The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need advice please - "Trojan Horses detected"

Discussion in 'General Discussion' started by flashsonix, Jan 18, 2007.

  1. flashsonix

    flashsonix Member

    Joined:
    Aug 30, 2004
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Trojan Horses Detected by (WHM)

    Hidden Pid detected! [pid 212]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/sbin/adjkerntz]

    Hidden Pid detected! [pid 271]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/sbin/devd]

    Hidden Pid detected! [pid 293]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/syslogd]

    Hidden Pid detected! [pid 308]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/lwresd]

    Hidden Pid detected! [pid 380]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/usbd]

    Hidden Pid detected! [pid 420]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/sshd]

    Hidden Pid detected! [pid 442]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/cron]

    Hidden Pid detected! [pid 482]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/bin/perl]

    Hidden Pid detected! [pid 605]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/bin/sh]

    Hidden Pid detected! [pid 646]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/libexec/mysqld]

    Hidden Pid detected! [pid 664]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 665]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 666]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 667]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 668]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 669]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 670]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 671]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/libexec/getty]

    Hidden Pid detected! [pid 722]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/sbin/pure-ftpd]

    Hidden Pid detected! [pid 724]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/sbin/pure-authd]

    Hidden Pid detected! [pid 734]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/inetd]

    Hidden Pid detected! [pid 29816]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/local/bin/perl]


    Thank you for your advice on this issue.
     
    #1 flashsonix, Jan 18, 2007
    Last edited: Apr 20, 2007
  2. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    16
    My suggestion is to hire a security admin to check your server or you may request your data center to help you to check on the server.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Install and/or run rkhunter and chkrootkit to see if you have bad files on your server.
     
Loading...

Share This Page