Date: Sat, 23 Dec 2006 15:57:35 -0500 From: "Matthew Herzog" <matthew.herzog@gmail.com> To: freebsd-stable@freebsd.org Subject: chkrootkit finds 94 process hidden for readdir Message-ID: <7cf39bb60612231257p1a8a62c3g43a9da939306a59e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello. I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine. I ran chkrootkit yesterday and saw this: Checking `lkm'... You have 94 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed Everything else was deemed clean by chkrootkit. When I booted into single user mode and ran chkrootkit it said there were "33 process hidden for readdir command" The sha256 checksum is slightly different for the /usr/bin/su binary on the install media compared to the /usr/bin/su on the running install. I could find nothing definitive on this subject posted online so . . . . -- Matt H.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7cf39bb60612231257p1a8a62c3g43a9da939306a59e>