chkrootkit says TOP infected; is that spurious?

I’m running OpenSUSE 11.1. I just ran chkrootkit and it told me that top is infected. So I tried reloading the package procps, which contains top, but the problem persisted.

How can I tell if this is a real problem or an artifact?

I also got this from chkrootkit:

Checking `lkm'... You have   114 process hidden for readdir command
You have   114 process hidden for ps command
Warning: Possible LKM Trojan installed

Should I be worrying about it?

I think that false positive is explained here:

#224470 - chkrootkit: false positive: Checking `lkm’… You have 4 process hidden for ps command - Debian Bug report logs](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=224470)

On 2010-10-05 01:36, pwabrahams wrote:
>
> I’m running OpenSUSE 11.1. I just ran chkrootkit and it told me that
> top is infected. So I tried reloading the package procps, which
> contains top, but the problem persisted.

If you are really worried, download the rpm on another computer, expand it, and compare the binaries
from both systems (not running the suspect system, use a live or another partition)


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)