Test with Chkrootkit
Scot L. Harris
webid at cfl.rr.com
Mon Jul 26 00:13:39 UTC 2004
On Sun, 2004-07-25 at 18:48, John Dangler wrote:
> cat /proc/<pid>/cmdline...
>
> I just installed chkrootkit and I got the " Warning: Possible LKM Trojan
> installed". So I ran the chkproc, and then ran 'cat /proc/<pid>/cmdline on
> the processes. Nothing looks out of place. I'm running 2.6.6 FC2. Of the
> 8 hidden processes, 3 have turned up
> "nautilus--no-default-window--sm-client-iddefault3"
>
> Not sure what these are, but everything else turned up "not infected"
> Thanks for the tip about chkrootkit. I'm also looking into clamav...
>
> Regards,
>
> John
>
> BTW, I'm using version 0.43 on a 2.6 kernel. Works fine, as far as I
> can tell.
Read the rest of this thread. There is a known problem with some
versions of chkrootkit on Fedora. It wrongly identifies a number of
processes as hidden.
The original poster reported that the latest version from the chkrootkit
site no longer has this problem.
--
Scot L. Harris
webid at cfl.rr.com
Your analyst has you mixed up with another patient. Don't believe a
thing he tells you.
More information about the fedora-list
mailing list