[OT] Rootkit queston

From: Markus Hästbacka
Date: Mon Dec 01 2003 - 16:14:47 EST

Next message: Jonathan Fors: "Re: PROBLEM: 2.6test11 kernel panic on "head -1 /proc/net/tcp""
Previous message: Russell King: "Re: APM Suspend Problem"
Next in thread: Richard B. Johnson: "Re: [OT] Rootkit queston"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all!

I've been wondering about what is a rootkit and how it works?

I've been paranoid after I heard that the debian project got
"rootkitted", I ran chkrootkit, and it said that it's possible that I
have a LKM rootkit installed, but the website told me that it's possible
that the LKM test gives wrong information with recent kernels (Running
2.4.22 now).

These processes "were hidden from ps command":
root 0 0.0 0.0 0 0 ? SWN Oct28 0:01
[ksoftirqd_CPU0]
root 0 0.0 0.0 0 0 ? SW Oct28 4:27 [kswapd]
root 0 0.0 0.0 0 0 ? SW Oct28 0:00 [bdflush]
root 0 0.0 0.0 0 0 ? SW Oct28 0:01
[kupdated]

They seem to have PID 0, is this normal? Do my system have a rootkit
installed? If it does, how do I remove it?

Or, am I just paranoid?

Thanks for your time.
Regards,
Markus
--
"Software is like sex, it's better when it's free."
Markus Hästbacka <midian at ihme dot org>

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Jonathan Fors: "Re: PROBLEM: 2.6test11 kernel panic on "head -1 /proc/net/tcp""
Previous message: Russell King: "Re: APM Suspend Problem"
Next in thread: Richard B. Johnson: "Re: [OT] Rootkit queston"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]