Date: Tue, 20 May 2003 17:06:30 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Guy Van Sanden <n.b@myrealbox.com> Cc: freebsd-questions@freebsd.org Subject: Re: HELP - Rootkit Message-ID: <20030520170358.S22927-100000@cactus.fi.uba.ar> In-Reply-To: <1053458317.2956.191.camel@cronos.home.vsb>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 May 2003, Guy Van Sanden wrote: > I found some strange files in /stand namely -sh and [ They are perfectly normal. Don't worry about them. > This got me somewhat suspicious, so I installed chkrootkit. > > It says: > Checking `chfn'... INFECTED > Checking `chsh'... INFECTED > Checking `cron'... not infected > Checking `date'... INFECTED > Checking `ls'... INFECTED > Checking `ps'... INFECTED > Checking `lkm'... You have 9 process hidden for ps command > Warning: Possible LKM Trojan installed > > Does this mean I got hacked? Is it a 5.0 system? chkrootkit gives false positives in 5.0 Fer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030520170358.S22927-100000>