Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2002
    Location
    Melbourne
    Posts
    217

    Possible Trojan?

    Hi all, i was just wondering if any one could give me some info on this, i use the Scan for Possible Trojan Horses feature in WHM and got these results

    Scanning for Trojan Horses.....
    .
    .
    Possible Trojan - /usr/bin/a2p
    Possible Trojan - /usr/bin/perl
    Possible Trojan - /usr/bin/perl5.6.1
    Possible Trojan - /usr/bin/perlbug
    Possible Trojan - /usr/lib/libexpat.so.0.1.0
    Possible Trojan - /usr/bin/GET
    Possible Trojan - /usr/bin/HEAD
    Possible Trojan - /usr/bin/POST
    Possible Trojan - /usr/bin/lwp-download
    Possible Trojan - /usr/bin/lwp-mirror
    Possible Trojan - /usr/bin/lwp-request
    Possible Trojan - /usr/bin/lwp-rget
    Possible Trojan - /usr/sbin/imapd
    Possible Trojan - /usr/bin/gd2copypal
    Possible Trojan - /usr/bin/gd2topng
    Possible Trojan - /usr/bin/gdparttopng
    Possible Trojan - /usr/bin/gdtopng
    Possible Trojan - /usr/bin/pngtogd
    Possible Trojan - /usr/bin/pngtogd2
    Possible Trojan - /usr/bin/webpng
    Possible Trojan - /usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe

    is this normal?

  2. #2
    Dunno, but those files wouldn't be my first candidates to trojan. Usually trojan files target system binaries...

    I'd do a "strings filename" on those and look for things like /bin/sh in them (which would indicate shell backdoors).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •