[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Security risks of using vds for setting up tor-nodes?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Security risks of using vds for setting up tor-nodes?
- From: James Brown <jbrownfirst@xxxxxxxxx>
- Date: Fri, 26 Nov 2010 19:09:00 +0000
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 26 Nov 2010 14:09:44 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:x-enigmail-version:content-type; bh=iqHVRJ2CJLbHrZuO4V1r149pdL+gHp26sJB+WnyRUdo=; b=hMfRxorJ4E+nn1gGHYJ13pCbGoaaDhBAeKf0IdRtq8rv3/3ne4Ehm0NK9tapVRq52v 4VF+CjzBtVogewR2hkxaUt8I/VLVkYb3b9cpoBz9oUeYeFqVxk2Wdq3W2z0/th261BGz CKqU4Xx+iEjaTeIbjd6/uHR7kpZDRiNORrxZI=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type; b=egltMeFpW1BQPN6F5ihevLuarPdMyRjYeVLWc5hrUpFJ62tsl0qEBkUhu5edYcHdqY 3GE19tDAV1u4n4zeZZ0BnNrrcQyUaR+LJuOPHO/HnYUTKXmBmz8mBnwmMdjoq80I1lYU l6nzg5avUn2iVHjWe/dPZ7JZ/s6NtF5F4IcTI=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mozilla-Thunderbird 2.0.0.24 (X11/20100329)
Sometimes ago I ren a VDS under Debian Lenny,
~# uname -a
Linux 2.6.18-028stab070.4-ent #1 SMP Tue Aug 17 19:03:05 MSD 2010 i686
GNU/Linux
I set up on that VDS only exit tor-node and nothing more. I didn't stop
apache, proftpd daemon and etc. because I have intended to use it in the
feature but I didn't use it for several month.
How I have the next problem.
Some days ago I received the next messages from crondaemon:
/etc/cron.daily/rkhunter:
Internal error!
Internal error!
.................................
and from rkhunter that my server have problems which you can see in the
attached log inculding detected SHV4 Rootkit and SHV5 Rootkit
When I try to start rkhunter in the shell of that server it doesn't want
to work.
chkrootkit tell me about problems too (see attached log).
unhide-tcp does not want to work as rkhunter, unhide finds seen in
attached logs.
clamav find the next:
/sbin/ttymon: Trojan.Linux.Rootkit.A FOUND
/usr/bin/find: Linux.Rootkit-25 FOUND
/usr/bin/pstree: Trojan.Rootkit-118 FOUND
/usr/lib/libsh/.sniff/shsniff: Trojan.Linux.Sysniff FOUND
/usr/lib/libsh/shsb: Linux.LionCleaner FOUND
debsums tell me the next:
grep -i failed debsums20101126.log
/bin/ls
FAILED
/usr/bin/md5sum
FAILED
/usr/bin/find
FAILED
/bin/netstat
FAILED
/sbin/ifconfig
FAILED
/bin/ps
FAILED
/usr/bin/top
FAILED
/opt/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/config.default.php
FAILED
/opt/psa/etc/service/coldfusion.xml
FAILED
/opt/psa/admin/plib/templates/backup/backup_failed_task.tpl
/etc/pam.d/pop3
FAILED
/etc/pam.d/imap
FAILED
/usr/bin/pstree
FAILED
How it was possible to catch that viruses, rootkits and etc. from using
an exit tor-node? Have anybody such problems? What is the security
measures takes of other owners of exit-nodes?
What is the better to me - to try clean the existing system or to give
an order to VDS provider to reinstall my VDS?
If the last way is the better (now I am inclined to that) - what files
from tor-node installation I need to save exept torrc and keys of my node?
Or it would better generate new keys through new installation of
tor-node? Could existing keys compomise my tor-node after reinstalling
my VDS?
And could it be an attack against exactly my VDS as tor-node? Could it
be an attempt of an Adversary to take control over my tor-node for
attacks against the Tor-net?!
Checking `ifconfig'... INFECTED
Checking `inetd'... Unknown HZ value! (57) Assume 100.
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
not infected
Checking `netstat'... INFECTED
Checking `pstree'... INFECTED
Checking `sshd'... Unknown HZ value! (57) Assume 100.
