Hello, I have been researching this the last two days and have not gotten very far. I have contacted my hosting provider and they ran a malware scan that came back clean as well as other commands to run and try to determine if I indeed have a trojan on my server. This is the error I have in the Security Adviser in WHM: Libkeyutils check: “/lib64/libkeyutils.so.1.3.1” is not owned by any system packages. This indicates a possible server compromise. (NOTE: Corrupted RPM databases can report this as a false positive). I do have a libkeyutils1.3.1 and libkeyutils1.3 with the symlink going to the 1.3.1 However, every other commands I enter to try and substantiate the flag turns up nothing. ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" -> this returns System Clean netstat -nap | grep proc/udevd" --> no results ipcs -m returns shared memory segments with the largest being 1200712 bytes (documents show a compromised system has over 3MB) So, not really sure where to go from here. Is WHM reporting a false positive? or is my RPM database corrupt? Thanks for the help!