chkrootkit 4 process hidden - Am I really infected?

Hello,

I just ran chkrootkit to check the server integrity and I saw the following:

Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 4 process hidden for readdir command

So I immediately ran ./chkrootkit -x lkm and below are the results

ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 1
###
PID 4917(/proc/4917): not in readdir output
PID 4917: not in ps output
CWD 4917: /
EXE 4917: /usr/sbin/clamd
PID 6233(/proc/6233): not in readdir output
PID 6233: not in ps output
CWD 6233: /
EXE 6233: /usr/sbin/named
PID 6234(/proc/6234): not in readdir output
PID 6234: not in ps output
CWD 6234: /
EXE 6234: /usr/sbin/named
PID 6235(/proc/6235): not in readdir output
PID 6235: not in ps output
CWD 6235: /
EXE 6235: /usr/sbin/named
You have 4 process hidden for readdir command
You have 4 process hidden for ps command



I am an not yet completely versed in Linux Admin yet, so I was hoping that someone could shed some light on this for me and let me know whether or not I am really infected here. and IF SO, how to get rid of them.


thank you, I appreciate any help very much!

 

 

 

 

Top