Date: Tue, 20 Nov 2007 09:41:52 -0500 From: JP <johnpollock@bellsouth.net> To: freebsd-security@freebsd.org Subject: chkrootkit V. 0.47 Message-ID: <200711200941.52719.johnpollock@bellsouth.net>
index | next in thread | raw e-mail
Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed Checking `rexedcs'... not found Checking `sniffer'... vr0 is not promisc Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted ==================</SNIPPIT>================ Looking above, the above shows a few anomalies like the bindshell ... INFECTED (PORTS: 6667) --and-- Checking `lkm'... You have 131 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed I do run an IRCd, and also YABB Message board along with APACHE web server - would the above then be normal output, and what about the lkm? Many thanks to those with more experience in this area. JPhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711200941.52719.johnpollock>