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
not infected
Checking `top'... INFECTED
Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit installed
Searching for Showtee... Warning: Possible Showtee Rootkit installed
Searching for Romanian rootkit... /usr/include/file.h /usr/include/proc.h
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... Unknown HZ value! (57) Assume 100.
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
Internal error!
You have 18 process hidden for readdir command
You have 20 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Warning: The file properties have changed:
File: /bin/bash
Current inode: 1297223 Stored inode: 2594446
Warning: The file properties have changed:
File: /bin/cat
Current inode: 1297207 Stored inode: 2594414
Warning: The file properties have changed:
File: /bin/chmod
Current inode: 1297184 Stored inode: 2594368
Warning: The file properties have changed:
File: /bin/chown
Current inode: 1297182 Stored inode: 2594364
Warning: The file properties have changed:
File: /bin/cp
Current inode: 1297206 Stored inode: 2594412
Warning: The file properties have changed:
File: /bin/csh
Current inode: 1296846 Stored inode: 2593692
Warning: The file properties have changed:
File: /bin/date
Current inode: 1297187 Stored inode: 2594374
Warning: The file properties have changed:
File: /bin/df
Current inode: 1297190 Stored inode: 2594380
Warning: The file properties have changed:
File: /bin/dmesg
Current inode: 1297211 Stored inode: 2594422
Warning: The file properties have changed:
File: /bin/echo
Current inode: 1297172 Stored inode: 2594344
Warning: The file properties have changed:
File: /bin/ed
Current inode: 1297197 Stored inode: 2594394
Warning: The file properties have changed:
File: /bin/egrep
Current inode: 1297221 Stored inode: 2594442
Warning: The file properties have changed:
File: /bin/fgrep
Current inode: 1297228 Stored inode: 2594456
Warning: The file properties have changed:
File: /bin/fuser
Current inode: 1297180 Stored inode: 2594360
Warning: The file properties have changed:
File: /bin/grep
Current inode: 1297216 Stored inode: 2594432
Warning: The file properties have changed:
File: /bin/ip
Current inode: 1297175 Stored inode: 2594350
Warning: The file properties have changed:
File: /bin/kill
Current inode: 1297176 Stored inode: 2594352
Warning: The file properties have changed:
File: /bin/login
Current inode: 1297255 Stored inode: 2594510
Warning: The file properties have changed:
File: /bin/ls
Current hash: 7a795a4171d5299bd0a872ee8167302e987a2b60
Stored hash : e35f41d4f1d356219b3e1c6d306d3dbf7ac7e2d0
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308981 Stored inode: 2594494
Current size: 39696 Stored size: 92312
Warning: File '/bin/ls' has the immutable-bit set.
Warning: The file properties have changed:
File: /bin/lsmod
Current inode: 1297252 Stored inode: 2594504
Warning: The file properties have changed:
File: /bin/mktemp
Current inode: 1297241 Stored inode: 2594482
Warning: The file properties have changed:
File: /bin/more
Current inode: 1297196 Stored inode: 2594392
Warning: The file properties have changed:
File: /bin/mount
Current inode: 1297188 Stored inode: 2594376
Warning: The file properties have changed:
File: /bin/mv
Current inode: 1297242 Stored inode: 2594484
Warning: The file properties have changed:
File: /bin/netstat
Current hash: 3fb2b2713e99bbf8a9a0700ecbc823d060c3d0b7
Stored hash : 096cd3d2d46aefe3594961840d0f64c135cea90d
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308988 Stored inode: 2594462
Current size: 54152 Stored size: 103048
Warning: File '/bin/netstat' has the immutable-bit set.
Warning: The file properties have changed:
File: /bin/ps
Current hash: 46efcecf8383aee782f62bfc599edaa2e3c29903
Stored hash : 234bba6212ca0cee9718bd74316d7c81e5e0b570
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308989 Stored inode: 2594460
Current size: 62920 Stored size: 75724
Warning: File '/bin/ps' has the immutable-bit set.
