CAESAR

Registered
Jan 18, 2007
3
0
151
Hi,

Scan for Trojan Horses results :

Possible Trojan - /usr/bin/dbiprof
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/psed
Possible Trojan - /usr/bin/pstruct
Possible Trojan - /usr/bin/s2p
Possible Trojan - /usr/bin/splain
Possible Trojan - /usr/bin/xsubpp
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/sbin/pureauth
Possible Trojan - /etc/cron.daily/logrotate


I'm not sure are those Trojan Horses?

I'd be so grateful if anyone helps.
 

LiNUxG0d

Well-Known Member
Jun 25, 2003
206
1
168
Gatineau, Quebec, Canada
Hey there,

Code:
-r-xr-xr-x 1 root root 6300 Nov 13 14:30 /usr/bin/dbiprof
-r-xr-xr-x 1 root root 11829 Nov 13 14:25 /usr/bin/cpan
-r-xr-xr-x 1 root root 4247 Nov 13 14:24 /usr/bin/instmodsh
-r-xr-xr-x 1 root root 7814 Feb 11 22:00 /usr/bin/prove
-rwxr-xr-x 2 root root 52997 Nov 13 14:22 /usr/bin/psed
-rwxr-xr-x 2 root root 36601 Nov 13 14:22 /usr/bin/pstruct
-rwxr-xr-x 2 root root 52997 Nov 13 14:22 /usr/bin/s2p
-rwxr-xr-x 1 root root 17366 Nov 13 14:22 /usr/bin/splain
-rwxr-xr-x 1 root root 51838 Nov 13 14:22 /usr/bin/xsubpp
-rwxr-xr-x 1 root root 32948 Nov 13 14:49 /usr/bin/mysqlhotcopy
-rwx------ 1 root root 10784 Apr  6 02:54 /usr/sbin/pureauth
-rwxr-xr-x 1 root root 219 Mar  5 00:42 /etc/cron.daily/logrotate
These are all valid across the board. The files exist on all my servers, and I don't assume that they are viral at all. They might open sockets/ports and so they are seen as Trojan in nature, but they aren't really. ;)

I wouldn't worry about them... unless my network is infected? ;)

Nahhhh. :)

Have a great day, let me know of any additional questions you may have.

Warmest regards,