Re: Possible LKM Trojan installed

To: debian-user@lists.debian.org
Cc: feedback@lists.sf.net
Subject: Re: Possible LKM Trojan installed
From: Carl Fink <carl@finknetwork.com>
Date: Fri, 24 Aug 2007 12:33:48 -0400
Message-id: <[🔎] 20070824163348.GA20943@nitpicking.com>
Mail-followup-to: debian-user@lists.debian.org, feedback@lists.sf.net
In-reply-to: <[🔎] 20070824152435.GA10772@columbus.rr.com>
References: <[🔎] 20070824152435.GA10772@columbus.rr.com>

On Fri, Aug 24, 2007 at 11:24:35AM -0400, John wrote:
> Today's run of chkrootkit produced the following ominous message:

[elided]

> Am I right in thinking the only thing to do is wipe the machine down
> to bare metal and reinstall?  I'm not sufficiently knowledgeable to do
> much forensic checking.

Chkrootkit has been un-updated (by the original maintainer, not by Debian)
for something like a year, and that's a well-known false positive.
-- 
Carl Fink                                   nitpicking@nitpicking.com 

Read my blog at nitpickingblog.blogspot.com.  Reviews!  Observations!
Stupid mistakes you can correct!

Reply to:

References:
- Possible LKM Trojan installed
  - From: John <JohnRChamplin@columbus.rr.com>

Prev by Date: Re: Good fdisk Practices
Next by Date: Re: Serial port connection (null modem) not working
Previous by thread: Possible LKM Trojan installed
Next by thread: Re: Possible LKM Trojan installed
Index(es):
- Date
- Thread