Today after relying on nothing but the Gufw firewall I installed chkrootkit. I've just run it for the first time and all the results are innocent enough except this:
Checking `lkm'... You have 4 process hidden for readdir command
You have 4 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Is it nothing to be concerned about i.e. would a freshly installed Mint 6 give the same result? I know these things can be a bit sensitive, so to speak, and I had become quite relaxed with the idea of Linux's security strengths.
I have no idea what we are meant to do after running this program though, and chkrootkit is a Terminal-operated program which leaves me in the dark a bit.
Thanks in advance.
Using chkrootkit - slight security/Trojan anxiety
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
alun_sundry
Using chkrootkit - slight security/Trojan anxiety
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
Husse
Re: Using chkrootkit - slight security/Trojan anxiety
Maybe some worries
I just installed and checked and I have nothing - nada - zilch
It can be perfectly legit things
You have to find out what it is
man chkrootkit
tells you that -e excludes known false positives
Begin by running it with the -e option
There may be a log
I just installed and checked and I have nothing - nada - zilch
It can be perfectly legit things
You have to find out what it is
man chkrootkit
tells you that -e excludes known false positives
Begin by running it with the -e option
There may be a log
-
alun_sundry
Re: Using chkrootkit - slight security/Trojan anxiety
For the record, if anyone looks here regarding rootkits, tonight I reinstalled Mint 6, then immediately installed and ran chkrootkit, with the same results of 5 unknown processes in the LKM section. So they are certainly false positives, and I won't be worrying about malware again until Linux is so popular that the worry's warranted. I hope my enquiries caused no one bother.
-
alun_sundry
Re: Using chkrootkit - slight security/Trojan anxiety
When I tried that I got an error message:
shift: 2618: can't shift that many
I looked at sites dealing with instructions for chkrootkit to no avail. In case I got the form of the command wrong, what exactly would I type into the terminal instead of sudo chkrootkit?
Thanks.
p.s. It would be a godsend if Linux Mint 7 takes note of the problematic nature of the new intel driver in Ubuntu 9.04 - I don't think I'll have 9.04 on long.
shift: 2618: can't shift that many
I looked at sites dealing with instructions for chkrootkit to no avail. In case I got the form of the command wrong, what exactly would I type into the terminal instead of sudo chkrootkit?
Thanks.
p.s. It would be a godsend if Linux Mint 7 takes note of the problematic nature of the new intel driver in Ubuntu 9.04 - I don't think I'll have 9.04 on long.
-
Husse
Re: Using chkrootkit - slight security/Trojan anxiety
We are discussing what to do about it. It can't be solved but at least made less bad ....if Linux Mint 7 takes note of the problematic nature of the new intel driver in Ubuntu 9.04
Re: Using chkrootkit - slight security/Trojan anxiety
Get yourself a decent virus removal/detection program for windows such as Avast! Antivirus (which is free for personal use)paolari wrote:How do I safely remove a trojan horse manually? I did a virus scan on yahoo's free pc scanners and it saids that my c:\WINDOWS\browser.exe is infected with Trojan Horse but it doesn't say what kind of trojan horse since there are thousands listed on the net. All I want to know is how do I safely remove it myself since I don't know what kind of trojan horse it has.