chkproc: Warning: Possible LKM Trojan installed - Ubuntu

This is a discussion on chkproc: Warning: Possible LKM Trojan installed - Ubuntu ; chkrootkit says I have a possible lkm trojan. What is this. How do I verify it and how do I get rid of it? Here is my output. oldcomputer@ubuntu:~$ sudo chkroot Password: sudo: chkroot: command not found oldcomputer@ubuntu:~$ sudo chkrootkit ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: chkproc: Warning: Possible LKM Trojan installed

  1. chkproc: Warning: Possible LKM Trojan installed

    chkrootkit says I have a possible lkm trojan. What is this. How do I
    verify it and how do I get rid of it?

    Here is my output.

    oldcomputer@ubuntu:~$ sudo chkroot
    Password:
    sudo: chkroot: command not found
    oldcomputer@ubuntu:~$ sudo chkrootkit
    ROOTDIR is `/'
    Checking `amd'... not found
    Checking `basename'... not infected
    Checking `biff'... not found
    Checking `chfn'... not infected
    Checking `chsh'... not infected
    Checking `cron'... not infected
    Checking `date'... not infected
    Checking `du'... not infected
    Checking `dirname'... not infected
    Checking `echo'... not infected
    Checking `egrep'... not infected
    Checking `env'... not infected
    Checking `find'... not infected
    Checking `fingerd'... not found
    Checking `gpm'... not found
    Checking `grep'... not infected
    Checking `hdparm'... not infected
    Checking `su'... not infected
    Checking `ifconfig'... not infected
    Checking `inetd'... not infected
    Checking `inetdconf'... not infected
    Checking `identd'... not found
    Checking `init'... not infected
    Checking `killall'... not infected
    Checking `ldsopreload'... not infected
    Checking `login'... not infected
    Checking `ls'... not infected
    Checking `lsof'... not infected
    Checking `mail'... not found
    Checking `mingetty'... not found
    Checking `netstat'... not infected
    Checking `named'... not found
    Checking `passwd'... not infected
    Checking `pidof'... not infected
    Checking `pop2'... not found
    Checking `pop3'... not found
    Checking `ps'... not infected
    Checking `pstree'... not infected
    Checking `rpcinfo'... not infected
    Checking `rlogind'... not found
    Checking `rshd'... not found
    Checking `slogin'... not infected
    Checking `sendmail'... not found
    Checking `sshd'... not found
    Checking `syslogd'... not infected
    Checking `tar'... not infected
    Checking `tcpd'... not infected
    Checking `tcpdump'... not infected
    Checking `top'... not infected
    Checking `telnetd'... not found
    Checking `timed'... not found
    Checking `traceroute'... not found
    Checking `vdir'... not infected
    Checking `w'... not infected
    Checking `write'... not infected
    Checking `aliens'... no suspect files
    Searching for sniffer's logs, it may take a while... nothing found
    Searching for HiDrootkit's default dir... nothing found
    Searching for t0rn's default files and dirs... nothing found
    Searching for t0rn's v8 defaults... nothing found
    Searching for Lion Worm default files and dirs... nothing found
    Searching for RSHA's default files and dir... nothing found
    Searching for RH-Sharpe's default files... nothing found
    Searching for Ambient's rootkit (ark) default files and dirs... nothing found
    Searching for suspicious files and dirs, it may take a while... nothing found
    Searching for LPD Worm files and dirs... nothing found
    Searching for Ramen Worm files and dirs... nothing found
    Searching for Maniac files and dirs... nothing found
    Searching for RK17 files and dirs... nothing found
    Searching for Ducoci rootkit... nothing found
    Searching for Adore Worm... nothing found
    Searching for ****C Worm... nothing found
    Searching for Omega Worm... nothing found
    Searching for Sadmind/IIS Worm... nothing found
    Searching for MonKit... nothing found
    Searching for Showtee... nothing found
    Searching for OpticKit... nothing found
    Searching for T.R.K... nothing found
    Searching for Mithra... nothing found
    Searching for LOC rootkit... nothing found
    Searching for Romanian rootkit... nothing found
    Searching for Suckit rootkit... nothing found
    Searching for Volc rootkit... nothing found
    Searching for Gold2 rootkit... nothing found
    Searching for TC2 Worm default files and dirs... nothing found
    Searching for Anonoying rootkit default files and dirs... nothing found
    Searching for ZK rootkit default files and dirs... nothing found
    Searching for ShKit rootkit default files and dirs... nothing found
    Searching for AjaKit rootkit default files and dirs... nothing found
    Searching for zaRwT rootkit default files and dirs... nothing found
    Searching for Madalin rootkit default files... nothing found
    Searching for Fu rootkit default files... nothing found
    Searching for ESRK rootkit default files... nothing found
    Searching for rootedoor... nothing found
    Searching for anomalies in shell history files... Warning: `//home/oldcomputer/.civserver_history' file size is zero
    nothing found
    Checking `asp'... not infected
    Checking `bindshell'... not infected
    Checking `lkm'... You have 1 process hidden for readdir command
    You have 1 process hidden for ps command
    chkproc: Warning: Possible LKM Trojan installed
    Checking `rexedcs'... not found
    Checking `sniffer'... lo: not promisc and no packet sniffer sockets
    eth0: not promisc and no packet sniffer sockets
    Checking `w55808'... not infected
    Checking `wted'... chkwtmp: nothing deleted
    Checking `scalper'... not infected
    Checking `slapper'... not infected
    Checking `z2'... user root deleted or never logged from lastlog!
    oldcomputer@ubuntu:~$

