LKM problem
no name
securifymybox at hotmail.com
Fri Apr 11 00:37:33 PDT 2003
chkrootkit output follows (stripped out useless stuff):
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ps'... INFECTED
Checking `lkm'... You have 2 process hidden for readdir command
You have 13 process hidden for ps command
Warning: Possible LKM Trojan installed
Can anyone please advise ? i wouldn't want to reinstall the system from
scratch (with all it's requirements that would take about 3-4 days)
i tried cvsup src-all and make world but the infected binaries remained
i even tried compiling by hand in /usr/src/bin/ls but the resulted binaries
would still appear infected. Assuming there was something wrong with
chkrootkit i tried checking a ls binary compiled on a similar system and it
found it clean. I couldn't use the 'ps' binary from the remote system
root at box ~/bin# ./ps
ps: proc size mismatch (36936 total, 1060 chunks)
root at box ~/bin#
If anyone can help i would like to find that rootkit and study it
Thanx in advance
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
More information about the freebsd-questions
mailing list