Test with Chkrootkit

Scot L. Harris webid at cfl.rr.com
Mon Jul 26 00:13:39 UTC 2004


On Sun, 2004-07-25 at 18:48, John Dangler wrote:

> cat /proc/<pid>/cmdline...
> 
> I just installed chkrootkit and I got the " Warning: Possible LKM Trojan
> installed".  So I ran the chkproc, and then ran 'cat /proc/<pid>/cmdline on
> the processes.  Nothing looks out of place.  I'm running 2.6.6 FC2.  Of the
> 8 hidden processes, 3 have turned up
> "nautilus--no-default-window--sm-client-iddefault3"
> 
> Not sure what these are, but everything else turned up "not infected"
> Thanks for the tip about chkrootkit.  I'm also looking into clamav...
> 
> Regards,
> 
> John 
> 
> BTW, I'm using version 0.43 on a 2.6 kernel.  Works fine, as far as I  
> can tell.

Read the rest of this thread.  There is a known problem with some
versions of chkrootkit on Fedora.  It wrongly identifies a number of
processes as hidden.

The original poster reported that the latest version from the chkrootkit
site no longer has this problem.  
-- 
Scot L. Harris
webid at cfl.rr.com

Your analyst has you mixed up with another patient.  Don't believe a
thing he tells you. 





More information about the fedora-list mailing list