'[crt-users] Suspected false positive from LKM check'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       chkrootkit-users
Subject:    [crt-users] Suspected false positive from LKM check
From:       "John Green" <greenjh () hotmail ! com>
Date:       2003-02-14 9:56:44
[Download RAW message or body]


I may also be getting false positives from the LKM Trojan test.
It started when I switched to version 0.39a.

I was running Mandrake 7.2.  I tried to install KSTAT but it would not
compile.  I panicked, scrapped my system and installed Mandrake 8.2.
The clean installation had never been connected to the internet, but the
check reported many more hidden processes, like this:

   Checking `lkm'... You have    59 process hidden for ps command
   Warning: Possible LKM Trojan installed.

From memory, if I do a safe-mode restart without X, I get about half
the number of hidden processes.

((Six months ago I got a true positive from the bindshell test, so I am
not annoyed.))

Many thanks,

John Green

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic