HELP - Rootkit
Fernando Gleiser
fgleiser at cactus.fi.uba.ar
Tue May 20 13:08:21 PDT 2003
On 20 May 2003, Guy Van Sanden wrote:
> I found some strange files in /stand namely -sh and [
They are perfectly normal. Don't worry about them.
> This got me somewhat suspicious, so I installed chkrootkit.
>
> It says:
> Checking `chfn'... INFECTED
> Checking `chsh'... INFECTED
> Checking `cron'... not infected
> Checking `date'... INFECTED
> Checking `ls'... INFECTED
> Checking `ps'... INFECTED
> Checking `lkm'... You have 9 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Does this mean I got hacked?
Is it a 5.0 system? chkrootkit gives false positives in 5.0
Fer
More information about the freebsd-questions
mailing list