The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Horses?

Discussion in 'General Discussion' started by CAESAR, Apr 10, 2008.

  1. CAESAR

    CAESAR Registered

    Joined:
    Jan 18, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    Scan for Trojan Horses results :

    Possible Trojan - /usr/bin/dbiprof
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/prove
    Possible Trojan - /usr/bin/psed
    Possible Trojan - /usr/bin/pstruct
    Possible Trojan - /usr/bin/s2p
    Possible Trojan - /usr/bin/splain
    Possible Trojan - /usr/bin/xsubpp
    Possible Trojan - /usr/bin/mysqlhotcopy
    Possible Trojan - /usr/sbin/pureauth
    Possible Trojan - /etc/cron.daily/logrotate


    I'm not sure are those Trojan Horses?

    I'd be so grateful if anyone helps.
     
  2. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gatineau, Quebec, Canada
    Hey there,

    Code:
    -r-xr-xr-x 1 root root 6300 Nov 13 14:30 /usr/bin/dbiprof
    -r-xr-xr-x 1 root root 11829 Nov 13 14:25 /usr/bin/cpan
    -r-xr-xr-x 1 root root 4247 Nov 13 14:24 /usr/bin/instmodsh
    -r-xr-xr-x 1 root root 7814 Feb 11 22:00 /usr/bin/prove
    -rwxr-xr-x 2 root root 52997 Nov 13 14:22 /usr/bin/psed
    -rwxr-xr-x 2 root root 36601 Nov 13 14:22 /usr/bin/pstruct
    -rwxr-xr-x 2 root root 52997 Nov 13 14:22 /usr/bin/s2p
    -rwxr-xr-x 1 root root 17366 Nov 13 14:22 /usr/bin/splain
    -rwxr-xr-x 1 root root 51838 Nov 13 14:22 /usr/bin/xsubpp
    -rwxr-xr-x 1 root root 32948 Nov 13 14:49 /usr/bin/mysqlhotcopy
    -rwx------ 1 root root 10784 Apr  6 02:54 /usr/sbin/pureauth
    -rwxr-xr-x 1 root root 219 Mar  5 00:42 /etc/cron.daily/logrotate
    
    These are all valid across the board. The files exist on all my servers, and I don't assume that they are viral at all. They might open sockets/ports and so they are seen as Trojan in nature, but they aren't really. ;)

    I wouldn't worry about them... unless my network is infected? ;)

    Nahhhh. :)

    Have a great day, let me know of any additional questions you may have.

    Warmest regards,
     

Share This Page