The "chkproc: Warning: Possible LKM Trojan installed" appears and disappears

Question

I have chkrootkit version 0.49 installed on Debian 6.5.

When I run sudo chkrootkit, I keep getting variable warnings about the LKM trojan, when I run the command repeatedly.

First run

Checking `lkm'...                                           You have     1 process hidden for readdir command
You have     1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

Second run

Checking `lkm'...                                           chkproc: nothing detected
chkdirs: nothing detected

Third run

Checking `lkm'...                                           You have     3     process hidden for readdir command
You have     3 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

What is the best way to tell if I am really infected?

Edit:

When I did the test outlined above, I had maldet (LMD) running. I killed the maldet session and tried the above test again. I ran "sudo chkrootkit" 16 times and always got

Checking `lkm'...                                           chkproc: nothing detected

Could chkrootkit have been flagging maldet activity as a trojan?

It seems a bogus warning http://www.dedoimedo.com/computers/chkrootkit-lkm-warning.html — Braiam, Oct 18 '14 at 18:14

The "chkproc: Warning: Possible LKM Trojan installed" appears and disappears

0 Answers0