Re: Unknown HZ value! (92) Assume 100.
On Thu, 24 Nov 2011 18:52:59 +0000 (UTC)
Camaleón <noelamac@gmail.com> wrote:
> On Thu, 24 Nov 2011 14:06:24 +0100, Andrea Ganduglia wrote:
>
> > On Wed, Nov 23, 2011 at 6:48 PM, Brian <ad44@cityscape.co.uk> wrote:
> >> On Wed 23 Nov 2011 at 17:36:40 +0000, Camaleón wrote:
> >>
> >>> On Wed, 23 Nov 2011 12:00:27 +0100, Andrea Ganduglia wrote:
> >>>
> >>> > I see this message when I call `top'
> >>> >
> >>> > Unknown HZ value! (92) Assume 100.
> >>> >
> >>> > What happen?
> >>>
> >>> Wow... found this on Google:
> >>
> >> Someone was bound to. :)
>
> Ancient Greeks went to Oracle at Delphi to get answers. Now we have
> Google ;-)
>
> >>> ***
> >>> So you got rooted by SHV4 / SHV5 rootkit...
> >>> http://www.huweb.hu/maques/mblog/?p=153 ***
> >>>
> >>> But I hope there is another explanation for that message.
> >>
> >> An md5sum on the files on the system and those in the procps
> >> package would surely not be out of place?
>
> > :-((((((((((((((((((((((((((((
> >
> > Original post talks abount RHEL and CentOS.
> > http://www.bigismore.com/web-server-security/unknown-hz-value-assume-100-youve-been-hacked/
> >
> > ???
>
> I'm afraid the rootkit is not distribution specific.
>
> I would run a deep scan with the mentioned tool (rkhunter) to be sure.
And back that up with ckrootkit, as the false positive with Xibit still
seems to be happening. It never hurts to use both. If you have tiger
installed, ckrootkit will already be on your system anyhow. may as well
use it.
Regards,
Weaver.
--
"In a world without walls and fences,
what need have we for Windows or Gates?"
-Anon.
Reply to: