Using chkrootkit - slight security/Trojan anxiety

Questions about applications and software
Forum rules
Before you post please read this

Using chkrootkit - slight security/Trojan anxiety

Postby alun_sundry on Mon Apr 20, 2009 3:11 pm

Today after relying on nothing but the Gufw firewall I installed chkrootkit. I've just run it for the first time and all the results are innocent enough except this:

Checking `lkm'... You have 4 process hidden for readdir command
You have 4 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

Is it nothing to be concerned about i.e. would a freshly installed Mint 6 give the same result? I know these things can be a bit sensitive, so to speak, and I had become quite relaxed with the idea of Linux's security strengths.

I have no idea what we are meant to do after running this program though, and chkrootkit is a Terminal-operated program which leaves me in the dark a bit.

Thanks in advance.
alun_sundry
Level 3
Level 3
 
Posts: 185
Joined: Fri Dec 26, 2008 11:51 am
Location: Kent, England

Linux Mint is funded by ads and donations.
 

Re: Using chkrootkit - slight security/Trojan anxiety

Postby Husse on Tue Apr 21, 2009 7:58 am

Maybe some worries
I just installed and checked and I have nothing - nada - zilch :)
It can be perfectly legit things
You have to find out what it is
man chkrootkit
tells you that -e excludes known false positives
Begin by running it with the -e option
There may be a log
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Using chkrootkit - slight security/Trojan anxiety

Postby alun_sundry on Fri Apr 24, 2009 4:54 pm

For the record, if anyone looks here regarding rootkits, tonight I reinstalled Mint 6, then immediately installed and ran chkrootkit, with the same results of 5 unknown processes in the LKM section. So they are certainly false positives, and I won't be worrying about malware again until Linux is so popular that the worry's warranted. I hope my enquiries caused no one bother.
alun_sundry
Level 3
Level 3
 
Posts: 185
Joined: Fri Dec 26, 2008 11:51 am
Location: Kent, England

Re: Using chkrootkit - slight security/Trojan anxiety

Postby Husse on Sat Apr 25, 2009 5:30 am

And with the -e option?
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Using chkrootkit - slight security/Trojan anxiety

Postby alun_sundry on Sat Apr 25, 2009 7:55 am

When I tried that I got an error message:

shift: 2618: can't shift that many

I looked at sites dealing with instructions for chkrootkit to no avail. In case I got the form of the command wrong, what exactly would I type into the terminal instead of sudo chkrootkit?

Thanks.
p.s. It would be a godsend if Linux Mint 7 takes note of the problematic nature of the new intel driver in Ubuntu 9.04 - I don't think I'll have 9.04 on long.
alun_sundry
Level 3
Level 3
 
Posts: 185
Joined: Fri Dec 26, 2008 11:51 am
Location: Kent, England

Re: Using chkrootkit - slight security/Trojan anxiety

Postby Husse on Sat Apr 25, 2009 3:56 pm

if Linux Mint 7 takes note of the problematic nature of the new intel driver in Ubuntu 9.04

We are discussing what to do about it. It can't be solved but at least made less bad ....
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Using chkrootkit - slight security/Trojan anxiety

Postby paolari on Fri Jun 05, 2009 3:33 am

How do I safely remove a trojan horse manually? I did a virus scan on yahoo's free pc scanners and it saids that my c:\WINDOWS\browser.exe is infected with Trojan Horse but it doesn't say what kind of trojan horse since there are thousands listed on the net. All I want to know is how do I safely remove it myself since I don't know what kind of trojan horse it has.
____________________
keyword research ~ keyword tool ~ keyword tracking ~ affiliate elite
Last edited by paolari on Sat Jun 06, 2009 3:17 am, edited 1 time in total.
paolari
Level 1
Level 1
 
Posts: 1
Joined: Sun May 31, 2009 7:38 am

Re: Using chkrootkit - slight security/Trojan anxiety

Postby Carl on Fri Jun 05, 2009 3:51 am

paolari wrote:How do I safely remove a trojan horse manually? I did a virus scan on yahoo's free pc scanners and it saids that my c:\WINDOWS\browser.exe is infected with Trojan Horse but it doesn't say what kind of trojan horse since there are thousands listed on the net. All I want to know is how do I safely remove it myself since I don't know what kind of trojan horse it has.


Get yourself a decent virus removal/detection program for windows such as Avast! Antivirus (which is free for personal use)
[AMD Sempron 145 2.8GHz + Unlocked 2nd Core|ATI Radeon™ HD3000 Graphics|4GB DDR3|Biostar A780L3L]
Image
User avatar
Carl
Level 5
Level 5
 
Posts: 667
Joined: Wed Apr 15, 2009 5:20 pm
Location: West Sussex, UK

Linux Mint is funded by ads and donations.
 

Return to Software & Applications

Who is online

Users browsing this forum: alpha_delta, La_Cienfuegos and 15 guests