chkrootkit finding 2 infected files

hello NG,

i have two SuSE Linux 9.2 machines behaving strange. I booted with Knoppix 3.7 and started chkrootkit 0.43. This finds two infected files, find and top, both inusr-bin. I booted the same machines also with grml 0.8 (great stuff) and rechecked with chkrootkit 0.46 and rkhunter (don't know the version actual). This two tools didn't find anything. ??? O.k. I checked the md5sums of the two programms with "md5sumusr-bin-find" and "md5sumusr-bin-top". To compare this, i installed a fresh SuSE 9.2 and also created the hashes. They were not the same. I think i can trust the fresh installed machine. BUT: while googeling, i found someone having the same problem like me: Strange thing is i have the same hashes on the maybe infected machines like the guy has who says he has a proper system. So i'm wondering now about two questions: - which hash is "the right" ? - is it possible, that the "same" Linuxversion has different versions of programs. Both, the two maybe infected machines and the fresh installed said with "find --version": 4.1.20 and with "top -V": procps version 3.2.3. Maybe different setup-medias (i don't know which i used on the possible infected, it's a long time ago). Here are the hashes: 1. the possible infected: find: 54cfe2efd928f8ce1790031be4a88cc6 top: 54d2454e7f08911bcb0829f4c9ac008e

2. The fresh installed: find: 7e9571265bd79c28b54ed82854833f15 top: 7cf74f0d5616540e0429adc75cd55d5a

- Can anyone post me his hashes of these files ? - Does anyone knows if the "same" Linuxversions have different versions of tools like the above mentioned ? Thanks for any help. Bernd