The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Scanner issues

Discussion in 'General Discussion' started by Lestat, Feb 11, 2005.

  1. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    When I do a scan this is what is found
    Code:
    Appears Clean
    
    
    
    /dev/stderr
    
    
    
    Scanning for Trojan Horses.....
    Possible Trojan - /usr/bin/pcregrep
    Possible Trojan - /usr/bin/pcretest
    Possible Trojan - /usr/bin/clear
    Possible Trojan - /usr/bin/infocmp
    Possible Trojan - /usr/bin/tack
    Possible Trojan - /usr/bin/tic
    Possible Trojan - /usr/bin/toe
    Possible Trojan - /usr/bin/tput
    Possible Trojan - /usr/bin/tset
    Possible Trojan - /usr/sbin/dbconverter-2
    Possible Trojan - /usr/sbin/saslauthd
    Possible Trojan - /usr/sbin/sasldblistusers
    Possible Trojan - /usr/sbin/sasldblistusers2
    Possible Trojan - /usr/sbin/saslpasswd
    Possible Trojan - /usr/sbin/saslpasswd2
    Possible Trojan - /usr/sbin/testsaslauthd
    Possible Trojan - /usr/bin/artscat
    Possible Trojan - /usr/bin/artsd
    Possible Trojan - /usr/bin/artsplay
    Possible Trojan - /usr/bin/artsrec
    Possible Trojan - /usr/bin/artsshell
    Possible Trojan - /usr/bin/artswrapper
    Possible Trojan - /usr/bin/testdhandle
    Possible Trojan - /usr/bin/berkeley_db31_svc
    Possible Trojan - /usr/bin/berkeley_db32_svc
    Possible Trojan - /usr/bin/berkeley_db33_svc
    Possible Trojan - /usr/bin/berkeley_db40_svc
    Possible Trojan - /usr/bin/db1_dump185
    Possible Trojan - /usr/bin/db2_archive
    Possible Trojan - /usr/bin/db2_checkpoint
    Possible Trojan - /usr/bin/db2_deadlock
    Possible Trojan - /usr/bin/db2_dump
    Possible Trojan - /usr/bin/db2_load
    Possible Trojan - /usr/bin/db2_printlog
    Possible Trojan - /usr/bin/db2_recover
    Possible Trojan - /usr/bin/db2_stat
    Possible Trojan - /usr/bin/db31_archive
    Possible Trojan - /usr/bin/db31_checkpoint
    Possible Trojan - /usr/bin/db31_deadlock
    Possible Trojan - /usr/bin/db31_dump
    Possible Trojan - /usr/bin/db31_load
    Possible Trojan - /usr/bin/db31_printlog
    Possible Trojan - /usr/bin/db31_recover
    Possible Trojan - /usr/bin/db31_stat
    Possible Trojan - /usr/bin/db31_upgrade
    Possible Trojan - /usr/bin/db31_verify
    Possible Trojan - /usr/bin/db32_archive
    Possible Trojan - /usr/bin/db32_checkpoint
    Possible Trojan - /usr/bin/db32_deadlock
    Possible Trojan - /usr/bin/db32_dump
    Possible Trojan - /usr/bin/db32_load
    Possible Trojan - /usr/bin/db32_printlog
    Possible Trojan - /usr/bin/db32_recover
    Possible Trojan - /usr/bin/db32_stat
    Possible Trojan - /usr/bin/db32_upgrade
    Possible Trojan - /usr/bin/db32_verify
    Possible Trojan - /usr/bin/db33_archive
    Possible Trojan - /usr/bin/db33_checkpoint
    Possible Trojan - /usr/bin/db33_deadlock
    Possible Trojan - /usr/bin/db33_dump
    Possible Trojan - /usr/bin/db33_load
    Possible Trojan - /usr/bin/db33_printlog
    Possible Trojan - /usr/bin/db33_recover
    Possible Trojan - /usr/bin/db33_stat
    Possible Trojan - /usr/bin/db33_upgrade
    Possible Trojan - /usr/bin/db33_verify
    Possible Trojan - /usr/bin/db40_archive
    Possible Trojan - /usr/bin/db40_checkpoint
    Possible Trojan - /usr/bin/db40_deadlock
    Possible Trojan - /usr/bin/db40_dump
    Possible Trojan - /usr/bin/db40_load
    Possible Trojan - /usr/bin/db40_printlog
    Possible Trojan - /usr/bin/db40_recover
    Possible Trojan - /usr/bin/db40_stat
    Possible Trojan - /usr/bin/db40_upgrade
