Need advice please - "Trojan Horses detected"

flashsonix

Member
Aug 30, 2004
17
0
151
Trojan Horses Detected by (WHM)

Hidden Pid detected! [pid 212]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/sbin/adjkerntz]

Hidden Pid detected! [pid 271]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/sbin/devd]

Hidden Pid detected! [pid 293]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/sbin/syslogd]

Hidden Pid detected! [pid 308]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/sbin/lwresd]

Hidden Pid detected! [pid 380]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/sbin/usbd]

Hidden Pid detected! [pid 420]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/sbin/sshd]

Hidden Pid detected! [pid 442]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/sbin/cron]

Hidden Pid detected! [pid 482]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/local/bin/perl]

Hidden Pid detected! [pid 605]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/bin/sh]

Hidden Pid detected! [pid 646]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/local/libexec/mysqld]

Hidden Pid detected! [pid 664]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 665]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 666]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 667]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 668]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 669]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 670]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 671]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/libexec/getty]

Hidden Pid detected! [pid 722]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/local/sbin/pure-ftpd]

Hidden Pid detected! [pid 724]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/local/sbin/pure-authd]

Hidden Pid detected! [pid 734]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/sbin/inetd]

Hidden Pid detected! [pid 29816]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/usr/local/bin/perl]


Thank you for your advice on this issue.
 
Last edited:

tweakservers

Well-Known Member
Mar 30, 2006
379
0
166
My suggestion is to hire a security admin to check your server or you may request your data center to help you to check on the server.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
Trojan Horses Detected by (WHM)

Hidden Pid detected! [pid 212]
hidden from ps: [yes]
Install and/or run rkhunter and chkrootkit to see if you have bad files on your server.