Results 1 to 4 of 4
  1. #1
    Join Date
    Jun 2008
    Posts
    100

    Exclamation Possible Trojans Detected, how to make sure and deal with it? ?

    Hi!
    Using the "Scan for Trojan Horses" on WHM Security option, i am getting:

    Appears Clean

    /dev/core
    /dev/stderr

    Scanning for Trojan Horses.....

    Possible Trojan - /usr/sbin/antirelayd
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/prove
    Possible Trojan - /etc/cron.daily/logrotate
    Possible Trojan - /usr/sbin/pureauth
    6 POSSIBLE Trojans Detected

    How can I make sure they are trojan or not,
    and what do you usually do to deal with it?

    Thanks!

  2. #2
    Join Date
    Mar 2009
    Location
    Israel
    Posts
    1,204
    check thier modification time, strings and strace thier PID.
    also, i recommend scanning with rkhunter + chkrootkit ( u need to login as root to do that ).
    beast5.com - Managed Hosting Solutions 2004 - 2016

  3. #3
    Join Date
    Jun 2008
    Posts
    100
    Quote Originally Posted by beastserv View Post
    check thier modification time, strings and strace thier PID.
    also, i recommend scanning with rkhunter + chkrootkit ( u need to login as root to do that ).
    Thanks for the reply, but since I new in admin
    can you point some tutorial how to do that?

    Thanks

  4. #4
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by filete View Post
    Hi!
    Using the "Scan for Trojan Horses" on WHM Security option, i am getting:

    Appears Clean

    /dev/core
    /dev/stderr

    Scanning for Trojan Horses.....

    Possible Trojan - /usr/sbin/antirelayd
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/prove
    Possible Trojan - /etc/cron.daily/logrotate
    Possible Trojan - /usr/sbin/pureauth
    6 POSSIBLE Trojans Detected

    How can I make sure they are trojan or not,
    and what do you usually do to deal with it?

    Thanks!

    its better to take your server daily backup for important directories like

    /etc/
    /var/www/
    /var/lib/mysql

    or others according to your requirement and when you do such scanning do compare the file which is present on your server with backup location file you can easily got the point what is changed, also setup proper firewall, and be sure that there is no ssh user other than your clients or setup.

Similar Threads

  1. 15 POSSIBLE Trojans Detected
    By fadisky in forum Hosting Security and Technology
    Replies: 15
    Last Post: 08-04-2007, 07:50 PM
  2. 7 POSSIBLE Trojans Detected
    By making in forum Hosting Security and Technology
    Replies: 3
    Last Post: 12-26-2005, 12:32 PM
  3. 9 Trojans Detected How to Get rid of them?
    By Energizer Bunny in forum Hosting Security and Technology
    Replies: 16
    Last Post: 10-09-2005, 11:32 PM
  4. 7 POSSIBLE Trojans Detected
    By EasyOne in forum Hosting Security and Technology
    Replies: 10
    Last Post: 04-11-2004, 12:39 PM
  5. 4 POSSIBLE Trojans Detected ! what now ?
    By blackmoont in forum Hosting Security and Technology
    Replies: 8
    Last Post: 10-31-2003, 10:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •