Community Forums
Connect with us on LinkedIn
Community Notice
Need advice please - "Trojan Horses detected"
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 01-18-2007 08:16 AM #1
    flashsonix
    flashsonix is offline
    Member
    Join Date
    Aug 2004
    Posts
    17

    Default Need advice please - "Trojan Horses detected"

    Trojan Horses Detected by (WHM)

    Hidden Pid detected! [pid 212]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/sbin/adjkerntz]

    Hidden Pid detected! [pid 271]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/sbin/devd]

    Hidden Pid detected! [pid 293]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/syslogd]

    Hidden Pid detected! [pid 308]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/lwresd]

    Hidden Pid detected! [pid 380]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/usbd]

    Hidden Pid detected! [pid 420]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/sshd]

    Hidden Pid detected! [pid 442]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/cron]

    Hidden Pid detected! [pid 482]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/bin/perl]

    Hidden Pid detected! [pid 605]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/bin/sh]

    Hidden Pid detected! [pid 646]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/libexec/mysqld]

    Hidden Pid detected! [pid 664]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 665]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 666]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 667]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 668]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 669]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 670]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 671]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 722]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/sbin/pure-ftpd]

    Hidden Pid detected! [pid 724]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/sbin/pure-authd]

    Hidden Pid detected! [pid 734]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/inetd]

    Hidden Pid detected! [pid 29816]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/bin/perl]


    Thank you for your advice on this issue.
    Last edited by flashsonix; 04-20-2007 at 07:51 AM.
    I run a search engine optimization blog called "Optimized Promotion" - here's the link to my SEO Blog
    Reply With Quote Reply With Quote
  2. 01-18-2007 11:54 AM #2
    tweakservers
    tweakservers is offline
    Member
    Join Date
    Mar 2006
    Posts
    378
    Send a message via AIM to tweakservers Send a message via MSN to tweakservers

    Default

    My suggestion is to hire a security admin to check your server or you may request your data center to help you to check on the server.
    Tweakservers | Professional Server Setup & Security Hardening
    Authorised SmarterTools Reseller, SSL Certificate & TRUSTe Privacy Policy
    Reply With Quote Reply With Quote
  3. 01-18-2007 09:11 PM #3
    AndyReed
    AndyReed is offline
    cPanel Partner NOC cPanel Partner NOC Badge AndyReed's Avatar
    Join Date
    May 2004
    Location
    Minneapolis, MN
    Posts
    2,223

    Default

    Quote Originally Posted by flashsonix View Post
    Trojan Horses Detected by (WHM)

    Hidden Pid detected! [pid 212]
    hidden from ps: [yes]
    Install and/or run rkhunter and chkrootkit to see if you have bad files on your server.
    Andy Reed
    RHCE and CCNA
    ServerTune.com
    Reply With Quote Reply With Quote
«   rvskin 7.12 released- update now | Where is Cpanel for windows? »     
Similar Threads & Tags
Similar threads

  1. "Trojan Horses Detected" but only rsyslogd and mysqld. New server, scans shows clean
    By BasicLink SA in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 09-28-2011, 01:10 AM
  2. HELP,HELP Trojan Horses Detected by (WHM)
    By xxgchappy in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 06-12-2004, 11:38 AM
  3. Trojan Horses Detected by (WHM)
    By Ronny in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 01-24-2004, 10:42 AM
  4. Trojan Horses Detected
    By davidmxs in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 07-02-2003, 05:54 PM
  5. Trojan Horses Detected by (WHM)... ?
    By brianteeter in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 05-05-2003, 07:15 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube