Hello, This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning: > Checking `lkm'... You have 4 process hidden for ps command > Warning: Possible LKM Trojan installed I did some reading and made sure the number is not changing (due to running 'chkrootkit' while new processes are started and /proc and 'ps' are not syncronized) - it remains 4. I then went ahead and manually checked the output of 'ls -a /proc' against that of 'ps -A' and found out, that there are 4 processes in /proc (3-6) which don't show up as PIDs in the 'ps -A' output. There are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated) in existence that show a PID of 0. Am I right to assume that this is not the lkm kit, but rather some weiredness in PID assignment? The same PID thing is happening on my testing/unstable laptop - compromised as well or something else amiss in the distro, maybe related to the server break ins? Any comment is highly appreciated. Joh
