Help!

Chkrootkit : "You have 99741 process hidden for readdir co..

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Security RSS
Next:  [PATCH 2/2]: perf: Allocate mmap buffer using vma..  
Author Message
Bison Agile
External


Since: Sep 08, 2009
Posts: 2
PostPosted: Tue Sep 08, 2009 10:10 am    Post subject: Chkrootkit : "You have 99741 process hidden for readdir command chkproc"
Archived from groups: comp>os>linux>security (more info?)
Santa Madonna !

99741, no less... And a "possibly" LKM trojan installed on my
unfortunate machine.

I'm begining to undestand why my CPU temp is approaching 120 °C !


Checkint 'chkutmp'... The tty of the following user process(es) were not
found in /var/run/utmp ! And it shows a list of 5 users plus myself...


Is it serious doctor ?
Back to top
David W. Hodgins
External


Since: Dec 04, 2005
Posts: 277
PostPosted: Tue Sep 08, 2009 11:39 am    Post subject: Re: Chkrootkit : "You have 99741 process hidden for readdir command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Tue, 08 Sep 2009 09:44:53 -0400, Bison Agile <bison DeleteThis @seskatchewan.org> wrote:

> 99741, no less... And a "possibly" LKM trojan installed on my
> unfortunate machine.
> I'm begining to undestand why my CPU temp is approaching 120 °C !
> Is it serious doctor ?

Nope. False alarm. The check for the LKM trojan simply checks to
see if you have a process running with the process id 12345,
if I remember correctly. Been a while since I've had it installed
and looked at the problem.

See http://osdir.com/ml/linux.mandrake.security.general/2008-06/msg00001.html
for the hidden processes (actually, threads).

As to the temp, try cleaning out the cpu heatsink, and ensure the fans
are working.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Back to top
Bison Agile
External


Since: Sep 08, 2009
Posts: 2
PostPosted: Tue Sep 08, 2009 1:10 pm    Post subject: Re: Chkrootkit : "You have 99741 process hidden for readdir command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
David W. Hodgins wrote:
> On Tue, 08 Sep 2009 09:44:53 -0400, Bison Agile <bison.DeleteThis@seskatchewan.org>
> wrote:
>
>> 99741, no less... And a "possibly" LKM trojan installed on my
>> unfortunate machine.
>> I'm begining to undestand why my CPU temp is approaching 120 °C !
>> Is it serious doctor ?
>
> Nope. False alarm. The check for the LKM trojan simply checks to
> see if you have a process running with the process id 12345,
> if I remember correctly. Been a while since I've had it installed
> and looked at the problem.
>
> See
> http://osdir.com/ml/linux.mandrake.security.general/2008-06/msg00001.html
> for the hidden processes (actually, threads).
>
> As to the temp, try cleaning out the cpu heatsink, and ensure the fans
> are working.
>
> Regards, Dave Hodgins
>

Thank you, David. I feel better !

Bison
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Security All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum