Possible CHKROOTKIT False Positive...

Hello,
I have CHKROOTKIT run every nite and the details are e-mailed to me every day. Today I noticed this message:

Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed

I did a google search to find out this is a common false positive but it could still be a real problem. I wanted to know if you guys have any suggestions on how to determine if it is or not...

I also ran ./chkrootkit -x lkm and it came up with this


###
### Output of: ./chkproc -v -v -p 1
###
2466 is a Linux Thread, marking as such...
9530 is a Linux Thread, marking as such...
9531 is a Linux Thread, marking as such...
9532 is a Linux Thread, marking as such...

Thanks for the help...

 

 

 

 

Top