/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
What is the mining of following lines in temp folder. If i have been check daily /tmp folder
many /tmp/clamav are presented in mail server, and occupied the large amount of space in temp folder
/tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
/tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND
/tmp/malware.zip: Infected.Archive FOUND
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Svchost.exe Found In C:WindowsDriver Directory
I have found svchost.exe file in a number of Windows 2003 and a Windows 2008 RC1 server. This file does not seem to be normal as it was found in the C:WindowsDriver directory. As far as I know, the svchost.exe file should be only in the C:WindowsSystem32 directory. Can anybody let me know what kind of virus/trojan is it and what can be done to remove this?
View Replies!
View Related
Getfile: Can't Write 1448 Bytes To /usr/share/clamav/clamav-917a563483a6171fe02eac005
I can't update Clamav. root@constan [~]# freshclam sda1: write failed, user block limit reached. ClamAV update process started at Sun Jul 26 15:56:52 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.95.1 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq ERROR: chdir_tmp: Can't create directory ./clamav-1cb832b46c1c20fe798628ebf3ddf422 WARNING: Incremental update failed, trying to download main.cvd getfile: Can't write 1448 bytes to /usr/share/clamav/clamav-917a563483a6171fe02eac0059852cbe WARNING: Can't download main.cvd from database.clamav.net
View Replies!
View Related
How Can Secure /tmp /var/tmp In OpenVZ VPS ?
recently I got a VPS from cheapvps.co.uk and so far so good. Im getting used to the VPS enviroment. I tried to follow several guides about how to secure with noexec and nosuid the /tmp and /var/tmp and it did not work. in http : / / www . webhostingtalk .com/showthread.php?t=474681&highlight=tmp points it must be done from the hosting. Same is said in http : // kb . swsoft . com/article_130_648_en.html. I asked the hosting to do it and they told me as I got an Unmanaged VPS they cant do it for me. Do anyone know how can be done ? I dont want to use tmpfs as it uses main memory.
View Replies!
View Related
V5.exe
i am troubled that something called v5.exe keeps trying to access my computer. it always shows up in zone alarm. i disable it and nothing bad happens so it must not be that important. but, what is it? ive googled it and i cant get a definite answer.
View Replies!
View Related
Starting An .Exe
(windows Sever) I have FreeProxy Control center (freeproxy.exe) w w w handcraftedsoftware o r g The problem is I recently got my Deiticated reformated.. and now every time i run it it says "Run-time error; "9" Subscript out of range, but it ust to work before they reformated it. And when i install it on my home pc or any other pc it works fine... I dont understand whats wrong or how you fix it... Other Exe's work fine ive also added it to Exmeptions, This is the only Program i can find that will do run mutiable Proxys off a deicated with mutiable Ips -.-
View Replies!
View Related
Svchost.exe
how many of these do i have to be running at one time! right now there are 7 of them! 4 are SYSTEM 1 is local service 1 is network service ok now there are just 5....
View Replies!
View Related
W3wp.exe
i have win 2003 server with iis6 server performance shwo that w3wp.exe use 765.502 k from memory in the normal use 97 or 90k i was read about thes problem and i fined Relationship between thes problem and web sites use asp.net i have a lot of web sites use asp.net tool help me to fined thes web site?
View Replies!
View Related
Unusual Exe File
I would like to an inspect an trojan. I found unusual exe file in my home computer. However i have formated my home pc and reinstalled the window. But i kept the .exe, I would like to test exe in vmware to see what exactly it does. What would you recommend me to sniff traffic and see what is that all about?
View Replies!
View Related
Hosting An Exe File
I host my own website with windows server 2003, and no-ip, and it is called thinkjoke.servemp3.com. I want people to be able to download an exe file. How do I configure this?
View Replies!
View Related
Inetinfo.exe Hog
I enabled my SMTP Server on IIS and i see inetinfo.exe using up alot of my resources is there a way to lessen this, or is there an alternative to a smtp server that uses less resources?
View Replies!
View Related
Named.exe And Plesk 7
Can I disable named.exe on Windows 2003 with Plesk or not? It gives these errors all the time: >not listening on any interfaces >creating IPv4 interface TCP/IP Interface 5 failed; interface ignored >could not listen on UDP socket: permission denied Assuming that all my sites are running fine, then there must be something else using those ports instead of named.exe? Or am I wrong?
View Replies!
View Related
Services.exe 100% CPU Usage
I have a Gbit server, Windows 2003 as the OS. The server is primarily an FTP server, however once or twice a week I use it as a HTTP server as well. During both FTP and HTTP usage the bandwidth usage is between 80-150 Mbits. However the server just becomes unstable if too much bandwidth is pushed out. CPU usage is normally below 10% However when the server becomes unstable services.exe maxes out one CPU core. when that happens the server can barely push out 1-2 Mbits. There are no blue screens or error reports, the only thing that is affected is the network side of things. Initially I thought it was a problem with IIS, so I tried Apache instead but same problem. Even without the FTP server, if traffic goes too high with HTTP the server just crumbles. Specs are as follows : Core2duo 1.86 Ghz 2 GB RAM (Nearly always 1 GB free) Windows 2003 Ent Edition
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
LKM Trojan?
I just installed a fresh copy of centos 4.5, updated some programs and installed chkrootkit. When i run # ./chkproc, it shows the following output: # ./chkproc You have 14 process hidden for readdir command You have 14 process hidden for ps command Searching for LKM trojans shows the following output: # ./chkrootkit -x lkm EXE 9994: /usr/sbin/named CWD 9995: /var/named EXE 9995: /usr/sbin/named CWD 9996: /var/named EXE 9996: /usr/sbin/named CWD 9997: /var/named EXE 9997: /usr/sbin/named CWD 9998: /var/named EXE 9998: /usr/sbin/named CWD 26293: /var/lib/mysql EXE 26293: /usr/sbin/mysqld CWD 26294: /var/lib/mysql EXE 26294: /usr/sbin/mysqld CWD 26295: /var/lib/mysql EXE 26295: /usr/sbin/mysqld CWD 26296: /var/lib/mysql EXE 26296: /usr/sbin/mysqld CWD 26297: /var/lib/mysql EXE 26297: /usr/sbin/mysqld CWD 26298: /var/lib/mysql EXE 26298: /usr/sbin/mysqld CWD 26299: /var/lib/mysql EXE 26299: /usr/sbin/mysqld CWD 26300: /var/lib/mysql EXE 26300: /usr/sbin/mysqld When i stop mysql and named, and run # ./chkrootkit -x lkm again, it doesn't show anything. When i turn mysql and named back on, it starts complaining about compromises again. Can it be a false alarm, or should i really be worried? What do you advise me to do now?
View Replies!
View Related
DOS/Cmd.exe Command To Delete Subdir
and its file. i tried del c: emp*.* but that didn't work and if i try rmdir c emp, it removed c: emp directory or maybe i'm not looking hard enough. basically i want to copy a folder with many subdirectory under it, zip it up the folder and delete all the subfolder and the files in the subfolder but not the parent folder where it store all temp data. i already got xcopy and zipping work but i can't seem to figure out how to remove all the folder inside the parent folder without deleting the parent folder. i'm creating a batch file to run this task.
View Replies!
View Related
Trojan-Downloader.JS.Psyme.hz
I have an hosting account at OXEO.com and I have trojan problems on all my websites The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz I checked my websites on Google and Google is warning users for this kind of problems for one of my websites Does anybody here has experienced the same problem?
View Replies!
View Related
How-to - Rootkit Scan (trojan Etc)
What is a rootkit? The following link is a very good read to answer that question. http://linux.oreillynet.com/pub/a/li...4/rootkit.html In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server. Usage: 1. su - (change to root user) 2. mkdir /usr/local/chkrootkit 3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 4. tar -xvzf chkrootkit.tar.gz 5. cd chkrootkit* 6. cp * /usr/local/chkrootkit 7. cd /usr/local/chkrootkit 8. make sense Now scan your system: 1. cd /usr/local/chkrootkit 2. ./chkrootkit chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct. Part 2 - automated chkrootkit, and emailed results. I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results. Usage: 1. vi /etc/cron.daily/chkrootkit 2. add the following code. Code: #!/bin/bash (cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com) 3. chmod 0755 /etc/cron.daily/chkrootkit This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits. Removal: If you don't like getting the emails or just want to remove this from your server: 1. rm /etc/cron.daily/chkrootkit 2. rm -rf /usr/local/chkrootkit All files will now be deleted from your server.
View Replies!
View Related
15 POSSIBLE Trojan Detected WHM
i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment ) and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected How i can solve this ?? and remove this trojans .
View Replies!
View Related
PHP.Backdoor.Trojan
As usually I do monthly scan to all files on my site,today I download all backup site into my PC,then scanning them using Norton Antivirus and on one site files Norton detected PHP.Backdoor.Trojan. I take a look file location and found current file with name xTgsj78Jn.txt Then I go to my server where site hosted,and i go to the directory and found file above stay on there,I try many time to delete it but always get an error message "Permission denied",I try to change permission but always returned an error. When deleted it i use command rm -r with root access,then I do ls -l and found details file like below. -rwxrwxrwx 1 nobody nobody 137787 Mar 19 20:14 xTgsj78Jn.txt* Please help me to delete this file. FYI this file uploaded to my hosting file site.
View Replies!
View Related
Possible Trojan List By WHM - Do I Need To Worry?
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here: Scan for Trojan Horses Appears Clean /dev/stderr Scanning for Trojan Horses..... Possible Trojan - /usr/bin/cpan Possible Trojan - /usr/bin/instmodsh Possible Trojan - /usr/bin/prove Possible Trojan - /usr/bin/xmlcatalog Possible Trojan - /usr/bin/xmllint Possible Trojan - /usr/bin/xml2-config Possible Trojan - /usr/lib/libxml2.la Possible Trojan - /usr/bin/mysqlhotcopy Possible Trojan - /usr/bin/Wand-config Possible Trojan - /usr/bin/animate Possible Trojan - /usr/bin/compare Possible Trojan - /usr/bin/composite Possible Trojan - /usr/bin/conjure Possible Trojan - /usr/bin/convert Possible Trojan - /usr/bin/display Possible Trojan - /usr/bin/identify Possible Trojan - /usr/bin/import Possible Trojan - /usr/bin/mogrify Possible Trojan - /usr/bin/montage Possible Trojan - /usr/bin/curl-config Possible Trojan - /usr/bin/curl Possible Trojan - /usr/lib/libcurl.so.3.0.0 Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so Possible Trojan - /usr/sbin/pureauth 25 POSSIBLE Trojans Detected Is there anything that looks fishy here?
View Replies!
View Related
Websites Infected With Trojan How To Solve?
i see my websites are infected with some trojan. there are some iframe tag simlilar to this in all index files <iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe> any idea how might this iframe inserted in my codes. i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus any idea how this is happened and how to avoide this?
View Replies!
View Related
Trojan-Clicker.HTML.Iframe.g In My Website? What Is This??
I have a website and all works fine, but an user said me that uses kaspersky said me my website has an trojan i don't understand how this is possible, and i'l really worried. the trojan that appears to my user is: Trojan-Clicker.HTML.Iframe.g someone know why i have this trojan? Now the users refuses to open my website!! i'm more than worried this is an printscreen of the error: ...
View Replies!
View Related
Trojan Detected On Initial Load Of Site
I have 2 reseller accounts with one provider, and in the last several days I have noticed that when you visit the site for the first time, my AV software detects a trojan on the site, but the code & html files are 100% clean! I'm suspecting that there is something being injected into the scripts from the server daemons that's either running or something else. Anyone have any suggestions?
View Replies!
View Related
Trojan-Clicker.HTML.IFrame.amh
I am not that technically proficient so I have to resort to shared hosting solutions...I am currently with Bluehost. Problem: I have a small site with minimal needs in terms of storage and bandwidth, but the site is controversial and gets hacked and attacked a lot. I need a shared hosting provider which ranks higher than most in terms of security. Recently the site was attacked such that any user going to the site was infected with Trojan horse viruses. Donno if it's useful or not but here are the files from my PC antivirus which was infected when I went to the site with IE: File generated by Rogers Online Protection Anti-Virus C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5PG8E0SM0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:25 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5GC9JZWI3gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5QBPA1ELgifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5EKTEAS82gifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5P5098OY4gifimg[4].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:29 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5IPGNWAB0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE55VT8B104gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE543XUDX83gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:21:31 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:22:18 AM C:Documents and SettingsuserLocal SettingsTemporary Internet
View Replies!
View Related
Windows SBS2K3: Archiving Exchange? STORE.EXE Using A Lot Of Memory/lockups
Been running a server for 2 years now on Windows SBS 2003, and within the past 2 weeks, the server has been locking up or going very sluggish after only a few hours of use. I've noticed that STORE.EXE is using a lot of memory, there are a number of people within the building using this server for various tasks with Microbiz, Quickbooks, and Exchange server. I researched the topic and was told if I can archive Exchange, that this should help with performance. Anyone know how to do this or to lower the use of memory with the server?
View Replies!
View Related
Prevent Of Execution Trojan Shell Scripts, Like R57shell And Other?
Which configuration for php and server that prevent execute shell scripts? Which funstions you recommend to disable? Like shell_exec, passthru, proc_open, proc_close, proc_get-status, proc_nice, proc_terminate, exec, system, suexec, popen, pclose, dl, ini_set, virtual, set_time_limit
View Replies!
View Related
ClamAV Problems
My hosting provider (which will go unnamed because I doubt they would appreciate me broadcasting the fact that their server-based antivirus software isn't working properly) is experiencing almost daily email delivery failures on multiple shared servers because ClamAV stops working. They say they are running the latest stable versions of exim and ClamAV, but that "there is no guarantee...that the clamav error will not happen again". Right around the time this started happening, there was an article on the ComputerWorld web site (http://www.computerworld.com/action/...icleId=9077638) about a ClamAV patch being released to fix a security vulnerability. I'm wondering whether that patch was buggy, and whether other hosting providers are having problems with ClamAV. (It would probably be a good idea not to mention any providers by name because of the security implications.)
View Replies!
View Related
CentOS And ClamAV
Anybody have a version running on CentOS 4.4...if so what version...keeps complaining about libcrypt.so.5, libssl.so.5 and a few other things that are not updated yet on CentOS 4.4
View Replies!
View Related
ClamAV - Should We Enable It?
I would like to ask whether should we use/enable the clamAV service on our VPS? I have read from several article, it said that ClamAV is pretty hungry on CPU/Memory resources. I would like to know, do you use/enable the clamAV on your VPS? Or even don't have it installed on your VPS?
View Replies!
View Related
Disable Clamav
How can I disable clamav on cpanel server and make sure that it's not running because when clamav is running the outlook is not working so I have to restart clamav every time.
View Replies!
View Related
Clamav Checking
I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?
View Replies!
View Related
ClamAV (clamd)
I guess most of you are familiar with clamAV but i wanna use this as a cpanel plugin and provide my customer the anti virus option in cpanel.. how do i do this? ive already install clamAV on ym server.
View Replies!
View Related
Best Way To Install ClamAV?
I run a CPanel environment, and want to know the best way to install and configure ClanAV. I know CPanel has an install for it under WHM, but is that the best way? How hard is it to keep updated and does it scan all directories for viruses ect...?
View Replies!
View Related
Trojan Activity - Running Perl With High CPU Usage, With User Apache
Running programs named Perl with Heavy CPU usage, with the ownership of user apache. We found the problem on Fedora 3 and Fedora 6. In our case, it was the result of a Trojan activity. Quick Solution Check the cron jobs of user apache crontab -u apache -e */1 * * * * perl /tmp/.tmp/tmpfile delete the cronjob entry. Also delete the file /tmp/.tmp/tmpfile also added "apache" to the file /etc/cron.deny That's all Problem and solution in detail....
View Replies!
View Related
Win32 Clamav Replacement
I normally use Win32 Clamav for scanning of viruses in servers but now it is no longer being maintained. Where can I find an equivalent? Or is there any step by step instructions on compiling it from source?
View Replies!
View Related
Antivirus To Use With Cpanel Apart From Clamav?
is there a antivirus i can use with cpanel apart from clamav? found a virus on my work pc this morning that was trying to send emails out so i want my cpanel server to prevent any emails with virus's going out. i was told clamav would slow down my server so i thought about AVG and was just wondering what other people have installed.
View Replies!
View Related
Your ClamAV Installation Is OUTDATED!
I am running Clamav in Windows, it seems that the FreshClam is giving some errors when updating ClamAV update process started at Sat Jul 18 13:20:41 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.95.1 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 51, sigs: 545035, f-level: Downloading daily.cvd [ 99%] ERROR: Can't rename c:clamavdata/clamav-8b0fa144b304158b0 e0c.clamtmp to daily.cvd: Permission denied
View Replies!
View Related
CPanel MySQL/Clamav
A few weeks ago I installed clamav using the cPanel "Manage Plug-Ins". It all seemed fine but my server load kept going ridiculously high. I couldn't work out what was wrong until I managed to get a ps aux when it was very high and found that clamd was using ridiculous amounts of memory/cpu. It's not such a big deal having it on my server, so I decide to uninstall it. After uninstalling it, MySQL started to randomly turn off regularly (around every 30 minutes). I tried forcing a cPanel update, updating the MySQL files, reinstalling MySQL, etc. but nothing has seemed to fix it. So as a last resort, I've reinstalled Clamav and now my MySQL is fine but my server load keeps going ridiculously high again; causing problems still. Has anyone/cPanel ever experienced this problem? I need to find a solution as almost every account on my server uses MySQL as a basis for their website, so I can't have it going down even for less than a minute.
View Replies!
View Related
ClamAV On A CPanel Server
I've got ClamAV installed on my cPanel (Dedicated) server with a single site and would am having trouble setting up ClamAV to scan emails. I installed it via WHM and have set it up in WHM to scan all items. Ie: WHM -> Plugins -> Configure ClamAV Scanner -> Scan ALL items After doing a few manual scans however (using 'clamscan -ri') I'm finding infections in the account mail folder. 1. Is there a good guide to setting up ClamAV on a cPanel serve do do automatic mail scanning? I was under the impression that ClamAV scans emails also however after doing some reading people seem to recommend MailScanner. 2. My logwatch is giving me the following error. The ClamAV update process (freshclam daemon) was not running! If you no longer wish to run freshclam, deleting the freshclam.log file will suppress this error message. The freshclam daemon wasn't running so I've started it (freshclam --daemon). I've also checked the freshclam.conf file and the logrile is set as follows: UpdateLogFile /var/log/freshclam.log
View Replies!
View Related
MailScanner + ClamAV Performance
I am looking into implementing an antivirus/spam relay server using Postfix + MailScanner + SpamAssassin. Does anyone here have experience with this kind of solution? What kind of rough performance in messages/hour or messages/day could I expect from a server like this: PowerEdge 2950 2x QuadCore Xeon E5320 (1.8GHz) 8GB RAM 4x 146GB 15,000rpm SAS in RAID 10
View Replies!
View Related
ClamAV :: Errors After Installing
I am recently trying to install the ClamAV program onto my servers. Everything goes well and it is able to get installed but I am encountering some problems. 1) The program keeps recurring the scanning process on my /home directory and will not stop looping.... I waited for around 12 hours but it still keeps looping.... 2) I have started the clamd and tested it out by loading a virus onto my server... Nothing happens... the file still is able to be uploaded and excuted.... Is there anyway for ClamAV to auto scan everything that gets uploaded or transmitted into the server? And also mail me its daily scan logs that is issue to be stored in a specific directory.
View Replies!
View Related
How To Install ClamAV On Centos 5
I tried to install clamav, but i'm out of luck. It won't install at all. it gives the folloing error: Transaction Check Error: file /etc/freshclam.conf from install of clamav-0.95.1-4.el5.rf.i386 conflicts with file from package clamav-toaster-0.95.1-1.3.27.i386 ....
View Replies!
View Related
|
TRACKER
