[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Chkrootkit Scan


After updating my SuSE 9.1 workstation the other day and downloading 
chkrootkit-0.40 and compiling it I ran a scan with this useful utility 
program and found...

Searching for Romanian rootkit ... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... You have    12 process hidden for readdir command
You have    12 process hidden for ps command
>>> Warning: Possible LKM Trojan installed <<<
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is not promisc
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected

Anything I can do to investigate this further ?  My workstation is 
plugged into my domestic network which in turn connects to the net 
through an ISDN router/BSD firewall.  The SuSEFireall is running on my 
workstation as an added precaution although it's probably not doing much 
for me in the way of protection.

I'm supposing that this has arrived with some e-mail.  Although, Amavis 
is installed and running.




Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here