Warning: The file properties have changed:
File: /bin/pwd
Current inode: 1297210 Stored inode: 2594420
Warning: The file properties have changed:
File: /bin/readlink
Current inode: 1297213 Stored inode: 2594426
Warning: The file properties have changed:
File: /bin/sed
Current inode: 1297218 Stored inode: 2594436
Warning: The file properties have changed:
File: /bin/sh
Current inode: 1297217 Stored inode: 2594434
Warning: The file properties have changed:
File: /bin/su
Current inode: 1297208 Stored inode: 2594416
Warning: The file properties have changed:
File: /bin/touch
Current inode: 1297185 Stored inode: 2594370
Warning: The file properties have changed:
File: /bin/uname
Current inode: 1297199 Stored inode: 2594398
Warning: The file properties have changed:
File: /bin/which
Current inode: 1297246 Stored inode: 2594492
Warning: The file properties have changed:
File: /bin/tcsh
Current inode: 1297235 Stored inode: 2594470
Warning: The file properties have changed:
File: /usr/bin/awk
Current inode: 1655623 Stored inode: 3311246
Warning: The file properties have changed:
File: /usr/bin/basename
Current inode: 1658664 Stored inode: 3317328
Warning: The file properties have changed:
File: /usr/bin/chattr
Current inode: 1658810 Stored inode: 3317620
Warning: The file properties have changed:
File: /usr/bin/cut
Current inode: 1658385 Stored inode: 3316770
Warning: The file properties have changed:
File: /usr/bin/diff
Current inode: 1658630 Stored inode: 3317260
Warning: The file properties have changed:
File: /usr/bin/dirname
Current inode: 1658619 Stored inode: 3317238
Warning: The file properties have changed:
File: /usr/bin/dpkg
Current inode: 1658437 Stored inode: 3316926
Current file modification time: 1282679782
Stored file modification time : 1268080529
Warning: The file properties have changed:
File: /usr/bin/dpkg-query
Current inode: 1658608 Stored inode: 3317428
Current file modification time: 1282679782
Stored file modification time : 1268080529
Warning: The file properties have changed:
File: /usr/bin/du
Current inode: 1658639 Stored inode: 3317278
Warning: The file properties have changed:
File: /usr/bin/env
Current inode: 1658304 Stored inode: 3316608
Warning: The file properties have changed:
File: /usr/bin/file
Current inode: 1658322 Stored inode: 3316644
Warning: The file properties have changed:
File: /usr/bin/find
Current hash: 56ada806da802a8c0ad244eb754024bd421e8f85
Stored hash : 10809bffe6f8477f195e00bf1a3fbb64589064f3
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308984 Stored inode: 3316932
Current size: 59536 Stored size: 134588
Warning: File '/usr/bin/find' has the immutable-bit set.
Warning: The file properties have changed:
File: /usr/bin/GET
Current inode: 1660631 Stored inode: 3317652
Current file modification time: 1284483164
Stored file modification time : 1215865853
Warning: The file properties have changed:
File: /usr/bin/groups
Current inode: 1658372 Stored inode: 3316744
Warning: The file properties have changed:
File: /usr/bin/head
Current inode: 1658418 Stored inode: 3316836
Warning: The file properties have changed:
File: /usr/bin/id
Current inode: 1658765 Stored inode: 3317530
Warning: The file properties have changed:
File: /usr/bin/killall
Current inode: 1658395 Stored inode: 3316790
Warning: The file properties have changed:
File: /usr/bin/last
Current inode: 1658363 Stored inode: 3316726
Warning: The file properties have changed:
File: /usr/bin/lastlog
Current inode: 1658334 Stored inode: 3316668
Warning: The file properties have changed:
File: /usr/bin/ldd
Current inode: 1661775 Stored inode: 3319600
Current file modification time: 1287701079
Stored file modification time : 1275783797
Warning: The file properties have changed:
File: /usr/bin/less
Current inode: 1658757 Stored inode: 3317514
Warning: The file properties have changed:
File: /usr/bin/logger
Current inode: 1658663 Stored inode: 3317326
Warning: The file properties have changed:
File: /usr/bin/lsattr
Current inode: 1658572 Stored inode: 3317144
Warning: The file properties have changed:
File: /usr/bin/lsof
Current inode: 1658865 Stored inode: 3317730
Warning: The file properties have changed:
File: /usr/bin/lynx
Current inode: 1655656 Stored inode: 3311312
Warning: The file properties have changed:
File: /usr/bin/mail
Current inode: 1655640 Stored inode: 3311280
Warning: The file properties have changed:
File: /usr/bin/md5sum
Current hash: 082f99da99198e0cd9fcd14f2511cfb0e9eded60
Stored hash : b94d5cddf403ac24ef2a78433e1cb13565252a35
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308986 Stored inode: 3316906
Current size: 31452 Stored size: 31776
Warning: File '/usr/bin/md5sum' has the immutable-bit set.
Warning: The file properties have changed:
File: /usr/bin/newgrp
Current inode: 1658451 Stored inode: 3316902
Warning: The file properties have changed:
File: /usr/bin/passwd
Current inode: 1658901 Stored inode: 3317802
Warning: The file properties have changed:
File: /usr/bin/perl
Current inode: 1658715 Stored inode: 3317430
Warning: The file properties have changed:
File: /usr/bin/pstree
Current hash: e1c728b135a299597009081ab9362b6e970b5bb7
Stored hash : a8e8b26ad1c1f7ea757dcbd7566444fc78ee28af
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308995 Stored inode: 3317130
Current size: 12340 Stored size: 14072
Warning: File '/usr/bin/pstree' has the immutable-bit set.
Warning: The file properties have changed:
File: /usr/bin/rkhunter
Current inode: 1660745 Stored inode: 3321490
Warning: The file properties have changed:
File: /usr/bin/runcon
Current inode: 1658401 Stored inode: 3316802
Warning: The file properties have changed:
File: /usr/bin/sha1sum
Current inode: 1658864 Stored inode: 3317728
Warning: The file properties have changed:
File: /usr/bin/size
Current inode: 1658566 Stored inode: 3317132
Warning: The file properties have changed:
File: /usr/bin/sort
Current inode: 1658499 Stored inode: 3316998
Warning: The file properties have changed:
File: /usr/bin/stat
Current inode: 1658449 Stored inode: 3316898
Warning: The file properties have changed:
File: /usr/bin/strings
Current inode: 1658487 Stored inode: 3316974
Warning: The file properties have changed:
File: /usr/bin/sudo
Current inode: 1660462 Stored inode: 3320924
Warning: The file properties have changed:
File: /usr/bin/tail
Current inode: 1658838 Stored inode: 3317676
Warning: The file properties have changed:
File: /usr/bin/test
Current inode: 1658370 Stored inode: 3316740
Warning: The file properties have changed:
File: /usr/bin/top
Current hash: 097e4392870094d6b328ac5e2b67ea4a56a59adc
Stored hash : f6c3ac4d0fb3b5c708ee74d70799dd16f2ddb025
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308990 Stored inode: 3317556
Current size: 33992 Stored size: 65656
Warning: File '/usr/bin/top' has the immutable-bit set.
