Date: Fri, 11 Apr 2003 07:37:31 +0000 From: "no name" <securifymybox@hotmail.com> To: rofug@rofug.ro Cc: freebsd-questions@freebsd.org Subject: LKM problem Message-ID: <F81bZNK0xGl8WibIP4s0000eaad@hotmail.com>
next in thread | raw e-mail | index | archive | help
chkrootkit output follows (stripped out useless stuff): Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ps'... INFECTED Checking `lkm'... You have 2 process hidden for readdir command You have 13 process hidden for ps command Warning: Possible LKM Trojan installed Can anyone please advise ? i wouldn't want to reinstall the system from scratch (with all it's requirements that would take about 3-4 days) i tried cvsup src-all and make world but the infected binaries remained i even tried compiling by hand in /usr/src/bin/ls but the resulted binaries would still appear infected. Assuming there was something wrong with chkrootkit i tried checking a ls binary compiled on a similar system and it found it clean. I couldn't use the 'ps' binary from the remote system root@box ~/bin# ./ps ps: proc size mismatch (36936 total, 1060 chunks) root@box ~/bin# If anyone can help i would like to find that rootkit and study it Thanx in advance _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F81bZNK0xGl8WibIP4s0000eaad>