similar to: ClamAV reports a trojan

This morning I discovered this in my clamav report from one of our imap servers: /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: Unix.Trojan.MSShellcode-21 FOUND I have looked at this script and it appears to be part of the nmap distribution. It actually tests for irc backdoors. IRC is not used here and its ports are blocked by default both at the gateway and on all internal hosts.

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root

NUT http://www.networkupstools.org/package/windows/NUT-Installer-2.6.5-6.msi listed as trojan: https://www.virustotal.com/en/file/e4c8cd86efe6ca897583ed223c0cc0ef4458581485d23616c37ede3858586245/analysis/1481844790/ It is listed as "probably harmless" so I guess it is a false positive? Nevertheless it is not nice to see. Regards, Lars. -------------- next part -------------- An HTML

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

On Thu, Apr 16, 2015 at 10:01 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > This morning I discovered this in my clamav report from one of our > imap servers: > > /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: > Unix.Trojan.MSShellcode-21 FOUND > > > I have looked at this script and it appears to be part of the nmap > distribution. It actually tests

[OT ALERT] On 17/04/15 02:28, Valeri Galtsev wrote: > clamav is a scanner that is designed to detect viruses (virii I should use > for plural as it is Latin word) I believe this 'rule' in English is misunderstood by many and as a general rule of thumb... tl;dr: Words from Old English that came into modern English, use 'Old English' pluralisation: eg, sheep, fish etc. words

On 17/04/15 12:31, Valeri Galtsev wrote: > But being not native > English speaker, I use it ("not native English speaker") Figured as much, which is why I mentioned it ;) > as an excuse for > being unable to pronounce anything. Not as if most English speakers can pronounce many English words.... ... ttfn :) P.

On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: > It is amazing how much one can cripple what another person said by > scissoring his phrases ;-) English people (excludes USA people) should always try to speak simple, jargon-free, easily understandable and logically expressed English especially when conversing with non-English people. I greatly admire the linguistic abilities of

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/04/15 16:04, Valeri Galtsev wrote: > > On Fri, April 17, 2015 9:51 am, Always Learning wrote: >> >> On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: >> >>> It is amazing how much one can cripple what another person said >>> by scissoring his phrases ;-) >> >> English people

A friend passed along this interesting link: http://incolumitas.com/2016/06/08/typosquatting-package-managers/ about the strategy of using "typosquatting" (packages with very similar names to existing packages) to trick users into downloading/installing packages with malicious code). They made fake trojans (with empty payloads) for Ruby, Python and NodeJS and experimented to see how

Hello, I have the following problem: I successfully installed R (Version 2.1.3.0 for Windows) on my Notebook (Windows 7) in June. Now I used the same setup file for a PC (Windows XP) and got a message from the anti virus software (Avira), that the setup file contains the Trojan "TR/ATRAPS.Gen". The PC is never connected to the internet, this is why the anti virus software has

Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386. Best regards, Andreas [[alternative HTML version deleted]]

On Thu, April 16, 2015 8:59 pm, Peter Lawler wrote: > [OT ALERT] > > On 17/04/15 02:28, Valeri Galtsev wrote: > >> clamav is a scanner that is designed to detect viruses (virii I should >> use >> for plural as it is Latin word) > I believe this 'rule' in English is misunderstood by many and as a > general rule of thumb... > tl;dr: > Words from Old

On Fri, April 17, 2015 12:50 am, Peter Lawler wrote: > On 17/04/15 12:31, Valeri Galtsev wrote: >> But being not native >> English speaker, I use it ("not native English speaker") > Figured as much, which is why I mentioned it ;) > >> as an excuse for >> being unable to pronounce anything. > Not as if most English speakers can pronounce many English

On Fri, April 17, 2015 9:51 am, Always Learning wrote: > > On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: > >> It is amazing how much one can cripple what another person said by >> scissoring his phrases ;-) > > English people (excludes USA people) The first thing I learned what US people (before became one myself) take English pronunciation for was... Well, I

hi, I am from Norway and you'll don't believe me, but a trojan horse in on your pc. I've scanned the network-ports on the internet. (I know, that's illegal) And I have found your pc. Your pc is open on the internet for everybody! Because the smss.exe trojan is running on your system. Check this, open the task manager and try to stop that! You'll see, you can't stop this

On Thu, April 16, 2015 10:09 am, Les Mikesell wrote: > On Thu, Apr 16, 2015 at 10:01 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: >> This morning I discovered this in my clamav report from one of our imap servers: >> /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: >> Unix.Trojan.MSShellcode-21 FOUND >> I have looked at this script and it appears to be

Hi, FYI: ------------------------------------------------------ http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security ------------------------------------------------------ >Greetings, > >Just want to inform you that the OpenSSH package op ftp.openbsd.org >(and probably all its mirrors now) it trojaned: > >

OpenSSH Security Advisory (adv.trojan) 1. Systems affected: OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp server and potentially propagated via the normal mirroring process to other ftp servers. The code was inserted some time between the 30th and 31th of July. We replaced the trojaned files with their originals at 7AM MDT, August 1st. 2. Impact: Anyone who has

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-21 GNU Project FTP Server Compromise Original issue date: August 13, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised. I. Description