    Possible Trojan - /usr/bin/db40_verify
    Possible Trojan - /usr/bin/sa-learn
    Possible Trojan - /usr/bin/spamassassin
    Possible Trojan - /usr/bin/spamc
    Possible Trojan - /usr/bin/spamd
    Possible Trojan - /usr/bin/gij
    Possible Trojan - /usr/bin/gjar
    Possible Trojan - /usr/bin/grepjar
    Possible Trojan - /usr/bin/grmic
    Possible Trojan - /usr/bin/grmiregistry
    Possible Trojan - /usr/bin/jv-convert
    Possible Trojan - /usr/bin/dbiprof
    Possible Trojan - /usr/bin/ntlm_auth
    Possible Trojan - /usr/bin/pdbedit
    Possible Trojan - /usr/bin/profiles
    Possible Trojan - /usr/bin/smbcquotas
    Possible Trojan - /usr/bin/smbpasswd
    Possible Trojan - /usr/bin/testparm
    Possible Trojan - /usr/bin/testprns
    Possible Trojan - /usr/bin/wbinfo
    Possible Trojan - /usr/sbin/winbindd
    Possible Trojan - /usr/bin/artsmessage
    Possible Trojan - /usr/bin/cupsdconf
    Possible Trojan - /usr/bin/cupsdoprint
    Possible Trojan - /usr/bin/dcop
    Possible Trojan - /usr/bin/dcopclient
    Possible Trojan - /usr/bin/dcopfind
    Possible Trojan - /usr/bin/dcopobject
    Possible Trojan - /usr/bin/dcopref
    Possible Trojan - /usr/bin/dcopserver
    Possible Trojan - /usr/bin/dcopserver_shutdown
    Possible Trojan - /usr/bin/dcopstart
    Possible Trojan - /usr/bin/desktop-create-kmenu
    Possible Trojan - /usr/bin/kab2kabc
    Possible Trojan - /usr/bin/kaddprinterwizard
    Possible Trojan - /usr/bin/kbuildsycoca
    Possible Trojan - /usr/bin/kconf_update
    Possible Trojan - /usr/bin/kcookiejar
    Possible Trojan - /usr/bin/kde-config
    Possible Trojan - /usr/bin/kded
    Possible Trojan - /usr/bin/kdeinit
    Possible Trojan - /usr/bin/kdeinit_shutdown
    Possible Trojan - /usr/bin/kdeinit_wrapper
    Possible Trojan - /usr/bin/kdesu_stub
    Possible Trojan - /usr/bin/kdontchangethehostname
    Possible Trojan - /usr/bin/kfile
    Possible Trojan - /usr/bin/kimage_concat
    Possible Trojan - /usr/bin/kinstalltheme
    Possible Trojan - /usr/bin/kio_http_cache_cleaner
    Possible Trojan - /usr/bin/kio_uiserver
    Possible Trojan - /usr/bin/kioslave
    Possible Trojan - /usr/bin/klauncher
    Possible Trojan - /usr/bin/kmailservice
    Possible Trojan - /usr/bin/knotify
    Possible Trojan - /usr/bin/kpac_dhcp_helper
    Possible Trojan - /usr/bin/ksendbugmail
    Possible Trojan - /usr/bin/kshell
    Possible Trojan - /usr/bin/ksvgtopng
    Possible Trojan - /usr/bin/ktelnetservice
    Possible Trojan - /usr/bin/kwrapper
    Possible Trojan - /usr/bin/lnusertemp
    Possible Trojan - /usr/bin/make_driver_db_cups
    Possible Trojan - /usr/bin/make_driver_db_lpr
    Possible Trojan - /usr/bin/meinproc
    Possible Trojan - /usr/bin/xml2man
    Possible Trojan - /sbin/ldconfig
    Possible Trojan - /sbin/sln
    Possible Trojan - /usr/sbin/glibc_post_upgrade
    Possible Trojan - /usr/sbin/iconvconfig
    Possible Trojan - /sbin/pam_console_apply
    Possible Trojan - /sbin/pam_tally
    Possible Trojan - /sbin/pam_timestamp_check
    Possible Trojan - /sbin/pwdb_chkpwd
    Possible Trojan - /sbin/unix_chkpwd
    Possible Trojan - /usr/bin/lchfn
    Possible Trojan - /usr/bin/lchsh
    Possible Trojan - /usr/sbin/lchage
    Possible Trojan - /usr/sbin/lgroupadd
    Possible Trojan - /usr/sbin/lgroupdel
    Possible Trojan - /usr/sbin/lgroupmod
    Possible Trojan - /usr/sbin/lid
    Possible Trojan - /usr/sbin/lnewusers
    Possible Trojan - /usr/sbin/lpasswd
    Possible Trojan - /usr/sbin/luseradd
    Possible Trojan - /usr/sbin/luserdel
    
