Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

chkproc: Warning: Possible LKM Trojan installed

Posted on 2011-02-11
6
Medium Priority
?
898 Views
Last Modified: 2012-05-11
I got the below email warning from my server and not sure how to proceed with it.
I've gotten it a few time and the last couple of times I've just ignored it.


/var/www/mrtg/tcp.log

/usr/lib/php/.registry /usr/lib/php/.registry/.channel.pecl.php.net /usr/lib/php/.registry/.channel.__uri /usr/lib/php/.channels /usr/lib/php/.channels/.alias
You have     2 process hidden for readdir command
You have     2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

Open in new window

0
Comment
Question by:sobeservices2
  • 4
  • 2
6 Comments
 
LVL 6

Assisted Solution

by:de2Zotjes
de2Zotjes earned 1500 total points
ID: 34877983
Do you get this mail from the very first time you ever ran the program that sends this mail ? (some type of rootkit checker I suppose)

If you run the rootkit detector for a long time and at some point in time you start getting this mail, it is a strong indicator you have a rootkit installed on your system. If that is the case the only sensible course of action is to do a full reinstall of the system.

If on the other hand the report has come out of the checker since the first time you ran it this is probably a false positive. Still necessary to inspect further to find out what exactly is hidden in what manner, but no cause for alarm.
0
 

Author Comment

by:sobeservices2
ID: 34881497
"If on the other hand the report has come out of the checker since the first time you ran it this is probably a false positive. Still necessary to inspect further to find out what exactly is hidden in what manner, but no cause for alarm."

I understand but I keep getting it. how can I inspect further.

0
 
LVL 6

Accepted Solution

by:
de2Zotjes earned 1500 total points
ID: 34883312
check in the mail you receive what executable is sending the mail. Start a shell and run the command from there. Try with extra verbosity or debug setting. Read the man page for the executable, perhaps it has a settings file where you can tune the sensitivity.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:sobeservices2
ID: 34899330
What do you mean check the shell and run command from there what commands?
0
 

Author Closing Comment

by:sobeservices2
ID: 34899337
Good job
0
 

Author Comment

by:sobeservices2
ID: 34899341
Took me in the right directions
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question