1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Help with "chkrootkit" info?

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by DanijelD, Oct 4, 2012.

  1. DanijelD

    DanijelD Basic Pleskian

    19
    35%
    Joined:
    May 13, 2010
    Messages:
    68
    Likes Received:
    0
    My CentOS 5.3 running Plesk 9.5.4 has been hacked.

    I need help decoding the following "chkrootkit" scan info:

    "Possible t0rn v8 \(or variation\) rootkit installed

    /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Text/Iconv/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/HTML-Tree/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Font/AFM/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/MLDBM/Sync/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/MLDBM/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/FreezeThaw/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Apache/ASP/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/HTML-Format/.packlist /usr/lib/gtk-2.0/immodules/.relocation-tag /usr/lib/python2.4/plat-linux2/.relocation-tag /usr/lib/python2.4/distutils/.relocation-tag /usr/lib/python2.4/config/.relocation-tag /lib/.libcrypto.so.0.9.8e.hmac /lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac /lib/.libcrypto.so.6.hmac

    Warning: Possible Showtee Rootkit installed
    /usr/include/file.h /usr/include/proc.h
    Warning: `//root/.mysql_history' file size is zero
    INFECTED (PORTS: 465)
    You have 61 process hidden for readdir command
    You have 62 process hidden for ps command
    chkproc: Warning: Possible LKM Trojan installed
    The tty of the following user process(es) were not found
    in /var/run/utmp !
    ! RUID PID TTY CMD
    ! root 3040 tty2 /sbin/mingetty tty2
    ! root 3041 tty3 /sbin/mingetty tty3
    ! root 3042 tty4 /sbin/mingetty tty4
    ! root 3043 tty5 /sbin/mingetty tty5
    ! root 3046 tty6 /sbin/mingetty tty6"
     
Loading...