[{ALLOW view All}] [{ALLOW edit Markus}] ! Rootkit Scanner [Docu|http://uckanleitungen.de/rootkit-scanner-linux/] | [Ubuntu Security|http://wiki.ubuntuusers.de/Sicherheit] Install and scan "rkhunter" {{{ > apt-get install rkhunter > rkhunter --update > rkhunter --propupd --update > rkhunter -c }}} Install and scan chkrootkit {{{ > apt-get install chkrootkit > chkrootkit }}} ! Virus Scanner A list of Linux virus scanner is [here|http://wiki.ubuntuusers.de/Virenscanner].\\ You can use [ClamAV|http://wiki.ubuntuusers.de/ClamAV] most easily. Install (see also [apt]) {{{ > apt-get install clamav clamav-freshclam }}} Refresh {{{ > freshclam }}} Search {{{ > clamscan -r -i / > virusscan.txt & ClamAV update process started at Sat Jan 4 13:59:40 2014 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.97.8 Recommended version: 0.98 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd is up to date (version: 18317, sigs: 636260, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 235, sigs: 44, f-level: 63, builder: dgoddard) }}} This is on Ubuntu 10.04. Adding "backports" packages (see [apt]) and upgrading did not help (?) Anyway, result was: {{{ /markus/tomee/tomee_wp16/work/Catalina/localhost/EbelHome/org/apache/jsp/index_005fbak1_jsp.java: Win.Backdoor.ChopperJsp FOUND /markus/tomee/tomee_wp16/webapps/Homepage/index_bak1.jsp: Win.Backdoor.ChopperJsp FOUND /markus/tomee/tomee_wp16/webapps/EbelHome/index_bak1.jsp: Win.Backdoor.ChopperJsp FOUND }}} ---- I noticed following process (ps -ef) {{{ perl /usr/bin/bk lup.ox88.info 443 }}} Bitkeeper?