    --
    Brian (not wanting to be a messiah): "You are all individuals..."
    Crowd (in unison): "We are all individuals..."
    Monty Python's "Life Of Brian"
    http://www.spampoison.com


  2. Re: chkproc: Warning: Possible LKM Trojan installed

    Jeanette wrote:

    Might be a false positive try to run rkhunter and see if it shows
    the same.



    noalternative wrote:
    > chkrootkit says I have a possible lkm trojan. What is this. How do I
    > verify it and how do I get rid of it?
    >
    > Here is my output.
    >
    > oldcomputer@ubuntu:~$ sudo chkroot
    > Password:
    > sudo: chkroot: command not found
    > oldcomputer@ubuntu:~$ sudo chkrootkit
    > ROOTDIR is `/'
    > Checking `amd'... not found
    > Checking `basename'... not infected
    > Checking `biff'... not found
    > Checking `chfn'... not infected
    > Checking `chsh'... not infected
    > Checking `cron'... not infected
    > Checking `date'... not infected
    > Checking `du'... not infected
    > Checking `dirname'... not infected
    > Checking `echo'... not infected
    > Checking `egrep'... not infected
    > Checking `env'... not infected
    > Checking `find'... not infected
    > Checking `fingerd'... not found
    > Checking `gpm'... not found
    > Checking `grep'... not infected
    > Checking `hdparm'... not infected
    > Checking `su'... not infected
    > Checking `ifconfig'... not infected
    > Checking `inetd'... not infected
    > Checking `inetdconf'... not infected
    > Checking `identd'... not found
    > Checking `init'... not infected
    > Checking `killall'... not infected
    > Checking `ldsopreload'... not infected
    > Checking `login'... not infected
    > Checking `ls'... not infected
    > Checking `lsof'... not infected
    > Checking `mail'... not found
    > Checking `mingetty'... not found
    > Checking `netstat'... not infected
    > Checking `named'... not found
    > Checking `passwd'... not infected
    > Checking `pidof'... not infected
    > Checking `pop2'... not found
    > Checking `pop3'... not found
    > Checking `ps'... not infected
    > Checking `pstree'... not infected
    > Checking `rpcinfo'... not infected
    > Checking `rlogind'... not found
    > Checking `rshd'... not found
    > Checking `slogin'... not infected
    > Checking `sendmail'... not found
    > Checking `sshd'... not found
    > Checking `syslogd'... not infected
    > Checking `tar'... not infected
    > Checking `tcpd'... not infected
    > Checking `tcpdump'... not infected
    > Checking `top'... not infected
    > Checking `telnetd'... not found
    > Checking `timed'... not found
    > Checking `traceroute'... not found
    > Checking `vdir'... not infected
    > Checking `w'... not infected
    > Checking `write'... not infected
    > Checking `aliens'... no suspect files
    > Searching for sniffer's logs, it may take a while... nothing found
    > Searching for HiDrootkit's default dir... nothing found
    > Searching for t0rn's default files and dirs... nothing found
    > Searching for t0rn's v8 defaults... nothing found
    > Searching for Lion Worm default files and dirs... nothing found
    > Searching for RSHA's default files and dir... nothing found
    > Searching for RH-Sharpe's default files... nothing found
    > Searching for Ambient's rootkit (ark) default files and dirs... nothing found
    > Searching for suspicious files and dirs, it may take a while... nothing found
    > Searching for LPD Worm files and dirs... nothing found
    > Searching for Ramen Worm files and dirs... nothing found
    > Searching for Maniac files and dirs... nothing found
    > Searching for RK17 files and dirs... nothing found
    > Searching for Ducoci rootkit... nothing found
    > Searching for Adore Worm... nothing found
    > Searching for ****C Worm... nothing found
    > Searching for Omega Worm... nothing found
    > Searching for Sadmind/IIS Worm... nothing found
    > Searching for MonKit... nothing found
    > Searching for Showtee... nothing found
    > Searching for OpticKit... nothing found
    > Searching for T.R.K... nothing found
    > Searching for Mithra... nothing found
    > Searching for LOC rootkit... nothing found
    > Searching for Romanian rootkit... nothing found
    > Searching for Suckit rootkit... nothing found
    > Searching for Volc rootkit... nothing found
    > Searching for Gold2 rootkit... nothing found
    > Searching for TC2 Worm default files and dirs... nothing found
    > Searching for Anonoying rootkit default files and dirs... nothing found
    > Searching for ZK rootkit default files and dirs... nothing found
    > Searching for ShKit rootkit default files and dirs... nothing found
    > Searching for AjaKit rootkit default files and dirs... nothing found
    > Searching for zaRwT rootkit default files and dirs... nothing found
    > Searching for Madalin rootkit default files... nothing found
    > Searching for Fu rootkit default files... nothing found
    > Searching for ESRK rootkit default files... nothing found
    > Searching for rootedoor... nothing found
    > Searching for anomalies in shell history files... Warning: `//home/oldcomputer/.civserver_history' file size is zero
    > nothing found
    > Checking `asp'... not infected
    > Checking `bindshell'... not infected
    > Checking `lkm'... You have 1 process hidden for readdir command
    > You have 1 process hidden for ps command
    > chkproc: Warning: Possible LKM Trojan installed
    > Checking `rexedcs'... not found
    > Checking `sniffer'... lo: not promisc and no packet sniffer sockets
    > eth0: not promisc and no packet sniffer sockets
    > Checking `w55808'... not infected
    > Checking `wted'... chkwtmp: nothing deleted
    > Checking `scalper'... not infected
    > Checking `slapper'... not infected
    > Checking `z2'... user root deleted or never logged from lastlog!
    > oldcomputer@ubuntu:~$
    >


+ Reply to Thread