On Mon, 14 Jul 2003, Herb Rubin wrote: > All, > > I just ran chkrootkit on my Raq 4, and it said this: > > Checking `lkm'... You have 1 process hidden for readdir command > You have 1 process hidden for ps command > Warning: Possible LKM Trojan installed > > Is this a real trojan on my system? (LKM means Loadable Kernel Module) > Has a hacker loaded a kernel module? How can I see this module? > > I do have portsentry running in the background, if that is important > here. False positive? > > Should I be worried and if so what can I do to remove it?
Run chkrootkit multiple times and see if the Warning repeats. Gerald -- http://frontstreetnetworks.com | http://store.raqware.com Front Street Networks LLC, 229 Front Street, Ste.#C New Haven, CT 06513-3203 | phone: +1-203-785-0699 _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
