Portal Home > Knowledgebase > Articles Database > What to use to scan for Trojan?
What to use to scan for Trojan?
| Posted by Toeki, 06-02-2009, 03:04 PM |
| We have a client claming that she gets a Trojan warming when she trys to access her website but using the Trojan scan in cpanel doesn't show anything.
What can we use to scan for Trojan?
|
| Posted by tuxStyle, 06-02-2009, 03:17 PM |
| Might be a false positive?
Anyway on linux i use:
chkrootkit
rkhuter
lynis
If her site was "hacked" there will be a different type of trojan.
Did you ask her to send you a print screen?
Or at least what trojan is detected?
You need a starting point.
|
| Posted by eth1, 06-02-2009, 03:32 PM |
| The public_html directory can be downloaded to a computer running a Anti-virus program and scanned. If the server is running Linux OS, the trojan/virus won't affect files/folders.
ClamAV module which can be integrated with a MTA does scan for virus/trojans etc.
|
| Posted by Toeki, 06-02-2009, 03:50 PM |
| I used the chkrootkit and it showed to possible LKM Trojan readdir command and ps command.
|
| Posted by ZenMonk, 06-03-2009, 09:17 AM |
| Run rootkit hunter as well. Reinstall all the binaries that are reported as infected. Search for suscipious programs,backdoor etc. Hopefully your server is not rooted in which case you will have to backup and reinstall.
|
| Posted by prashant1979, 06-03-2009, 11:15 AM |
| Ask her to check her website. Her website is probably infected due to SQL Injection or cross site scripting and the antivirus on her desktop computer blocks it as a trojan. Ask her to look for unusual script tags or iframe tags in her pages and remove them.
|
Add to Favourites 
Print this Article
Also Read
