[Sussex] Possible root kit
David Chapman
dokterdave at ntlworld.com
Fri Jan 30 11:16:12 UTC 2004
My DVD tray keeps opening unexpectedly so I ran chkrootkit.
The result does not look good.
Besides the reinstalling what is the next course of action.
This is a SUSE 9.0 system
><
hydrogen:/home/dave/chkrootkit-0.42b # ./chkrootkit lkm
ROOTDIR is `/'
Checking `lkm'... You have 8 process hidden for ps command
Warning: Possible LKM Trojan installed
hydrogen:/home/dave/chkrootkit-0.42b #
><
><
hydrogen:/home/dave/chkrootkit-0.42b # ./chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 2: not in ps output
CWD 2: /
EXE 2: /
PID 3: not in ps output
CWD 3: /
EXE 3: /
PID 5: not in ps output
CWD 5: /
EXE 5: /
PID 6: not in ps output
CWD 6: /
EXE 6: /
PID 7: not in ps output
CWD 7: /
EXE 7: /
PID 8: not in ps output
CWD 8: /
EXE 8: /
PID 9: not in ps output
CWD 9: /
EXE 9: /
PID 10: not in ps output
CWD 10: /
EXE 10: /
You have 8 process hidden for ps command
hydrogen:/home/dave/.opera/download/chkrootkit-0.42b #
><
More information about the Sussex
mailing list