Possible trojans - Which one are and which one aren't?

Cemtey

Well-Known Member
Aug 19, 2007
69
0
56
Well I have following output of security scan and would like to know if there is some threat of virus in my system or not.
If someone notices trojan could post how to remove it?

Code:
 Main >> Security >> Scan for Trojan Horses
Scan for Trojan Horses
Appears Clean
/dev/core
/dev/stderr
Scanning for Trojan Horses.....
Possible Trojan - /usr/bin/aspell
Possible Trojan - /usr/bin/prezip-bin
Possible Trojan - /usr/bin/word-list-compress
Possible Trojan - /sbin/parted
Possible Trojan - /sbin/partprobe
Possible Trojan - /usr/libexec/gnome_segv2
Possible Trojan - /usr/bin/rsvg-convert
Possible Trojan - /usr/bin/rsvg-view
Possible Trojan - /usr/sbin/pureauth
Possible Trojan - /usr/bin/ptar
Possible Trojan - /usr/bin/gnome-desktop-item-edit
Possible Trojan - /usr/bin/gnome-panel
Possible Trojan - /usr/bin/panel-test-applets
Possible Trojan - /usr/libexec/clock-applet
Possible Trojan - /usr/libexec/fish-applet-2
Possible Trojan - /usr/libexec/notification-area-applet
Possible Trojan - /usr/libexec/wnck-applet
Possible Trojan - /usr/bin/gsf-office-thumbnailer
Possible Trojan - /sbin/ldconfig
Possible Trojan - /sbin/sln
Possible Trojan - /usr/sbin/iconvconfig
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /sbin/cryptsetup
Possible Trojan - /sbin/grubby
Possible Trojan - /usr/bin/sa-learn
Possible Trojan - /usr/bin/sa-update
Possible Trojan - /usr/bin/spamassassin
Possible Trojan - /usr/bin/spamc
Possible Trojan - /usr/bin/spamd
Possible Trojan - /usr/bin/gnome-open
Possible Trojan - /usr/libexec/camel-index-control-1.2
Possible Trojan - /usr/libexec/camel-lock-helper-1.2
Possible Trojan - /usr/libexec/evolution-data-server-1.8
Possible Trojan - /usr/bin/gnome-pilot-make-password
Possible Trojan - /usr/bin/gpilot-install-file
Possible Trojan - /usr/bin/gpilotd-control-applet
Possible Trojan - /usr/bin/gpilotd-session-wrapper
Possible Trojan - /usr/libexec/gpilot-applet
Possible Trojan - /usr/libexec/gpilotd
Possible Trojan - /usr/bin/animate
Possible Trojan - /usr/bin/compare
Possible Trojan - /usr/bin/composite
Possible Trojan - /usr/bin/conjure
Possible Trojan - /usr/bin/convert
Possible Trojan - /usr/bin/display
Possible Trojan - /usr/bin/identify
Possible Trojan - /usr/bin/import
Possible Trojan - /usr/bin/mogrify
Possible Trojan - /usr/bin/montage
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /usr/sbin/libgcc_post_upgrade
Possible Trojan - /usr/sbin/avcstat
Possible Trojan - /usr/sbin/getenforce
Possible Trojan - /usr/sbin/getsebool
Possible Trojan - /usr/sbin/matchpathcon
Possible Trojan - /usr/sbin/selinuxenabled
Possible Trojan - /usr/sbin/setenforce
Possible Trojan - /usr/sbin/togglesebool
Possible Trojan - /usr/bin/gtk-demo
Possible Trojan - /usr/bin/gtk-update-icon-cache
Possible Trojan - /usr/bin/gnomevfs-cat
Possible Trojan - /usr/bin/gnomevfs-copy
Possible Trojan - /usr/bin/gnomevfs-df
Possible Trojan - /usr/bin/gnomevfs-info
Possible Trojan - /usr/bin/gnomevfs-ls
Possible Trojan - /usr/bin/gnomevfs-mkdir
Possible Trojan - /usr/bin/gnomevfs-monitor
Possible Trojan - /usr/bin/gnomevfs-mv
Possible Trojan - /usr/bin/gnomevfs-rm
Possible Trojan - /usr/libexec/gnome-vfs-daemon
Possible Trojan - /usr/bin/gnome-about
Possible Trojan - /usr/bin/gs
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /sbin/dmeventd
Possible Trojan - /sbin/dmsetup
Possible Trojan - /sbin/dmsetup.static
Possible Trojan - /usr/bin/xmlcatalog
Possible Trojan - /usr/bin/xmllint
Possible Trojan - /usr/bin/makedb
Possible Trojan - /usr/bin/gconf-merge-tree
Possible Trojan - /usr/bin/gconftool-2
Possible Trojan - /usr/libexec/gconf-sanity-check-2
Possible Trojan - /usr/libexec/gconfd-2
Possible Trojan - /etc/cron.daily/logrotate
87 POSSIBLE Trojans Detected
Thanks.
 

nyjimbo

Well-Known Member
Jan 25, 2003
1,137
1
168
New York
Unfortunatly the "trojan" scanner tends to post many false positives. Most of those are probably perfectly fine, however even files with normal names in the normal locations and with correct time stamps can STILL be trojans. You really need to either spend more time in learning how to secure your server or hire a person who has good skills at it.

In the mean time, you should check the individual files for date stamps, ownerships and other things MANUALLY, but if you think you found something use a editor to just do a simple view
and see if some obvious code gives you a clue its a trojan. Many trojans have easily detectable language or help text inside them to give themselves up.

If your server does nightly "security" emails to you (o/s end of day backend process, aka "daily" or "nightly") be sure to make it your daily job to read it, EVERY SINGLE DAY for warnings or errors, usually that will clue you to special files that have been edited or replaced.
 

Cemtey

Well-Known Member
Aug 19, 2007
69
0
56
It's probably safe but any suggestions on virus scanners for linux servers?