Warning: The file properties have changed:
File: /usr/bin/touch
Current inode: 1658516 Stored inode: 3317032
Warning: The file properties have changed:
File: /usr/bin/tr
Current inode: 1658808 Stored inode: 3317616
Warning: The file properties have changed:
File: /usr/bin/uniq
Current inode: 1658343 Stored inode: 3316686
Warning: The file properties have changed:
File: /usr/bin/users
Current inode: 1658652 Stored inode: 3317304
Warning: The file properties have changed:
File: /usr/bin/vmstat
Current inode: 1658795 Stored inode: 3317590
Warning: The file properties have changed:
File: /usr/bin/w
Current inode: 1655661 Stored inode: 3311322
Warning: The file properties have changed:
File: /usr/bin/watch
Current inode: 1658346 Stored inode: 3316692
Warning: The file properties have changed:
File: /usr/bin/wc
Current inode: 1658786 Stored inode: 3317572
Warning: The file properties have changed:
File: /usr/bin/wget
Current inode: 1658297 Stored inode: 3316594
Warning: The file properties have changed:
File: /usr/bin/whatis
Current inode: 1658677 Stored inode: 3317354
Warning: The file properties have changed:
File: /usr/bin/whereis
Current inode: 1658357 Stored inode: 3316714
Warning: The file properties have changed:
File: /usr/bin/which
Current inode: 1658610 Stored inode: 3317220
Warning: The file properties have changed:
File: /usr/bin/who
Current inode: 1658678 Stored inode: 3317356
Warning: The file properties have changed:
File: /usr/bin/whoami
Current inode: 1658571 Stored inode: 3317142
Warning: The file properties have changed:
File: /usr/bin/tcsh
Current inode: 1658885 Stored inode: 3317770
Warning: The file properties have changed:
File: /usr/bin/gawk
Current inode: 1658829 Stored inode: 3317658
Warning: The file properties have changed:
File: /usr/bin/lwp-request
Current inode: 1660630 Stored inode: 3316874
Current file modification time: 1283178459
Stored file modification time : 1215865817
Warning: The file properties have changed:
File: /usr/bin/lynx.cur
Current inode: 1658482 Stored inode: 3316964
Warning: The file properties have changed:
File: /usr/bin/bsd-mailx
Current inode: 1658342 Stored inode: 3316684
Warning: The file properties have changed:
File: /usr/bin/w.procps
Current inode: 1658408 Stored inode: 3316816
Warning: The file properties have changed:
File: /sbin/depmod
Current inode: 1297274 Stored inode: 2594548
Warning: The file properties have changed:
File: /sbin/ifconfig
Current hash: 2b4f36485056ab6edde2521f8dda623dfe603e0d
Stored hash : 90eaf74a7755f86b570d7918a923a8ff564823ae
Current uid: 122 Stored uid: 0
Current gid: 114 Stored gid: 0
Current inode: 8308987 Stored inode: 2594688
Current size: 31504 Stored size: 61736
Warning: File '/sbin/ifconfig' has the immutable-bit set.
Warning: The file properties have changed:
File: /sbin/ifdown
Current inode: 1297326 Stored inode: 2594652
Warning: The file properties have changed:
File: /sbin/ifup
Current inode: 1297369 Stored inode: 2594738
Warning: The file properties have changed:
File: /sbin/init
Current inode: 1297364 Stored inode: 2594728
Warning: The file properties have changed:
File: /sbin/insmod
Current inode: 1297294 Stored inode: 2594588
Warning: The file properties have changed:
File: /sbin/ip
Current inode: 1297271 Stored inode: 2594542
Warning: The file properties have changed:
File: /sbin/lsmod
Current inode: 1297368 Stored inode: 2594736
Warning: The file properties have changed:
File: /sbin/modinfo
Current inode: 1297371 Stored inode: 2594742
Warning: The file properties have changed:
File: /sbin/modprobe
Current inode: 1297378 Stored inode: 2594756
Warning: The file properties have changed:
File: /sbin/rmmod
Current inode: 1297298 Stored inode: 2594596
Warning: The file properties have changed:
File: /sbin/runlevel
Current inode: 1297308 Stored inode: 2594616
Warning: The file properties have changed:
File: /sbin/sulogin
Current inode: 1297285 Stored inode: 2594570
Warning: The file properties have changed:
File: /sbin/sysctl
Current inode: 1297317 Stored inode: 2594634
Warning: The file properties have changed:
File: /sbin/syslogd
Current inode: 1297323 Stored inode: 2594646
Warning: The file properties have changed:
File: /usr/sbin/adduser
Current inode: 1430232 Stored inode: 2860464
Warning: The file properties have changed:
File: /usr/sbin/chroot
Current inode: 1430225 Stored inode: 2860450
Warning: The file properties have changed:
File: /usr/sbin/cron
Current inode: 1430291 Stored inode: 2860582
Warning: The file properties have changed:
File: /usr/sbin/groupadd
Current inode: 1430321 Stored inode: 2860642
Warning: The file properties have changed:
File: /usr/sbin/groupdel
Current inode: 1430318 Stored inode: 2860636
Warning: The file properties have changed:
File: /usr/sbin/groupmod
Current inode: 1430341 Stored inode: 2860682
Warning: The file properties have changed:
File: /usr/sbin/grpck
Current inode: 1430229 Stored inode: 2860458
Warning: The file properties have changed:
File: /usr/sbin/nologin
Current inode: 1430359 Stored inode: 2860718
Warning: The file properties have changed:
File: /usr/sbin/pwck
Current inode: 1430361 Stored inode: 2860722
Warning: The file properties have changed:
File: /usr/sbin/tcpd
Current inode: 1430276 Stored inode: 2860552
Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.
