Bryan, Charlie, Lyvim,
> chkrootkit -x lkm
Reading, trying to understand and have come to the conclusion that I'm not
compromised. Why? I'll try to explain to the best of my meagre abilities.
I ran chkrootkit and the following showed up.
Checking `lkm'... You have 48 process hidden for readdir command
You have 48 process hidden for ps command
Warning: Possible LKM Trojan installed
I wondered about the version I was running, so I uninstalled whatever it was
(don't remember which ver) and did urpmi chkrootkit. Ran it and nothing was
detected. That ver was .42b. Unisntalled it and found the other version I
was running and installed that one. It is .43. It found the problem. When
I eventually got the command running that Bryan showed me the things that
showed up were all to do with my Bittorrent Client, Artsd and Firefox.bin.
I shut down the Bittorrent Client and all but three processes dissapeared.
They were the two tabs in Firefox and one artsd.
So, do you think I am kitted or am I, as I suspect, worrying about nothing
this time. I have learnt something this day, so your help isn't for nothing.
I appreciate it all. Thanks guys.
Regards
Trevor Rhodes
===========================================
Powered by Linux - Mandrake 10.0
Registered Linux user # 290542 at http://counter.li.org
Registered Machine #'s 186951 = Mandrake Club Silver Member
Source : my 100 % Microsoft-free personal computer.
gpg --recv-keys --keyserver hkp://pgp.mit.edu 94C29CF3
===========================================
14:12:20 up 9:11, 0 users, load average: 1.34, 1.30, 1.26
--
Never mud wrestle with a pig.. you get dirty and the pig enjoys it!
Never try to teach a pig to dance. You waste your time and annoy the pig.
Theoretically pigs can fly if propelled with enough force.
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
