Solved

chkproc: Warning: Possible LKM Trojan installed

Posted on 2011-02-11
6
860 Views
Last Modified: 2012-05-11
I got the below email warning from my server and not sure how to proceed with it.
I've gotten it a few time and the last couple of times I've just ignored it.


/var/www/mrtg/tcp.log

/usr/lib/php/.registry /usr/lib/php/.registry/.channel.pecl.php.net /usr/lib/php/.registry/.channel.__uri /usr/lib/php/.channels /usr/lib/php/.channels/.alias
You have     2 process hidden for readdir command
You have     2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

Open in new window

0
Comment
Question by:sobeservices2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 6

Assisted Solution

by:de2Zotjes
de2Zotjes earned 500 total points
ID: 34877983
Do you get this mail from the very first time you ever ran the program that sends this mail ? (some type of rootkit checker I suppose)

If you run the rootkit detector for a long time and at some point in time you start getting this mail, it is a strong indicator you have a rootkit installed on your system. If that is the case the only sensible course of action is to do a full reinstall of the system.

If on the other hand the report has come out of the checker since the first time you ran it this is probably a false positive. Still necessary to inspect further to find out what exactly is hidden in what manner, but no cause for alarm.
0
 

Author Comment

by:sobeservices2
ID: 34881497
"If on the other hand the report has come out of the checker since the first time you ran it this is probably a false positive. Still necessary to inspect further to find out what exactly is hidden in what manner, but no cause for alarm."

I understand but I keep getting it. how can I inspect further.

0
 
LVL 6

Accepted Solution

by:
de2Zotjes earned 500 total points
ID: 34883312
check in the mail you receive what executable is sending the mail. Start a shell and run the command from there. Try with extra verbosity or debug setting. Read the man page for the executable, perhaps it has a settings file where you can tune the sensitivity.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sobeservices2
ID: 34899330
What do you mean check the shell and run command from there what commands?
0
 

Author Closing Comment

by:sobeservices2
ID: 34899337
Good job
0
 

Author Comment

by:sobeservices2
ID: 34899341
Took me in the right directions
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question