     
  2. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    Continued:
    Code:
    Possible Trojan - /usr/sbin/lusermod
    Possible Trojan - /usr/bin/hesinfo
    Possible Trojan - /usr/bin/cjpeg
    Possible Trojan - /usr/bin/djpeg
    Possible Trojan - /usr/bin/jpegtran
    Possible Trojan - /usr/bin/rdjpgcom
    Possible Trojan - /usr/bin/wrjpgcom
    Possible Trojan - /usr/sbin/lockdev
    Possible Trojan - /usr/sbin/safe_finger
    Possible Trojan - /usr/sbin/tcpd
    Possible Trojan - /usr/sbin/try-from
    Possible Trojan - /usr/bin/fc-cache
    Possible Trojan - /usr/bin/fc-list
    Possible Trojan - /usr/bin/xmlcatalog
    Possible Trojan - /usr/bin/xmllint
    Possible Trojan - /usr/bin/makedb
    Possible Trojan - /usr/sbin/utempter
    Possible Trojan - /usr/bin/xsltproc
    Possible Trojan - /usr/bin/bdfindex
    Possible Trojan - /usr/bin/disol
    Possible Trojan - /usr/bin/fmtest
    Possible Trojan - /usr/bin/fwindex
    Possible Trojan - /usr/bin/kban
    Possible Trojan - /usr/bin/ktest
    Possible Trojan - /usr/bin/ttindex
    Possible Trojan - /usr/bin/vfperf
    Possible Trojan - /usr/bin/vftest
    Possible Trojan - /usr/bin/gs
    Possible Trojan - /usr/bin/ijsgimpprint
    Possible Trojan - /usr/sbin/execcap
    Possible Trojan - /usr/sbin/getpcaps
    Possible Trojan - /usr/sbin/setpcaps
    Possible Trojan - /usr/sbin/sucap
    Possible Trojan - /usr/bin/sfconvert
    Possible Trojan - /usr/bin/sfinfo
    Possible Trojan - /usr/bin/esd
    Possible Trojan - /usr/bin/esdcat
    Possible Trojan - /usr/bin/esdctl
    Possible Trojan - /usr/bin/esdfilt
    Possible Trojan - /usr/bin/esdloop
    Possible Trojan - /usr/bin/esdmon
    Possible Trojan - /usr/bin/esdplay
    Possible Trojan - /usr/bin/esdrec
    Possible Trojan - /usr/bin/esdsample
    Possible Trojan - /usr/bin/gtk-demo
    Possible Trojan - /usr/bin/gconftool-2
    Possible Trojan - /usr/libexec/gconf-sanity-check-2
    Possible Trojan - /usr/libexec/gconfd-2
    Possible Trojan - /usr/libexec/redhat-credits
    Possible Trojan - /usr/bin/fam
    Possible Trojan - /usr/bin/onsgmls
    Possible Trojan - /usr/bin/openjade
    Possible Trojan - /usr/bin/osgmlnorm
    Possible Trojan - /usr/bin/ospam
    Possible Trojan - /usr/bin/ospent
    Possible Trojan - /usr/bin/osx
    Possible Trojan - /usr/bin/name-client
    Possible Trojan - /usr/bin/orbit-event-server
    Possible Trojan - /usr/bin/orbit-ird
    Possible Trojan - /usr/bin/orbit-name-server
    Possible Trojan - /usr/sbin/libgcc_post_upgrade
    Possible Trojan - /usr/bin/fax2ps
    Possible Trojan - /usr/bin/fax2tiff
