I recently saw the following in a chkrootkit report: Feb 7th - Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed Checking earlier reports I see: Jan 19th - Checking `lkm'... nothing detected Jan 21st - Checking `lkm'... nothing detected Jan 23rd - Checking `lkm'... nothing detected Jan 25th - Checking `lkm'... nothing detected Jan 29th - Checking `lkm'... nothing detected Jan 31st - Checking `lkm'... nothing detected Feb 1st - Checking `lkm'... nothing detected Feb 3rd - Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed Feb 5th - Checking `lkm'... nothing detected So although the first warning appears on Feb 3rd it does not show on Feb 5th but re-appears on Feb 7th. Because of that I'm assuming (hoping?) it may be a false alarm. Well it does say 'Possible'! I have only a standard dial-up connection and have PMFirewall installed and running when I'm connected to the internet. I run chkrootkit every other day. What do you think chaps? (Chaps is a generic term which includes chapesses). Barry Samuels