The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

slapper worm installed?

Discussion in 'General Discussion' started by Sheldon, Aug 18, 2004.

  1. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Checking `slapper'... Warning: Possible Slapper Worm installed

    where and how do I find or get rid of this?

    chkrootkit doesnt tell me where..

    Sheldon
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
  3. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Linux
    Run a full system scan using the ICAP Savcls.exe scanner that is included with Symantec Scan Engine 4.06 or later, and delete any files detected as Linux.Slapper.Worm.

    yeah ok but I dont have nortan.. sooooo?
     
  4. stuartcordery

    stuartcordery Registered

    Joined:
    Sep 2, 2002
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    From http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ELF_SLAPPER.A

     
  5. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    yes, again.. im not a trend micro customer...

    I dont have the program.... so im thinking my only alternative is to bring up a new box and move all the customers over, which is going to be a pain in the arse.
     
  6. StevenC

    StevenC Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    You probably had another script/executable on the box, such as eggdrop/psybnc/etc using the port slapper work uses which is common.
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I wasn't suggesting a Norton scan. The description says that removal is easy. All I was suggesting is that if you roll up your sleeves and do some digging you should be able to remove it. Good luck.
     
  8. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    well according to chkrootkit its not being detcted anymore sooo,, either ive been rooted and the files to chkrootkit altered to not detect it or somethings wack!

    oh and about removing the worm, I need info on the worms files/etc that it attacks and stores itself in or whatnot... without info I cant do dick all. :(

    Sheldon
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    In fact, another quick search suggested the following:

    http://www.f-secure.com/v-descs/slapper.shtml

    If you do some searching you'll surely find a solution.
     
  10. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    thanks.. your a godsend

    Havent had time to do google searches yet.. been to busy with other company managment related issues!
     
  11. StevenC

    StevenC Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    Did you even read my post?

    "You probably had another script/executable on the box, such as eggdrop/psybnc/etc using the port slapper work uses which is common."

    When ever a program uses the ports used by slapper then chkrootkit will false positive.
     
  12. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    yes but I wanted to make sure....

    Thanks for your reply and sorry for not saying thanks earlier!
     

Share This Page