On Tue, 2004-08-03 at 15:14, Charlie Mahan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On August 3, 2004 12:59:12, Trevor Rhodes wrote: > > Hello Oh Great Guru Types, > > > > What the hell should I be doing now? > > > > Checking `lkm'... You have 48 process hidden for readdir command > > You have 48 process hidden for ps command > > Warning: Possible LKM Trojan installed > > > > Regards > > Trevor Rhodes > > I'd probably start by reading this thread: > > http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2003-02/0034.html > > It's specific to that Trojan. > > To answer the next obvious question from the lurkers (this is the only freebie > you get! <grin>) "What's a rootkit" read this: > > http://www.linuxsecurity.com/docs/Hack-FAQ/unix/rootkit.shtml > > I was rooted a couple weeks back, but since I was preparing to do a fresh > install (the day it was first logged) it wasn't a big deal. I just formatted > the drive and started over. The best part was the duplicate drive (USB) was > clean so I didn't lose anything.
If I was relatively a newbie and I had an alert from chkrootkit like that I would waste no time backing up and reinstalling. > > Good luck, you may need it. > > Charlie How did they manage to break into your box? I've never had that happen so I'm very curious as to what avenue they pursued. LX
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________