    Possible Trojan - /usr/bin/gif2tiff
    Possible Trojan - /usr/bin/pal2rgb
    Possible Trojan - /usr/bin/ppm2tiff
    Possible Trojan - /usr/bin/ras2tiff
    Possible Trojan - /usr/bin/rgb2ycbcr
    Possible Trojan - /usr/bin/thumbnail
    Possible Trojan - /usr/bin/tiff2bw
    Possible Trojan - /usr/bin/tiff2ps
    Possible Trojan - /usr/bin/tiff2rgba
    Possible Trojan - /usr/bin/tiffcmp
    Possible Trojan - /usr/bin/tiffcp
    Possible Trojan - /usr/bin/tiffdither
    Possible Trojan - /usr/bin/tiffdump
    Possible Trojan - /usr/bin/tiffinfo
    Possible Trojan - /usr/bin/tiffmedian
    Possible Trojan - /usr/bin/tiffset
    Possible Trojan - /usr/bin/tiffsplit
    Possible Trojan - /usr/X11R6/bin/cxpm
    Possible Trojan - /usr/X11R6/bin/imake
    Possible Trojan - /usr/X11R6/bin/makedepend
    Possible Trojan - /usr/X11R6/bin/pswrap
    Possible Trojan - /usr/X11R6/bin/rman
    Possible Trojan - /usr/X11R6/bin/sxpm
    Possible Trojan - /usr/bin/appletproxy
    Possible Trojan - /usr/bin/chooser
    Possible Trojan - /usr/bin/desktopconv
    Possible Trojan - /usr/bin/drkonqi
    Possible Trojan - /usr/bin/extensionproxy
    Possible Trojan - /usr/bin/kaccess
    Possible Trojan - /usr/bin/kate
    Possible Trojan - /usr/bin/kblankscrn.kss
    Possible Trojan - /usr/bin/kcheckpass
    Possible Trojan - /usr/bin/kcminit
    Possible Trojan - /usr/bin/kcmshell
    Possible Trojan - /usr/bin/kcontrol
    Possible Trojan - /usr/bin/kdcop
    Possible Trojan - /usr/bin/kdebugdialog
    Possible Trojan - /usr/bin/kdeprintfax
    Possible Trojan - /usr/bin/kdesktop
    Possible Trojan - /usr/bin/kdesktop_lock
    Possible Trojan - /usr/bin/kdesu
    Possible Trojan - /usr/bin/kdesud
    Possible Trojan - /usr/bin/kdialog
    Possible Trojan - /usr/bin/kdm
    Possible Trojan - /usr/bin/kdm_config
    Possible Trojan - /usr/bin/kdm_greet
    Possible Trojan - /usr/bin/keditbookmarks
    Possible Trojan - /usr/bin/keditfiletype
    Possible Trojan - /usr/bin/kfind
    Possible Trojan - /usr/bin/kfmclient
    Possible Trojan - /usr/bin/kfmexec
    Possible Trojan - /usr/bin/khelpcenter
    Possible Trojan - /usr/bin/khotkeys
    Possible Trojan - /usr/bin/kicker
    Possible Trojan - /usr/bin/kio_devices_mounthelper
    Possible Trojan - /usr/bin/kjobviewer
    Possible Trojan - /usr/bin/klipper
    Possible Trojan - /usr/bin/klocaldomainurifilterhelper
    Possible Trojan - /usr/bin/kmenuedit
    Possible Trojan - /usr/bin/konqueror
    Possible Trojan - /usr/bin/konsole
    Possible Trojan - /usr/bin/konsole_grantpty
    Possible Trojan - /usr/bin/kpager
    Possible Trojan - /usr/bin/kpersonalizer
    
