Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Need advice please - "Trojan Horses detected"

Discussion in 'General Discussion' started by flashsonix, Jan 18, 2007.

  1. flashsonix

    flashsonix Member

    Joined:
    Aug 30, 2004
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151
    Trojan Horses Detected by (WHM)

    Hidden Pid detected! [pid 212]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/sbin/adjkerntz]

    Hidden Pid detected! [pid 271]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/sbin/devd]

    Hidden Pid detected! [pid 293]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/syslogd]

    Hidden Pid detected! [pid 308]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/lwresd]

    Hidden Pid detected! [pid 380]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/usbd]

    Hidden Pid detected! [pid 420]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/sshd]

    Hidden Pid detected! [pid 442]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/cron]

    Hidden Pid detected! [pid 482]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/bin/perl]

    Hidden Pid detected! [pid 605]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/bin/sh]

    Hidden Pid detected! [pid 646]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/libexec/mysqld]

    Hidden Pid detected! [pid 664]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 665]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 666]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 667]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 668]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 669]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 670]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 671]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 722]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/sbin/pure-ftpd]

    Hidden Pid detected! [pid 724]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/sbin/pure-authd]

    Hidden Pid detected! [pid 734]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/inetd]

    Hidden Pid detected! [pid 29816]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/bin/perl]


    Thank you for your advice on this issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 flashsonix, Jan 18, 2007
    Last edited: Apr 20, 2007
  2. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    166
    My suggestion is to hire a security admin to check your server or you may request your data center to help you to check on the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    Install and/or run rkhunter and chkrootkit to see if you have bad files on your server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice