The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can delete the trojans?

Discussion in 'General Discussion' started by bh10.net, Oct 10, 2003.

  1. bh10.net

    bh10.net Registered

    Joined:
    Sep 8, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hello every body

    please help me when am serching for
    for Trojan Horses

    i find 7 trojans in my server

    what i do how can i delete it?

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    You should format your server and start over. Perhaps hire a system admin to secure your box.

    cPanel.net Support Ticket Number:
     
  3. techark

    techark Well-Known Member

    Joined:
    May 22, 2002
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    If you are using cpanel's find trojan be careful what you delete it reports things like Perl as a trojan.

    If you do not know what is a trojan for sure or how to delete them hire someone.

    cPanel.net Support Ticket Number:
     
  4. bh10.net

    bh10.net Registered

    Joined:
    Sep 8, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thank you very much

    am using Cpanel in my server and now i dont know for sure if that is trojans or no!!!
    but i got this messege when i serching for
    for Trojan Horses

    there is 7 trojans:confused:

    cPanel.net Support Ticket Number:
     
  5. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Most likely they are not trojans. The cpanel "find trojans" is a waste of time as it reports too many false positives.

    cPanel.net Support Ticket Number:
     
  6. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    I got this:

    Possible Trojan - /etc/rc.d/init.d/chkservd
    Possible Trojan - /usr/bin/pear

    Is this a false positive?
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Those are false positives.:)
     
  8. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    Wheh. Thanks man!
     
  9. altomarketing

    altomarketing Member

    Joined:
    Nov 5, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    FULL OF TROYANS HELP !!!

    Scanning for Trojan Horses.....

    Possible Trojan - /usr/bin/xmlwf
    .

    Possible Trojan - /usr/lib/libexpat.so.0.4.0
    ..

    Possible Trojan - /usr/lib/python1.5/site-packages/cgiwrap.pyc
    .

    Possible Trojan - /usr/lib/python1.5/site-packages/xmlrpclib.pyc
    .
    .
    .

    Possible Trojan - /usr/bin/curl-config
    ......
    Possible Trojan - /usr/bin/GET
    .

    Possible Trojan - /usr/bin/HEAD
    .

    Possible Trojan - /usr/bin/POST
    .

    Possible Trojan - /usr/bin/lwp-download
    .

    Possible Trojan - /usr/bin/lwp-mirror
    .

    Possible Trojan - /usr/bin/lwp-request
    .

    Possible Trojan - /usr/bin/lwp-rget
    ..

    Possible Trojan - /usr/bin/pear
    .
    .
    .
    Possible Trojan - /usr/bin/curl
    .

    Possible Trojan - /usr/lib/libcurl.so.2.0.2
    .
    .
    .
    15 POSSIBLE Trojans Detected


    WHICH FILE SHOULD I DELETE?
     
  10. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    I know for a fact that almost all of those are false positives. There are a couple i havent seen before, but that dont mean nothing.
     
  11. reddrake

    reddrake Well-Known Member

    Joined:
    Apr 2, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Wisconsin,Usa
    Exactly none of those are trojans. As the user said above its a waste of time looking with that. Not many trojans affect linux anyway. Just check your status logs rather then using a faulty trojan scanner :)
     
  12. altomarketing

    altomarketing Member

    Joined:
    Nov 5, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    ok, so ???

    Could you tell me a good troyan scanner?

    My cpanel have
    1-MailScanner +
    2-Antivirus ClamAV,
    3-Firewall APF
    4-Telnet disabled
    5-SSh root direct disabled
    6-ssh2 only available
    7-cpanel and whm only accesible via SSL
    8-Cpanel latest version autoupdatable
    9-I use prime gold condon :D and my girl says that she loves me ;)


    what else would you suggest to be more sure ??? ':confused:


    Thanks !!

    pd: how can i update my kernel, ??? it keeps me saying i have an unstable version.
    cpanel does not have this feature, have it ? :mad:


    Thanks again !!:D :D
     
  13. reddrake

    reddrake Well-Known Member

    Joined:
    Apr 2, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Wisconsin,Usa
    What type of server are you running?
    Linux , or BSD?
    Intel Celeron Pent or Xeon?

    Contact me on aim: Reddsupport
     
  14. altomarketing

    altomarketing Member

    Joined:
    Nov 5, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Im using a Linux Red Hat on a Celeron Pentium 1.7 with 512 ram,
     
  15. reddrake

    reddrake Well-Known Member

    Joined:
    Apr 2, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Wisconsin,Usa
    You can update by rpm.
    up2date --configure its like option 25 thats ignoring kernel remove the ignore. Then run up2date

    After its completed re do configure and add kernel back and restart machine.

    Regards,
    Brian
     
  16. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Actually I have used the tool several times to find a trojan and clean out a server.

    Just record what is sees when you finish setting up the server and compare for differances when you use it.

    Not to hard.

    ;)
     
Loading...

Share This Page