Re: LKM Trojan installed

Answering some sugestions made for some in the list:

1. I am not running multi-threaded process (process threads).
   --
   
2. While I was running chkrootkit-0.39a: Checking `ps'... not infected ... Checking `lkm'... You have 54 process hidden for ps command Warning: Possible LKM Trojan installed
   --
   
3. Seeing process: [root@localhost chkrootkit-0.39a]# ps ax PID TTY STAT TIME COMMAND 1 ? S 0:04 init [3] 2 ? SW 0:00 [keventd] ... 4881 pts/0 S 0:00 bash 4917 pts/0 S 0:00 vim rootkit 4918 pts/1 R 0:00 ps ax Total: 52 At /proc : 52 process, too
   --
   
4. There are no new open ports listening.
   --
   
5. And, is this *normal* ? [root@localhost /]# lsattr -d /proc/ lsattr: Inappropriate ioctl for device While reading flags on /proc/
   --
   
6. Modules are being loaded are usual, nothing that I don't want.
   --
   
7. Unfortunately, I don't have access, yet, to a CD like Knoppix. :(
   --
   
8. I probably gonna try the way: boot up the system with a 'clear' kernel (no modules).

Thanks in advance, again...

Rivanor. Received on Tue Feb 18 16:31:36 2003