INFECTED (PORTS: 465) + LKM Trojan installed

Chkrootkit scan result: INFECTED (PORTS: 465) + Possible LKM Trojan installed
You may see the following output in the chkrootkit scan:
INFECTED (PORTS: 465)
You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
 The server is not infected but these are false positives.
The warning “INFECTED (PORTS: 465)” is a false alarm and can be ignored. The port 465 belogs to SMTPS service and if not in use, you can block it using iptables to avoid the false alarm.
Regarding “chkproc: Warning: Possible LKM Trojan installed”, it is generated when a process is killed and initiated when chkrootkit is running. Normally, you see whether they were php, perl or someother processes.

INFECTED (PORTS: 465) + LKM Trojan installed
Tagged on:

One thought on “INFECTED (PORTS: 465) + LKM Trojan installed

  • September 9, 2011 at 3:30 am
    Permalink

    Very nice, i suggest webmaster can set up a forum, so that we can talk and communicate.

    Reply

Leave a Reply to Sharon Cancel reply

Your email address will not be published. Required fields are marked *

Fork me on GitHub