Go Back   cPanel Forums > cPanel® and WHM® (for Linux® and FreeBSD® Servers) > cPanel and WHM Discussions
Checking for infected files. Checking for infected files.
Register FAQ Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-24-2005, 01:04 PM
Registered User
  
Join Date: Sep 2005
Posts: 42
4402734 is on a distinguished road
Checking for infected files.
Hello.
I installed chrootkit and checked my system for infected files .then saw the following lines between checking log.

Checking `ldsopreload'... can't exec ./strings-static, not tested

Checking `tcpdump'... warning, got duplicate tcp line.
not infected


Checking `bindshell'... warning, got duplicate tcp line.
warning, got duplicate tcp line.
INFECTED (PORTS: 465)


Checking `sniffer'... not tested: can't exec ./ifpromisc

Checking `wted'... not tested: can't exec ./chkwtmp

Checking `scalper'... warning, got duplicate tcp line.
not infected

Checking `z2'... not tested: can't exec ./chklastlog

Checking `chkutmp'... not tested: can't exec ./chkutmp


.
Has my Server infected with worms or viruses?
Please, some explain about this lines.

thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 09-24-2005, 04:25 PM
chirpy's Avatar
Moderator
  
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
That doesn't look as though you have compiled chkrootkit correctly.

As an alternative try rkhunter instead.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 09-24-2005, 07:28 PM
Registered User
  
Join Date: Apr 2004
Posts: 90
chris74108
Quote:
Originally Posted by 4402734
Hello.
I installed chrootkit and checked my system for infected files .then saw the following lines between checking log.

Checking `ldsopreload'... can't exec ./strings-static, not tested

Checking `tcpdump'... warning, got duplicate tcp line.
not infected


Checking `bindshell'... warning, got duplicate tcp line.
warning, got duplicate tcp line.
INFECTED (PORTS: 465)


Checking `sniffer'... not tested: can't exec ./ifpromisc

Checking `wted'... not tested: can't exec ./chkwtmp

Checking `scalper'... warning, got duplicate tcp line.
not infected

Checking `z2'... not tested: can't exec ./chklastlog

Checking `chkutmp'... not tested: can't exec ./chkutmp


.
Has my Server infected with worms or viruses?
Please, some explain about this lines.

thanks
I simple search with google or using the search feature here shows that
INFECTED (PORTS: 465)
is normal.

rkhunter is better so give it a try.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 09-25-2005, 05:10 AM
Registered User
  
Join Date: Sep 2005
Posts: 42
4402734 is on a distinguished road
Where can I find the rkhunter and how to install it?

thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 09-25-2005, 05:14 AM
chirpy's Avatar
Moderator
  
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
You only need a little initiative - search these forums or use your favourtite web browser.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 09-25-2005, 07:57 AM
gupi's Avatar
Registered User
  
Join Date: Apr 2004
Posts: 125
gupi
well, if you still have'n found it, here's the homepage: http://www.rootkit.nl/
(nice name for a domain, isn't it ?)
__________________
Stefaniu -gupi- Criste
Hangar Hosting - a safe place for your Romanian online business
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Export Mailman list emails | Swapping IP's to another server »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 12:59 PM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
© cPanel Inc