Are these trojan horses?

[logikstudios]

Hey. I ran a trojan horse check and found some files.

Are any of these to be worried about? (i have taken out some of the dots)

Appears Clean

/dev/core
/dev/stderr

Scanning for Trojan Horses.....
.


Possible Trojan - /etc/cron.daily/logrotate
.
.


Possible Trojan - /usr/bin/cpan
.


Possible Trojan - /usr/bin/instmodsh
.
.


Possible Trojan - /usr/bin/prove
.
.

Possible Trojan - /usr/bin/pstruct
.
.

Possible Trojan - /usr/bin/splain

6 POSSIBLE Trojans Detected

 

[Kelmas]

On my box 4 scripts were detected after fresh cPanel install, so these are not trojans for sure:
/usr/bin/cpan
/usr/bin/instmodsh
/usr/bin/prove
/usr/bin/pstruct

Not sure about others you found. Maybe somebody else might know.

 

[AndyReed]

Are any of these to be worried about? (i have taken out some of the dots)

Appears Clean

/dev/core
/dev/stderr

/dev/stdin, /dev/stdout, and /dev/stderr are files used by some UNIX systems. Utilities such as gawk, support special filenames like /dev/stderr
In addition, a system process can write to its standard output through /dev/stdout and the standard error via /dev/stderr

/dev/core is a system package. Make sure you get the following when:
ls -al /dev/core
crw------- 1 root root /dev/core

ls -al /dev/stderr
lrwxrwxrwx 1 root root

 

[logikstudios]

Should i be worried or not?

 

[mctDarren]

Did you execute "ls -la /dev/core" as Andy suggested? What were the results? Do you have chkrootkit and/or rkhunter installed on the box? I would install and run those too. Probably not worth worrying over if you get the results Andy posted and both chkrootkit and rkhunter come up clean.

 

[logikstudios]

Yep. they are the resuts andy got
Thanks,
Nathaniel