|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Possible LKM Trojan installed
Date: Fri Aug 24 2007 - 11:24:35 EDT
Today's run of chkrootkit produced the following ominous message:
/etc/cron.daily/chkrootkit:
Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <feedback@lists.sf.net> or <albert@users.sf.net>
Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <feedback@lists.sf.net> or <albert@users.sf.net>
Signal 11 (SEGV) caught by ps (procps version 3.2.7).
Please send bug reports to <feedback@lists.sf.net> or <albert@users.sf.net>
The following suspicious files and directories were found:
/usr/lib/jvm/java-6-sun-1.6.0.02/.systemPrefs
/usr/lib/jvm/.java-6-sun.jinfo
/usr/lib/xulrunner/.autoreg
/usr/lib/iceweasel/.autoreg
/lib/init/rw/.ramfs
Signal 11 (SEGV) caught by ps (procps version 3.2.7). Please send bug reports to <feedback@lists.sf.net> or <albert@users.sf.net> You have 10 process hidden for readdir command You have 121 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed eth0: PACKET SNIFFER(/sbin/dhclient3[5654]) <snip>
Am I right in thinking the only thing to do is wipe the machine down to bare metal and reinstall? I'm not sufficiently knowledgeable to do much forensic checking.
Thanks for any pointers.
-- JohnRChamplin@columbus.rr.com ==================================================== GPG key 1024D/99421A63 2005-01-05 EE51 79E9 F244 D734 A012 1CEC 7813 9FE9 9942 1A63 gpg --keyserver subkeys.pgp.net --recv-keys 99421A63
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: Digital signature
This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 02:49:27 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |