Sat, Aug 28, 2004 at 08:56:19PM -0700, Scarletdown wrote:
> Since I have been having occasional problems getting verious packages
> installed or uninstalled, I decided to do a chkrootkit.  The results
> look rather disturbing.  Is there anyway short of starting from scratch
> to fix the problems that showed up?  Here's the results...
> 
> ROOTDIR is `/'
> Checking `ifconfig'... INFECTED
> Checking `ls'... INFECTED
> Checking `netstat'... INFECTED
> Checking `ps'... INFECTED
> Checking `pstree'... INFECTED
> Checking `top'... INFECTED

> Checking `lkm'... You have     2 process hidden for ps command
> Warning: Possible LKM Trojan installed

1. It has been discussed that chkrootkit is very paranoid.
   lkm, for instance, could think that threads are hidden processes.

2. You may want to:

apt-get --reinstall install fileutils procps psmisc net-tools

That will install the Debian versions of the utilities chkrootkit
complained about.

-- 
The world's most effective spam filter:

while :; do sleep 1 > /var/mail/$USER; done
Reply to: