chkrootkit and vncserver

Steven Stern subscribed-lists at
Sun May 23 14:59:04 UTC 2004

This morning's normal system checks triggered alarms.  Chkrootkit reported a
possible LKM trojan.

Checking `lkm'... You have     5 process hidden for readdir command
You have     5 process hidden for ps command
Warning: Possible LKM Trojan installed

I've tracked this down to vncserver.  I have one X session assigned to VNC.  

If I do /sbin/service vncserver stop, then chkrootkit reports no LKM problem.
When I restart the server, the LKM message reappears.

Can anyone else verify this on their system?


More information about the fedora-list mailing list