The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Are these trojan horses?

Discussion in 'General Discussion' started by logikstudios, Jan 2, 2007.

  1. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    0
    Hey. I ran a trojan horse check and found some files.

    Are any of these to be worried about? (i have taken out some of the dots)

    Appears Clean

    /dev/core
    /dev/stderr

    Scanning for Trojan Horses.....
    .


    Possible Trojan - /etc/cron.daily/logrotate
    .
    .


    Possible Trojan - /usr/bin/cpan
    .


    Possible Trojan - /usr/bin/instmodsh
    .
    .


    Possible Trojan - /usr/bin/prove
    .
    .

    Possible Trojan - /usr/bin/pstruct
    .
    .

    Possible Trojan - /usr/bin/splain

    6 POSSIBLE Trojans Detected
     
  2. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    On my box 4 scripts were detected after fresh cPanel install, so these are not trojans for sure:
    /usr/bin/cpan
    /usr/bin/instmodsh
    /usr/bin/prove
    /usr/bin/pstruct

    Not sure about others you found. Maybe somebody else might know.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    /dev/stdin, /dev/stdout, and /dev/stderr are files used by some UNIX systems. Utilities such as gawk, support special filenames like /dev/stderr
    In addition, a system process can write to its standard output through /dev/stdout and the standard error via /dev/stderr

    /dev/core is a system package. Make sure you get the following when:
    ls -al /dev/core
    crw------- 1 root root /dev/core

    ls -al /dev/stderr
    lrwxrwxrwx 1 root root
     
  4. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    0
    Should i be worried or not?
     
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Did you execute "ls -la /dev/core" as Andy suggested? What were the results? Do you have chkrootkit and/or rkhunter installed on the box? I would install and run those too. Probably not worth worrying over if you get the results Andy posted and both chkrootkit and rkhunter come up clean.
     
  6. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    0
    Yep. they are the resuts andy got
    Thanks,
    Nathaniel
     

Share This Page