Warning: The file properties have changed:
File: /usr/sbin/useradd
Current inode: 1430266 Stored inode: 2860532
Warning: The file properties have changed:
File: /usr/sbin/userdel
Current inode: 1430285 Stored inode: 2860570
Warning: The file properties have changed:
File: /usr/sbin/usermod
Current inode: 1430258 Stored inode: 2860516
Warning: The file properties have changed:
File: /usr/sbin/vipw
Current inode: 1430364 Stored inode: 2860728
Warning: The file properties have changed:
File: /usr/sbin/xinetd
Current inode: 1430337 Stored inode: 2860674
Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file.
Warning: SHV4 Rootkit [ Warning ]
File '/lib/lidps1.so' found
Warning: SHV5 Rootkit [ Warning ]
File '/etc/sh.conf' found
File '/dev/srd0' found
Directory '/usr/lib/libsh' found
Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/submission_psa
Warning: No output found from the lsmod command or the /proc/modules file:
/proc/modules output:
lsmod output:
Warning: Network TCP port 6667 is being used by /usr/sbin/tor. Possible rootkit: Possible rogue IRC bot
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': yes
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk.
Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk.
Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.
Unhide 20080519
yjesus@xxxxxxxxxxxxxxxxxxxxx
[*]Searching for Hidden processes through /proc scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 25899
Command: /usr/sbin/apache2
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32127
Command: unhide-linux26
Found HIDDEN PID: 32128
Command: tee
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
Unhide 20080519
yjesus@xxxxxxxxxxxxxxxxxxxxx
[*]Searching for Hidden processes through getpriority() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6102
Command: sshd: root [priv]
Found HIDDEN PID: 6103
Command: sshd: root [net]
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 25899
Command: /usr/sbin/apache2
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
[*]Searching for Hidden processes through getpgid() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 407
Found HIDDEN PID: 735
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 2713
Found HIDDEN PID: 2772
Found HIDDEN PID: 2773
Found HIDDEN PID: 2774
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 4239
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6186
Found HIDDEN PID: 6187
Found HIDDEN PID: 6188
Found HIDDEN PID: 6706
Found HIDDEN PID: 6755
Found HIDDEN PID: 6813
Found HIDDEN PID: 6814
Found HIDDEN PID: 6815
Found HIDDEN PID: 7115
Found HIDDEN PID: 7144
Found HIDDEN PID: 7145
Found HIDDEN PID: 7146
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 9032
Found HIDDEN PID: 9040
Found HIDDEN PID: 10946
Found HIDDEN PID: 10947
Found HIDDEN PID: 11244
Found HIDDEN PID: 11246
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 12931
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 15157
Found HIDDEN PID: 15158
Found HIDDEN PID: 17069
Found HIDDEN PID: 17292
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 19108
Found HIDDEN PID: 19122
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 20604
Found HIDDEN PID: 22693
Found HIDDEN PID: 22797
Found HIDDEN PID: 22799
Found HIDDEN PID: 22869
Found HIDDEN PID: 23443
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 24587
Found HIDDEN PID: 24593
Found HIDDEN PID: 24619
Found HIDDEN PID: 24620
Found HIDDEN PID: 24621
Found HIDDEN PID: 24622
Found HIDDEN PID: 24744
Found HIDDEN PID: 24745
Found HIDDEN PID: 24756
Found HIDDEN PID: 24759
Found HIDDEN PID: 24784
Found HIDDEN PID: 24875
Found HIDDEN PID: 25084
Found HIDDEN PID: 25397
Found HIDDEN PID: 25455
Found HIDDEN PID: 25457
Found HIDDEN PID: 25461
Found HIDDEN PID: 25501
Found HIDDEN PID: 25581
