I have recently receive quite a number of mails from myself without "subject" header, but found that it is from different IP and asking me to advertise with http://www.emailadvertisinginc.com/. I believed the IP are spoof and as such I did a trogan scanning and found the following in my Cpanel VPS:
" Possible Trojan - /usr/bin/xmlcatalog Possible Trojan - /usr/bin/xmllint Possible Trojan - /usr/bin/xsltproc Possible Trojan - /usr/bin/cpan Possible Trojan - /usr/bin/instmodsh Possible Trojan - /usr/bin/prove Possible Trojan - /usr/bin/pstruct Possible Trojan - /usr/bin/splain Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so Possible Trojan - /usr/bin/curl Possible Trojan - /usr/lib/libcurl.so.3.0.0 Possible Trojan - /etc/rc.d/init.d/postgresql 13 POSSIBLE Trojans Detected"
I'm new in VPS and not sure if these are real trojan and how can I remove them? Can I just "delete" them?
So, is there any way I can "stop" receiving email from myself? Now, I have turn on Boxtrapper and i still receiving it cos I put "myself' as white list (I need that so that I can see the log that generated from my server if something is worng)
BTW, thanks for highlighting those processes. So, only left is "/usr/bin/xmllint" not sure if this is trojan.