The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

possible trojan horses?

Discussion in 'General Discussion' started by dnagency, Jan 2, 2005.

  1. dnagency

    dnagency Active Member

    Joined:
    Oct 21, 2004
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I am having a new server since 7 days or so... since yesterday it all of a sudden was damn slow, so I thought I should probably check for trojan horses in WHM. This is what I got:

    Appears Clean



    /dev/stderr



    Scanning for Trojan Horses.....
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/pod2usage
    .

    Possible Trojan - /usr/bin/podchecker
    .

    Possible Trojan - /usr/bin/podselect
    .
    .

    Possible Trojan - /usr/bin/pstruct
    .
    .

    Possible Trojan - /usr/bin/splain
    .

    Possible Trojan - /usr/bin/xsubpp
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/pear
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    7 POSSIBLE Trojans Detected

    Does anyone have an idea wether this could be real trojan horses and if so how to remove em? (I am totally new to that server admin thingy)
     
  2. Jasio

    Jasio Active Member

    Joined:
    Feb 15, 2004
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    cPanel/WHM's trojan scanner isnt very good, and usually comes up with false-positives.

    Download and run a root kit on your server. I advise downloading and installing 'Rootkit Hunter'

    Once installed run (from any directory): rkhunter -c --createlogfile

    That will do a deep, proper scan of your entire server, not only check for trojans, but for worms, root kits, and mis-matching MD5 hash sums for binaries.
     
Loading...

Share This Page