Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Other *NIX Forums > *BSD
User Name
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.


Closed Thread
  Search this Thread
Old 12-24-2003, 12:24 PM   #1
Registered: Jul 2003
Distribution: Red Hat
Posts: 94

Rep: Reputation: 15
lkm trojan

Hello guys,

In my periodic chkrootkit check i found this:

Checking `lkm'... You have 3 process hidden for readdir command
Warning: Possible LKM Trojan installed

I googled some and found information about this kind of trojan, its installed in the kernel and everything can be corrupted, binaries, etc..

Can anyone give some hints to check if im really infected and if I am how to remove it?

Thanks for your precious time.

Old 12-24-2003, 01:09 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.
Old 12-24-2003, 08:24 PM   #3
Registered: Sep 2003
Location: Canada
Distribution: Mandrake, Redhat, openBSD, Gentoo
Posts: 84

Rep: Reputation: 15

lsattr /sbin/init

Maybe that's it, but I don't know if it at all applies for LKM root kits.

Old 12-25-2003, 12:09 AM   #4
Registered: Jul 2003
Distribution: Red Hat
Posts: 94

Original Poster
Rep: Reputation: 15

I can't find any "lsattr" in my FreeBSD system!
But i went check on /sbin/init and it's listed on "ps" and it's at /proc , so no mismatch. I tried to check every proccess listed in ps at /proc but i got lost. Some script to check if the pid's listed in /proc are in "ps" would be somehow easier.
I don't really know what this lkm stuff is but i just know that i got 3 hidden process, so if anyone can help it would be really great!

Thanks Kilka

Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible LKM Trojan Installed Tons of Fun Linux - Security 2 11-07-2005 10:50 PM
Possible LKM Trojan installed gnjohn Linux - Security 1 03-14-2005 10:37 PM
possible LKM trojan installed? PennyroyalFrog Linux - Security 15 01-07-2005 01:28 AM
LKM trojan? help! synaptical Linux - Security 3 03-07-2004 07:16 AM
lkm trojan nullpt Linux - Security 3 12-26-2003 06:42 PM > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 10:58 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration