On Mon, Jan 26, 2004 at 02:36:39PM -0500, Greg Folkert wrote:
> > > When I run tiger, I got a follow error:
> > >
> > > NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> > > installation
> > > NEW: Warning: Possible LKM Trojan
On Mon, Jan 26, 2004 at 02:36:39PM -0500, Greg Folkert wrote:
> > > When I run tiger, I got a follow error:
> > >
> > > NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> > > installation
> > > NEW: Warning: Possible LKM Trojan
Le mar 27/01/2004 à 13:34, Lupe Christoph a écrit :
> On Tuesday, 2004-01-27 at 12:19:41 +0100, Yannick Roehlly wrote:
>
> > The false LKM positives seem to result from a bug in chkrootkit which is
> > not aware of the new threading model of 2.6 kernel.
>
> > See bu
On Tuesday, 2004-01-27 at 12:19:41 +0100, Yannick Roehlly wrote:
> The false LKM positives seem to result from a bug in chkrootkit which is
> not aware of the new threading model of 2.6 kernel.
> See bug #222179.
Not exactly true. This is also in recent 2.4.x kernels. See my other
On Monday, 2004-01-26 at 21:38:54 +0100, Yannick Roehlly wrote:
> Thiago Ribeiro <[EMAIL PROTECTED]> writes:
> > Hi, When I run tiger, I got a follow error: NEW: --WARN--
> > [rootkit004f] Chkrootkit has detected a possible rootkit installation
> > NEW: Warning: Possib
thanks..
Em Ter, 2004-01-27 às 09:19, Yannick Roehlly escreveu:
> Hi!
>
> The false LKM positives seem to result from a bug in chkrootkit which is
> not aware of the new threading model of 2.6 kernel.
>
> See bug #222179.
>
> Yannick
>
--
To UNSUBSCRIBE, email
Hi!
The false LKM positives seem to result from a bug in chkrootkit which is
not aware of the new threading model of 2.6 kernel.
See bug #222179.
Yannick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Le mar 27/01/2004 à 13:34, Lupe Christoph a écrit :
> On Tuesday, 2004-01-27 at 12:19:41 +0100, Yannick Roehlly wrote:
>
> > The false LKM positives seem to result from a bug in chkrootkit which is
> > not aware of the new threading model of 2.6 kernel.
>
> > See bu
thanks..
Em Ter, 2004-01-27 às 09:19, Yannick Roehlly escreveu:
> Hi!
>
> The false LKM positives seem to result from a bug in chkrootkit which is
> not aware of the new threading model of 2.6 kernel.
>
> See bug #222179.
>
> Yannick
>
On Tuesday, 2004-01-27 at 12:19:41 +0100, Yannick Roehlly wrote:
> The false LKM positives seem to result from a bug in chkrootkit which is
> not aware of the new threading model of 2.6 kernel.
> See bug #222179.
Not exactly true. This is also in recent 2.4.x kernels. See my other
On Monday, 2004-01-26 at 21:38:54 +0100, Yannick Roehlly wrote:
> Thiago Ribeiro <[EMAIL PROTECTED]> writes:
> > Hi, When I run tiger, I got a follow error: NEW: --WARN--
> > [rootkit004f] Chkrootkit has detected a possible rootkit installation
> > NEW: Warning: Possib
Hi!
The false LKM positives seem to result from a bug in chkrootkit which is
not aware of the new threading model of 2.6 kernel.
See bug #222179.
Yannick
8, Yannick Roehlly escreveu:
> Thiago Ribeiro <[EMAIL PROTECTED]> writes:
>
> > Hi, When I run tiger, I got a follow error: NEW: --WARN--
> > [rootkit004f] Chkrootkit has detected a possible rootkit installation
> > NEW: Warning: Possible LKM Trojan installed But I alredy l
8, Yannick Roehlly escreveu:
> Thiago Ribeiro <[EMAIL PROTECTED]> writes:
>
> > Hi, When I run tiger, I got a follow error: NEW: --WARN--
> > [rootkit004f] Chkrootkit has detected a possible rootkit installation
> > NEW: Warning: Possible LKM Trojan installed But I alredy l
Thiago Ribeiro <[EMAIL PROTECTED]> writes:
> Hi, When I run tiger, I got a follow error: NEW: --WARN--
> [rootkit004f] Chkrootkit has detected a possible rootkit installation
> NEW: Warning: Possible LKM Trojan installed But I alredy list my
> proccess and did find nothing...
Thiago Ribeiro <[EMAIL PROTECTED]> writes:
> Hi, When I run tiger, I got a follow error: NEW: --WARN--
> [rootkit004f] Chkrootkit has detected a possible rootkit installation
> NEW: Warning: Possible LKM Trojan installed But I alredy list my
> proccess and did find nothing...
