[clamav-users] Unix.Trojan.ElkKnot FOUND
DUCARROZ Birgit
birgit.ducarroz at unifr.ch
Wed May 21 20:17:57 UTC 2014
Thank you a lot! When will it be replaced?
I had 317 "infected" files and now I don't know if they are false
positives or not.
Curiously chkrootkit gave me this:
< You have 1 process hidden for readdir command
< You have 1 process hidden for ps command
< chkproc: Warning: Possible LKM Trojan installed
but this message disappeared also one or two days later.
Since the most of the "infected" files are old, I wonder if they might
have been infected afterwards...
- Birgit
On 21. 05. 14 22:09 , Alain Zidouemba wrote:
> It was dropped for performance reasons. We found it be generating some
> false positives, such as the one you likely had. The signature
> Unix.Trojan.ElkKnot will be replaced with a better performing one.
>
> - Alain
>
>
> On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit
> <birgit.ducarroz at unifr.ch>wrote:
>
>> Why has it been dropped? Should I believe now that I have this trojan or
>> not?
>>
>>
>> On 21. 05. 14 14:31 , Alain Zidouemba wrote:
>>
>>> The signature "Unix.Trojan.ElkKnot" has been dropped from our signature
>>> set
>>> a few releases ago.
>>>
>>> - Alain
>>>
>>>
>>> On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit
>>> <birgit.ducarroz at unifr.ch>wrote:
>>>
>>> Sorry, I forgot to note my question:
>>>> Does somebody know what this might be?
>>>> When I am scanning now the same files, this messages does not appear
>>>> again.
>>>> Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014
>>>>
>>>>
>>>> On 21. 05. 14 11:41 , DUCARROZ Birgit wrote:
>>>>
>>>> Hi,
>>>>> as of 05/13/2014 I had suddenly a lot of older files with notification
>>>>>
>>>>> Unix.Trojan.ElkKnot FOUND
>>>>>
>>>>> Regards,
>>>>> Birgit
>>>>>
>>>>>
>>>>>
>>>>>
More information about the clamav-users
mailing list