INFECTED (PORTS: 465) + LKM Trojan installed

Chkrootkit scan result: INFECTED (PORTS: 465) + Possible LKM Trojan installed

You may see the following output in the chkrootkit scan:

INFECTED (PORTS: 465)
You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

The server is not infected but these are false positives.

The warning “INFECTED (PORTS: 465)” is a false alarm and can be ignored. The port 465 belogs to SMTPS service and if not in use, you can block it using iptables to avoid the false alarm.

Regarding “chkproc: Warning: Possible LKM Trojan installed”, it is generated when a process is killed and initiated when chkrootkit is running. Normally, you see whether they were php, perl or someother processes.

This entry was posted on Friday, November 27th, 2009 and is filed under cPanel Management. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.