     
  3. Lestat

    Lestat Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    16
    continued:

    Code:
    Possible Trojan - /usr/bin/kpm
    Possible Trojan - /usr/bin/kprinter
    Possible Trojan - /usr/bin/krandom.kss
    Possible Trojan - /usr/bin/krandrtray
    Possible Trojan - /usr/bin/kreadconfig
    Possible Trojan - /usr/bin/krootimage
    Possible Trojan - /usr/bin/ksmserver
    Possible Trojan - /usr/bin/ksplash
    Possible Trojan - /usr/bin/kstart
    Possible Trojan - /usr/bin/ksysguard
    Possible Trojan - /usr/bin/ksysguardd
    Possible Trojan - /usr/bin/ksystraycmd
    Possible Trojan - /usr/bin/ktip
    Possible Trojan - /usr/bin/kwebdesktop
    Possible Trojan - /usr/bin/kwin
    Possible Trojan - /usr/bin/kwmtheme
    Possible Trojan - /usr/bin/kwrite
    Possible Trojan - /usr/bin/kwrited
    Possible Trojan - /usr/bin/kxkb
    Possible Trojan - /usr/bin/mailsettings
    Possible Trojan - /usr/bin/nspluginscan
    Possible Trojan - /usr/bin/nspluginviewer
    Possible Trojan - /sbin/badblocks
    Possible Trojan - /sbin/debugfs
    Possible Trojan - /sbin/dumpe2fs
    Possible Trojan - /sbin/e2fsck
    Possible Trojan - /sbin/e2image
    Possible Trojan - /sbin/e2label
    Possible Trojan - /sbin/findfs
    Possible Trojan - /sbin/fsck
    Possible Trojan - /sbin/fsck.ext2
    Possible Trojan - /sbin/fsck.ext3
    Possible Trojan - /sbin/mke2fs
    Possible Trojan - /sbin/mkfs.ext2
    Possible Trojan - /sbin/mkfs.ext3
    Possible Trojan - /sbin/resize2fs
    Possible Trojan - /sbin/tune2fs
    Possible Trojan - /usr/bin/chattr
    Possible Trojan - /usr/bin/lsattr
    Possible Trojan - /usr/bin/uuidgen
    Possible Trojan - /usr/sbin/mklost+found
    Possible Trojan - /usr/bin/whiptail
    Possible Trojan - /usr/bin/gpm-root
    Possible Trojan - /usr/bin/hltest
    Possible Trojan - /usr/bin/mev
    Possible Trojan - /usr/sbin/gpm
    Possible Trojan - /usr/bin/openssl
    Possible Trojan - /usr/bin/tclsh8.3
    Possible Trojan - /usr/bin/wish8.3
    Possible Trojan - /usr/bin/curl
    Possible Trojan - /usr/bin/animate
    Possible Trojan - /usr/bin/composite
    Possible Trojan - /usr/bin/conjure
    Possible Trojan - /usr/bin/convert
    Possible Trojan - /usr/bin/display
    Possible Trojan - /usr/bin/identify
    Possible Trojan - /usr/bin/import
    Possible Trojan - /usr/bin/mogrify
    Possible Trojan - /usr/bin/montage
    Possible Trojan - /usr/bin/dltest
    Possible Trojan - /usr/bin/isql
    Possible Trojan - /usr/bin/iusql
    Possible Trojan - /usr/bin/odbcinst
    Possible Trojan - /usr/bin/pear
    Possible Trojan - /usr/bin/smbcontrol
    Possible Trojan - /usr/bin/smbstatus
    Possible Trojan - /usr/bin/tdbbackup
    Possible Trojan - /usr/bin/tdbdump
    Possible Trojan - /usr/bin/tdbtool
    Possible Trojan - /usr/sbin/nmbd
    Possible Trojan - /usr/sbin/smbd
    Possible Trojan - /usr/bin/aspell
    Possible Trojan - /usr/bin/word-list-compress
    
    360 POSSIBLE Trojans Detected
    

    Why so many? What is safe to remove? How how should I go about removing?
     
  4. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    The cPanel trojan scanner is most likely VERY out of date.

    www.rootkit.nl

    Download rkhunter and run it. It is kept up to date and will tell you if anything is actually a "trojan". :cool:
     
Loading...

Share This Page