Date: Thu, 15 Apr 2004 11:04:07 +0200 (CEST) From: Piotr Gnyp <toread@discordia.pl> To: questions@freebsd.org Subject: false positive, or server hacked? Message-ID: <Pine.BSF.4.58.0404151050050.91300@discordia.pl>
next in thread | raw e-mail | index | archive | help
Hi, I`m running FreeBSD 5.2.1-p4, I`ve just installed new version of chkrootkit 0.43 from freshports, and report follows: Checking `date'... INFECTED Checking `lkm'... You have 115 process hidden for readdir command You have 23 process hidden for ps command Warning: Possible LKM Trojan installed ll of /bin/date -r-xr-xr-x 1 root wheel 14776 30 Mar 13:20 /bin/date Please advice.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.58.0404151050050.91300>