Hi After updating my SuSE 9.1 workstation the other day and downloading chkrootkit-0.40 and compiling it I ran a scan with this useful utility program and found... Searching for Romanian rootkit ... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... You have 12 process hidden for readdir command You have 12 process hidden for ps command
Warning: Possible LKM Trojan installed <<< Checking `rexedcs'... not found Checking `sniffer'... eth0 is not promisc Checking `wted'... nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected
Anything I can do to investigate this further ? My workstation is plugged into my domestic network which in turn connects to the net through an ISDN router/BSD firewall. The SuSEFireall is running on my workstation as an added precaution although it's probably not doing much for me in the way of protection. I'm supposing that this has arrived with some e-mail. Although, Amavis is installed and running. Regards Richard www.sheflug.co.uk