Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Trojan Horses Detected

Discussion in 'General Discussion' started by davidmxs, Jul 2, 2003.

  1. davidmxs

    davidmxs Member

    Joined:
    Dec 28, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    151
    Hello,

    I received this mail from my server:


    Hidden Pid detected! [pid 27730]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/share/locale/en/.rockmeamadeus/sk]


    I deleted the directory .rockmeamadeus but I do not know if my system was compromised. What should I do?

    Thanks for your help !

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    166
    You should have kept a copy of the binary/source to see what was inside. You should also look in your tmp directory for any rogue files.

    Since crackers usually install additional backdoors, change system binaries, etc. You should consider a format & reinstall on that machine and then lock it down correctly.

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Similar Threads - Trojan Horses Detected
  1. alexweb
    Replies:
    4
    Views:
    470
  2. nightownl
    Replies:
    2
    Views:
    460

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice