Chkrootkit scan result: INFECTED (PORTS: 465) + Possible LKM Trojan installed
You may see the following output in the chkrootkit scan:
INFECTED (PORTS: 465)
You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
The server is not infected but these are false positives.
The warning “INFECTED (PORTS: 465)” is a false alarm and can be ignored. The port 465 belogs to SMTPS service and if not in use, you can block it using iptables to avoid the false alarm.
Regarding “chkproc: Warning: Possible LKM Trojan installed”, it is generated when a process is killed and initiated when chkrootkit is running. Normally, you see whether they were php, perl or someother processes.
Comments are closed.