logikstudios

Well-Known Member
Nov 2, 2006
156
0
166
Hey. I ran a trojan horse check and found some files.

Are any of these to be worried about? (i have taken out some of the dots)

Appears Clean

/dev/core
/dev/stderr

Scanning for Trojan Horses.....
.


Possible Trojan - /etc/cron.daily/logrotate
.
.


Possible Trojan - /usr/bin/cpan
.


Possible Trojan - /usr/bin/instmodsh
.
.


Possible Trojan - /usr/bin/prove
.
.

Possible Trojan - /usr/bin/pstruct
.
.

Possible Trojan - /usr/bin/splain

6 POSSIBLE Trojans Detected
 

Kelmas

Well-Known Member
Nov 6, 2006
121
0
166
Lithuania
On my box 4 scripts were detected after fresh cPanel install, so these are not trojans for sure:
/usr/bin/cpan
/usr/bin/instmodsh
/usr/bin/prove
/usr/bin/pstruct

Not sure about others you found. Maybe somebody else might know.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
Are any of these to be worried about? (i have taken out some of the dots)

Appears Clean

/dev/core
/dev/stderr
/dev/stdin, /dev/stdout, and /dev/stderr are files used by some UNIX systems. Utilities such as gawk, support special filenames like /dev/stderr
In addition, a system process can write to its standard output through /dev/stdout and the standard error via /dev/stderr

/dev/core is a system package. Make sure you get the following when:
ls -al /dev/core
crw------- 1 root root /dev/core

ls -al /dev/stderr
lrwxrwxrwx 1 root root
 

mctDarren

Well-Known Member
Jan 6, 2004
665
4
168
New Jersey
cPanel Access Level
Root Administrator
Did you execute "ls -la /dev/core" as Andy suggested? What were the results? Do you have chkrootkit and/or rkhunter installed on the box? I would install and run those too. Probably not worth worrying over if you get the results Andy posted and both chkrootkit and rkhunter come up clean.