Found HIDDEN PID: 25589
Found HIDDEN PID: 25592
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 25899
Command: /usr/sbin/apache2
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26698
Found HIDDEN PID: 26700
Found HIDDEN PID: 26918
Found HIDDEN PID: 26925
Found HIDDEN PID: 27038
Found HIDDEN PID: 27076
Found HIDDEN PID: 27156
Found HIDDEN PID: 27240
Found HIDDEN PID: 27241
Found HIDDEN PID: 27242
Found HIDDEN PID: 27243
Found HIDDEN PID: 27248
Found HIDDEN PID: 27259
Found HIDDEN PID: 27261
Found HIDDEN PID: 27262
Found HIDDEN PID: 27623
Found HIDDEN PID: 27625
Found HIDDEN PID: 27626
Found HIDDEN PID: 27627
Found HIDDEN PID: 27628
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 29432
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 31017
Found HIDDEN PID: 31180
Found HIDDEN PID: 31215
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
[*]Searching for Hidden processes through getsid() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 407
Found HIDDEN PID: 735
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 2713
Found HIDDEN PID: 2772
Found HIDDEN PID: 2773
Found HIDDEN PID: 2774
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 4239
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6186
Found HIDDEN PID: 6187
Found HIDDEN PID: 6188
Found HIDDEN PID: 6706
Found HIDDEN PID: 6755
Found HIDDEN PID: 6813
Found HIDDEN PID: 6814
Found HIDDEN PID: 6815
Found HIDDEN PID: 7115
Found HIDDEN PID: 7144
Found HIDDEN PID: 7145
Found HIDDEN PID: 7146
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 9032
Found HIDDEN PID: 9040
Found HIDDEN PID: 10946
Found HIDDEN PID: 10947
Found HIDDEN PID: 11244
Found HIDDEN PID: 11246
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 12931
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 15157
Found HIDDEN PID: 15158
Found HIDDEN PID: 17069
Found HIDDEN PID: 17292
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 19108
Found HIDDEN PID: 19122
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 20604
Found HIDDEN PID: 22693
Found HIDDEN PID: 22797
Found HIDDEN PID: 22799
Found HIDDEN PID: 22869
Found HIDDEN PID: 23443
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 24587
Found HIDDEN PID: 24593
Found HIDDEN PID: 24619
Found HIDDEN PID: 24620
Found HIDDEN PID: 24621
Found HIDDEN PID: 24622
Found HIDDEN PID: 24744
Found HIDDEN PID: 24745
Found HIDDEN PID: 24756
Found HIDDEN PID: 24759
Found HIDDEN PID: 24784
Found HIDDEN PID: 24875
Found HIDDEN PID: 25084
Found HIDDEN PID: 25397
Found HIDDEN PID: 25455
Found HIDDEN PID: 25457
Found HIDDEN PID: 25461
Found HIDDEN PID: 25501
Found HIDDEN PID: 25581
Found HIDDEN PID: 25589
Found HIDDEN PID: 25592
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 25899
Command: /usr/sbin/apache2
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26698
Found HIDDEN PID: 26700
Found HIDDEN PID: 26918
Found HIDDEN PID: 26925
Found HIDDEN PID: 27038
Found HIDDEN PID: 27076
Found HIDDEN PID: 27156
Found HIDDEN PID: 27240
Found HIDDEN PID: 27241
Found HIDDEN PID: 27242
Found HIDDEN PID: 27243
Found HIDDEN PID: 27248
Found HIDDEN PID: 27259
Found HIDDEN PID: 27261
Found HIDDEN PID: 27262
Found HIDDEN PID: 27623
Found HIDDEN PID: 27625
Found HIDDEN PID: 27626
Found HIDDEN PID: 27627
Found HIDDEN PID: 27628
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 29432
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 31017
Found HIDDEN PID: 31180
Found HIDDEN PID: 31215
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
[*]Searching for Hidden processes through sched_getaffinity() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 407
Found HIDDEN PID: 735
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 2713
Found HIDDEN PID: 2772
Found HIDDEN PID: 2773
Found HIDDEN PID: 2774