Incoming from Matthijs:
> On Mon, 2004-01-26 at 11:40, Thiago Ribeiro wrote:
> >
> > When I run tiger, I got a follow error:
> >
> > NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> > installation
> > NEW: Warning: Possible LKM Troj
On Mon, 2004-01-26 at 10:06, Matthijs wrote:
> On Mon, 2004-01-26 at 11:40, Thiago Ribeiro wrote:
> > Hi,
> >
> > When I run tiger, I got a follow error:
> >
> > NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> > installatio
On Mon, 2004-01-26 at 11:40, Thiago Ribeiro wrote:
> Hi,
>
> When I run tiger, I got a follow error:
>
> NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> installation
> NEW: Warning: Possible LKM Trojan installed
>
> But I alredy list my pr
Incoming from Matthijs:
> On Mon, 2004-01-26 at 11:40, Thiago Ribeiro wrote:
> >
> > When I run tiger, I got a follow error:
> >
> > NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> > installation
> > NEW: Warning: Possible LKM Troj
On Mon, 2004-01-26 at 10:06, Matthijs wrote:
> On Mon, 2004-01-26 at 11:40, Thiago Ribeiro wrote:
> > Hi,
> >
> > When I run tiger, I got a follow error:
> >
> > NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> > installatio
On Mon, 2004-01-26 at 11:40, Thiago Ribeiro wrote:
> Hi,
>
> When I run tiger, I got a follow error:
>
> NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit
> installation
> NEW: Warning: Possible LKM Trojan installed
>
> But I alredy list my pr
Hi,
When I run tiger, I got a follow error:
NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit installation
NEW: Warning: Possible LKM Trojan installed
But I alredy list my proccess and did find nothing...
What's can be this?
Hi,
When I run tiger, I got a follow error:
NEW: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit installation
NEW: Warning: Possible LKM Trojan installed
But I alredy list my proccess and did find nothing...
What's can be this?
This one time, at band camp, Michael Parkinson said:
>
> Umm, I have the same problem.
>
> If I kill Exim and Spamassassin no hidden processes reported.
>
> Under normal load sometimes get 1-7 hidden processes. Was is a state of
> panic but it does appear that Exim and Spamassassin combined do
This one time, at band camp, Michael Parkinson said:
>
> Umm, I have the same problem.
>
> If I kill Exim and Spamassassin no hidden processes reported.
>
> Under normal load sometimes get 1-7 hidden processes. Was is a state of
> panic but it does appear that Exim and Spamassassin combined do
I'm not quite sure if i'm right .. but isn't there a kernel bug
displaying some processes with PID 0 in ps or top.
maybe lkm is using this..
just a thought
greets Werner
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > War
I'm not quite sure if i'm right .. but isn't there a kernel bug
displaying some processes with PID 0 in ps or top.
maybe lkm is using this..
just a thought
greets Werner
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > War
In article <[EMAIL PROTECTED]> you wrote:
> Am I right to assume that this is not the lkm kit, but rather some
> weiredness in PID assignment?
it is a ps/kernel bug, try top.
Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/
Am Di, den 25.11.2003 schrieb Johannes Graumann um 21:18:
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
The same here (debian_sid):
In article <[EMAIL PROTECTED]> you wrote:
> Am I right to assume that this is not the lkm kit, but rather some
> weiredness in PID assignment?
it is a ps/kernel bug, try top.
Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/
--
To
Am Di, den 25.11.2003 schrieb Johannes Graumann um 21:18:
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
The same here (debian_sid):
/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
> I have the same pro
/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
> I have the same pro
Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
>
Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
>
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weir
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weir
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across thi
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across thi
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possibl
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possibl
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
--
To
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahea
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
>
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahea
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
>
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not cha
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not cha
On Mon, 2003-05-26 at 23:27, IC0N wrote:
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Sometimes I get 2 or 3 processes, sometimes NONE
>
If a process is cre
On Mon, 2003-05-26 at 23:27, IC0N wrote:
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Sometimes I get 2 or 3 processes, sometimes NONE
>
If a process is cre
<[EMAIL PROTECTED]> and Jens Schuessler
> <[EMAIL PROTECTED]> posted in their mails at 7th of March 2003 i have
> exactly the same alert message using chkrootkit:
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps com
Bonjour
as Jacques Lavignotte <[EMAIL PROTECTED]> and Jens Schuessler
<[EMAIL PROTECTED]> posted in their mails at 7th of March 2003 i have
exactly the same alert message using chkrootkit:
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidd
* Jacques Lav!gnotte <[EMAIL PROTECTED]> [07-03-03 14:05]:
>
> Bonjour...
>
> When running from a shell logged on the machine I get :
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> War
* Jacques Lav!gnotte <[EMAIL PROTECTED]> [07-03-03 14:05]:
>
> Bonjour...
>
> When running from a shell logged on the machine I get :
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> War
Bonjour...
When running from a shell logged on the machine I get :
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Sometimes I get 2 or 3 processes, sometimes NONE.
Are there kn
Bonjour...
When running from a shell logged on the machine I get :
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Sometimes I get 2 or 3 processes, sometimes NONE.
Are there kn
58 matches
Mail list logo
