false positive, or server hacked?
Piotr Gnyp
toread at discordia.pl
Thu Apr 15 02:04:15 PDT 2004
Hi,
I`m running FreeBSD 5.2.1-p4, I`ve just installed new version of
chkrootkit 0.43 from freshports, and report follows:
Checking `date'... INFECTED
Checking `lkm'... You have 115 process hidden for readdir command
You have 23 process hidden for ps command
Warning: Possible LKM Trojan installed
ll of /bin/date
-r-xr-xr-x 1 root wheel 14776 30 Mar 13:20 /bin/date
Please advice.
More information about the freebsd-questions
mailing list