The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible trojans - Which one are and which one aren't?

Discussion in 'General Discussion' started by Cemtey, Mar 18, 2008.

  1. Cemtey

    Cemtey Well-Known Member

    Joined:
    Aug 19, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Well I have following output of security scan and would like to know if there is some threat of virus in my system or not.
    If someone notices trojan could post how to remove it?

    Code:
     Main >> Security >> Scan for Trojan Horses
    Scan for Trojan Horses
    Appears Clean
    /dev/core
    /dev/stderr
    Scanning for Trojan Horses.....
    Possible Trojan - /usr/bin/aspell
    Possible Trojan - /usr/bin/prezip-bin
    Possible Trojan - /usr/bin/word-list-compress
    Possible Trojan - /sbin/parted
    Possible Trojan - /sbin/partprobe
    Possible Trojan - /usr/libexec/gnome_segv2
    Possible Trojan - /usr/bin/rsvg-convert
    Possible Trojan - /usr/bin/rsvg-view
    Possible Trojan - /usr/sbin/pureauth
    Possible Trojan - /usr/bin/ptar
    Possible Trojan - /usr/bin/gnome-desktop-item-edit
    Possible Trojan - /usr/bin/gnome-panel
    Possible Trojan - /usr/bin/panel-test-applets
    Possible Trojan - /usr/libexec/clock-applet
    Possible Trojan - /usr/libexec/fish-applet-2
    Possible Trojan - /usr/libexec/notification-area-applet
    Possible Trojan - /usr/libexec/wnck-applet
    Possible Trojan - /usr/bin/gsf-office-thumbnailer
    Possible Trojan - /sbin/ldconfig
    Possible Trojan - /sbin/sln
    Possible Trojan - /usr/sbin/iconvconfig
    Possible Trojan - /usr/bin/xml2-config
    Possible Trojan - /sbin/cryptsetup
    Possible Trojan - /sbin/grubby
    Possible Trojan - /usr/bin/sa-learn
    Possible Trojan - /usr/bin/sa-update
    Possible Trojan - /usr/bin/spamassassin
    Possible Trojan - /usr/bin/spamc
    Possible Trojan - /usr/bin/spamd
    Possible Trojan - /usr/bin/gnome-open
    Possible Trojan - /usr/libexec/camel-index-control-1.2
    Possible Trojan - /usr/libexec/camel-lock-helper-1.2
    Possible Trojan - /usr/libexec/evolution-data-server-1.8
    Possible Trojan - /usr/bin/gnome-pilot-make-password
    Possible Trojan - /usr/bin/gpilot-install-file
    Possible Trojan - /usr/bin/gpilotd-control-applet
    Possible Trojan - /usr/bin/gpilotd-session-wrapper
    Possible Trojan - /usr/libexec/gpilot-applet
    Possible Trojan - /usr/libexec/gpilotd
    Possible Trojan - /usr/bin/animate
    Possible Trojan - /usr/bin/compare
    Possible Trojan - /usr/bin/composite
    Possible Trojan - /usr/bin/conjure
    Possible Trojan - /usr/bin/convert
    Possible Trojan - /usr/bin/display
    Possible Trojan - /usr/bin/identify
    Possible Trojan - /usr/bin/import
    Possible Trojan - /usr/bin/mogrify
    Possible Trojan - /usr/bin/montage
    Possible Trojan - /usr/bin/xml2-config
    Possible Trojan - /usr/sbin/libgcc_post_upgrade
    Possible Trojan - /usr/sbin/avcstat
    Possible Trojan - /usr/sbin/getenforce
    Possible Trojan - /usr/sbin/getsebool
    Possible Trojan - /usr/sbin/matchpathcon
    Possible Trojan - /usr/sbin/selinuxenabled
    Possible Trojan - /usr/sbin/setenforce
    Possible Trojan - /usr/sbin/togglesebool
    Possible Trojan - /usr/bin/gtk-demo
    Possible Trojan - /usr/bin/gtk-update-icon-cache
    Possible Trojan - /usr/bin/gnomevfs-cat
    Possible Trojan - /usr/bin/gnomevfs-copy
    Possible Trojan - /usr/bin/gnomevfs-df
    Possible Trojan - /usr/bin/gnomevfs-info
    Possible Trojan - /usr/bin/gnomevfs-ls
    Possible Trojan - /usr/bin/gnomevfs-mkdir
    Possible Trojan - /usr/bin/gnomevfs-monitor
    Possible Trojan - /usr/bin/gnomevfs-mv
    Possible Trojan - /usr/bin/gnomevfs-rm
    Possible Trojan - /usr/libexec/gnome-vfs-daemon
    Possible Trojan - /usr/bin/gnome-about
    Possible Trojan - /usr/bin/gs
    Possible Trojan - /usr/bin/mysqlhotcopy
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/prove
    Possible Trojan - /sbin/dmeventd
    Possible Trojan - /sbin/dmsetup
    Possible Trojan - /sbin/dmsetup.static
    Possible Trojan - /usr/bin/xmlcatalog
    Possible Trojan - /usr/bin/xmllint
    Possible Trojan - /usr/bin/makedb
    Possible Trojan - /usr/bin/gconf-merge-tree
    Possible Trojan - /usr/bin/gconftool-2
    Possible Trojan - /usr/libexec/gconf-sanity-check-2
    Possible Trojan - /usr/libexec/gconfd-2
    Possible Trojan - /etc/cron.daily/logrotate
    87 POSSIBLE Trojans Detected
    Thanks.
     
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Unfortunatly the "trojan" scanner tends to post many false positives. Most of those are probably perfectly fine, however even files with normal names in the normal locations and with correct time stamps can STILL be trojans. You really need to either spend more time in learning how to secure your server or hire a person who has good skills at it.

    In the mean time, you should check the individual files for date stamps, ownerships and other things MANUALLY, but if you think you found something use a editor to just do a simple view
    and see if some obvious code gives you a clue its a trojan. Many trojans have easily detectable language or help text inside them to give themselves up.

    If your server does nightly "security" emails to you (o/s end of day backend process, aka "daily" or "nightly") be sure to make it your daily job to read it, EVERY SINGLE DAY for warnings or errors, usually that will clue you to special files that have been edited or replaced.
     
  3. Cemtey

    Cemtey Well-Known Member

    Joined:
    Aug 19, 2007
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    It's probably safe but any suggestions on virus scanners for linux servers?
     
Loading...

Share This Page