On February 8, 2003 12:27 am, Cal Peake wrote: > > While running 'chkrootkit' at my box (RH 7.3) I saw the following: > > > > Checking `lkm'... You have 69 process hidden for ps command > > Warning: Possible LKM Trojan installed > > > > Could this be *true* ? How can I discover it? > > Rivanor, > > I know that RH patches their ps command to hide threads. If you're running > a multi-threaded process (such as coldfusion) it very well could be why > you're getting this warning.
_process_ threads -- [EMAIL PROTECTED] pgp: http://dragos.com/ kyxpgp http://cansecwest.com
