The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hacked or false positives?

Discussion in 'General Discussion' started by elleryjh, Jan 17, 2005.

  1. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    16
    Can someone please help me read the output from chkrootkit and Scan for Trojans? Thanks in advance!


    From chkrootkit:
    Checking `bindshell'... INFECTED (PORTS: 465)
    Checking `lkm'...
    You have 1 process hidden for readdir command
    You have 1 process hidden for ps command
    Warning: Possible LKM Trojan installed

    From WHM's Scan for Trojan Horses:
    Possible Trojan - /usr/bin/curl
    Possible Trojan - /usr/bin/podchecker
    Possible Trojan - /usr/bin/pstruct
    Possible Trojan - /usr/bin/splain
    Possible Trojan - /usr/bin/xsubpp
    Possible Trojan - /usr/bin/curl-config
    Possible Trojan - /usr/bin/dbiprof
    Possible Trojan - /usr/bin/sa-learn
    Possible Trojan - /usr/bin/spamassassin
    Possible Trojan - /usr/bin/spamc
    Possible Trojan - /usr/bin/spamd
    11 POSSIBLE Trojans Detected
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Most likely all false positives. Grab rkhunter and check the (more reliable) output from it.
    http://www.rootkit.nl/
     
  3. dr2web

    dr2web Active Member

    Joined:
    Jan 14, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    Just in case anyone reads this... I had the exact same problem from chkrootkit...

    I installed rkhunter and it was indeed a false positive...

    Install rkhunter it is alot cleaner and more accurate.
     
  4. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    And updated more often, which is important in such a tool.

    Don't forget to "show the love" to the author by buying him something on his Amazon wishlist. He's a good guy and very responsive.
     
Loading...
Similar Threads - hacked false positives
  1. xtronica
    Replies:
    9
    Views:
    659
  2. sahostking
    Replies:
    2
    Views:
    860

Share This Page