Trojan Scan Results

[rebaths]

I did a trojan scan on my WHM and this is what I got:

Possible Trojan - /sbin/dmsetup
Possible Trojan - /sbin/dmsetupstatic
Possible Trojan - /usr/lib64/python24/site-packages/libxml2modla
Possible Trojan - /usr/lib64/python24/site-packages/libxml2modso
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/pstruct
Possible Trojan - /usr/bin/aspell
Possible Trojan - /usr/bin/prezip-bin
Possible Trojan - /usr/bin/word-list-compress
Possible Trojan - /usr/sbin/avcstat
Possible Trojan - /usr/sbin/getenforce
Possible Trojan - /usr/sbin/getsebool
Possible Trojan - /usr/sbin/matchpathcon
Possible Trojan - /usr/sbin/selinuxenabled
Possible Trojan - /usr/sbin/setenforce
Possible Trojan - /usr/sbin/togglesebool
Possible Trojan - /etc/crondaily/logrotate
Possible Trojan - /usr/sbin/antirelayd
Possible Trojan - /usr/bin/wish84
Possible Trojan - /usr/sbin/pureauth

Are any of these suspect?? If so, how to be sure and how to delete and prevent them from coming back??

Thanks

[JPC-Anoop]

Hi,

WHM trojan scan is unreliable and throws many false positives. I would recommend you to use rkhunter or chkrootkit.