The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible trojan

Discussion in 'General Discussion' started by Alexandre Duran, Jan 12, 2005.

  1. Alexandre Duran

    Alexandre Duran Well-Known Member

    Joined:
    May 6, 2003
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Rio de Janeiro - BRAZIL
    Hi, is this a false possitive ?

    Checking `lkm'... You have 1 process hidden for readdir command
    You have 1 process hidden for ps command
    Warning: Possible LKM Trojan installed
     
  2. rebelo

    rebelo Active Member

    Joined:
    Jun 30, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    the dark side of the moon
    We have this once in a while.
    Our sys admin told us not to worry because used kernel was not exploited by lkm worms.
    Run chkrootkit a couple more times and see the info received.
     
  3. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Try using rkhunter as it is more often updated by the developer and also has fewer if any false positives. http://www.rootkit.nl/
     
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    use both of them...

    sometimes the timing is off and it catches something that looks suspicious... but it doesn't happen too frequently, so running it again should show it clear, if you're not rooted.
     
Loading...

Share This Page