I ran "chkrootkit -x lkm" and I got the following output: debian-dell:/home/gpierce# chkrootkit -x lkm ROOTDIR is `/' ### ### Output of: ./chkproc -v -v ### PID 15705: not in readdir output PID 15705: not in ps output CWD 15705: /home/gpierce EXE 15705: /usr/bin/nautilus PID 15710: not in readdir output PID 15710: not in ps output CWD 15710: /home/gpierce EXE 15710: /usr/lib/gnome-vfs2/gnome-vfs-daemon PID 15752: not in readdir output PID 15752: not in ps output CWD 15752: /home/gpierce EXE 15752: /usr/bin/nautilus PID 15753: not in readdir output PID 15753: not in ps output CWD 15753: /home/gpierce EXE 15753: /usr/bin/nautilus PID 15754: not in readdir output PID 15754: not in ps output CWD 15754: /home/gpierce EXE 15754: /usr/bin/nautilus PID 15755: not in readdir output PID 15755: not in ps output CWD 15755: /home/gpierce EXE 15755: /usr/bin/nautilus PID 15756: not in readdir output PID 15756: not in ps output CWD 15756: /home/gpierce EXE 15756: /usr/bin/nautilus PID 15757: not in readdir output PID 15757: not in ps output CWD 15757: /home/gpierce EXE 15757: /usr/bin/nautilus PID 15758: not in readdir output PID 15758: not in ps output CWD 15758: /home/gpierce EXE 15758: /usr/bin/nautilus PID 15759: not in readdir output PID 15759: not in ps output CWD 15759: /home/gpierce EXE 15759: /usr/bin/nautilus PID 15760: not in readdir output PID 15760: not in ps output CWD 15760: /home/gpierce EXE 15760: /usr/bin/nautilus PID 15765: not in readdir output PID 15765: not in ps output CWD 15765: /home/gpierce EXE 15765: /usr/lib/gnome-applets/gweather-applet-2 PID 15766: not in readdir output PID 15766: not in ps output CWD 15766: /home/gpierce EXE 15766: /usr/lib/gnome-applets/gweather-applet-2 PID 17076: not in readdir output PID 17076: not in ps output CWD 17076: /home/gpierce EXE 17076: /usr/lib/gnome-applets/gweather-applet-2 PID 17866: not in readdir output PID 17866: not in ps output CWD 17866: /home/gpierce EXE 17866: /usr/bin/evolution-1.4 PID 17867: not in readdir output PID 17867: not in ps output CWD 17867: /home/gpierce EXE 17867: /usr/bin/evolution-1.4 PID 17868: not in readdir output PID 17868: not in ps output CWD 17868: /home/gpierce EXE 17868: /usr/bin/evolution-1.4 PID 17869: not in readdir output PID 17869: not in ps output CWD 17869: /home/gpierce EXE 17869: /usr/bin/evolution-1.4 PID 17870: not in readdir output PID 17870: not in ps output CWD 17870: /home/gpierce EXE 17870: /usr/bin/evolution-1.4 PID 17922: not in readdir output PID 17922: not in ps output CWD 17922: /home/gpierce EXE 17922: /usr/lib/mozilla-firefox/firefox-bin PID 17924: not in readdir output PID 17924: not in ps output CWD 17924: /home/gpierce EXE 17924: /usr/lib/mozilla-firefox/firefox-bin PID 17927: not in readdir output PID 17927: not in ps output CWD 17927: /home/gpierce EXE 17927: /usr/lib/mozilla-firefox/firefox-bin PID 17928: not in readdir output PID 17928: not in ps output CWD 17928: /home/gpierce EXE 17928: /usr/lib/mozilla-firefox/firefox-bin PID 17933: not in readdir output PID 17933: not in ps output CWD 17933: /home/gpierce EXE 17933: /usr/bin/gnome-terminal PID 17936: not in readdir output PID 17936: not in ps output CWD 17936: /home/gpierce EXE 17936: /usr/lib/mozilla-firefox/firefox-bin You have 25 process hidden for readdir command You have 25 process hidden for ps command
It all looks benign to me but why would so processes be running and hidden to ps? Greg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
