The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

report scan trojans with whm

Discussion in 'General Discussion' started by hostsky, Feb 23, 2006.

  1. hostsky

    hostsky Member

    Joined:
    Dec 30, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    this is the report scan trojans with whm panel


    Appears Clean



    /dev/core
    /dev/stderr



    Scanning for Trojan Horses.....

    Possible Trojan - /usr/bin/pear
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/glib-genmarshal
    .

    Possible Trojan - /usr/bin/glib-gettextize
    .

    Possible Trojan - /usr/bin/glib-mkenums
    .

    Possible Trojan - /usr/bin/gobject-query
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/xml2-config
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/lib/libxml2.la
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/openssl
    .

    Possible Trojan - /usr/bin/curl-config
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/xsltproc
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la
    .

    Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/curl
    .

    Possible Trojan - /usr/lib/libcurl.so.3.0.0
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/cpan
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/bin/pstruct
    .
    .

    Possible Trojan - /usr/bin/splain
    .
    .
    .
    .

    Possible Trojan - /usr/bin/xmlcatalog
    .

    Possible Trojan - /usr/bin/xmllint
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    19 POSSIBLE Trojans Detected
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you search the forums, you'll see that that feature is next to worthless. You're much better off installing and running the likes of chkrootkit and rkhunter (search about them) if you want to check for rootkits on your server.
     
  3. WestBend

    WestBend Well-Known Member

    Joined:
    Oct 12, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    I wish they would remove that %^%%%^#$.. reminds me of my first WHM run server.. i panicked when I saw that lol
     
  4. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    I sure would like to see cPanel update their trojan scan function too.

    I see this as something that would be increasingly useful, especially in the light of how chkrootkit is really old anyway, and rkhunter hasn't been updated in a long while (a year perhaps?)
     
  5. rafaelgp

    rafaelgp Member

    Joined:
    Aug 7, 2006
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    hmm,

    i thought that this advises were real, than i installed rkhunter but i found anything.

    it is going to be fixed in the next cpanel's updates?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's not actually broken. It's reporting inconsistencies in the rpm database and the actual files on disk using rpm -V, however, it is a flawed presumption that just because a file has changed it might be a trojan. It might be, but more than likely it's not.
     
Loading...

Share This Page