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 4239
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6186
Found HIDDEN PID: 6187
Found HIDDEN PID: 6188
Found HIDDEN PID: 6706
Found HIDDEN PID: 6755
Found HIDDEN PID: 6813
Found HIDDEN PID: 6814
Found HIDDEN PID: 6815
Found HIDDEN PID: 7115
Found HIDDEN PID: 7144
Found HIDDEN PID: 7145
Found HIDDEN PID: 7146
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 9032
Found HIDDEN PID: 9040
Found HIDDEN PID: 10946
Found HIDDEN PID: 10947
Found HIDDEN PID: 11244
Found HIDDEN PID: 11246
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 12931
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 15157
Found HIDDEN PID: 15158
Found HIDDEN PID: 17069
Found HIDDEN PID: 17292
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 19108
Found HIDDEN PID: 19122
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 20604
Found HIDDEN PID: 22693
Found HIDDEN PID: 22797
Found HIDDEN PID: 22799
Found HIDDEN PID: 22869
Found HIDDEN PID: 23443
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 24587
Found HIDDEN PID: 24593
Found HIDDEN PID: 24619
Found HIDDEN PID: 24620
Found HIDDEN PID: 24621
Found HIDDEN PID: 24622
Found HIDDEN PID: 24744
Found HIDDEN PID: 24745
Found HIDDEN PID: 24756
Found HIDDEN PID: 24759
Found HIDDEN PID: 24784
Found HIDDEN PID: 24875
Found HIDDEN PID: 25084
Found HIDDEN PID: 25397
Found HIDDEN PID: 25455
Found HIDDEN PID: 25457
Found HIDDEN PID: 25461
Found HIDDEN PID: 25501
Found HIDDEN PID: 25581
Found HIDDEN PID: 25589
Found HIDDEN PID: 25592
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 25899
Command: /usr/sbin/apache2
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26698
Found HIDDEN PID: 26700
Found HIDDEN PID: 26918
Found HIDDEN PID: 26925
Found HIDDEN PID: 27038
Found HIDDEN PID: 27076
Found HIDDEN PID: 27156
Found HIDDEN PID: 27240
Found HIDDEN PID: 27241
Found HIDDEN PID: 27242
Found HIDDEN PID: 27243
Found HIDDEN PID: 27248
Found HIDDEN PID: 27259
Found HIDDEN PID: 27261
Found HIDDEN PID: 27262
Found HIDDEN PID: 27623
Found HIDDEN PID: 27625
Found HIDDEN PID: 27626
Found HIDDEN PID: 27627
Found HIDDEN PID: 27628
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 29432
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 31017
Found HIDDEN PID: 31180
Found HIDDEN PID: 31215
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
[*]Searching for Hidden processes through sched_getparam() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 407
Found HIDDEN PID: 735
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 2713
Found HIDDEN PID: 2772
Found HIDDEN PID: 2773
Found HIDDEN PID: 2774
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 4239
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6186
Found HIDDEN PID: 6187
Found HIDDEN PID: 6188
Found HIDDEN PID: 6706
Found HIDDEN PID: 6755
Found HIDDEN PID: 6813
Found HIDDEN PID: 6814
Found HIDDEN PID: 6815
Found HIDDEN PID: 7115
Found HIDDEN PID: 7144
Found HIDDEN PID: 7145
Found HIDDEN PID: 7146
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 9032
Found HIDDEN PID: 9040
Found HIDDEN PID: 10946
Found HIDDEN PID: 10947
Found HIDDEN PID: 11244
Found HIDDEN PID: 11246
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 12931
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 15157
Found HIDDEN PID: 15158
Found HIDDEN PID: 17069
Found HIDDEN PID: 17292
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 19108
Found HIDDEN PID: 19122
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 20604
Found HIDDEN PID: 22693
Found HIDDEN PID: 22797
Found HIDDEN PID: 22799
Found HIDDEN PID: 22869
Found HIDDEN PID: 23443
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 24587
Found HIDDEN PID: 24593
Found HIDDEN PID: 24619
Found HIDDEN PID: 24620
Found HIDDEN PID: 24621
Found HIDDEN PID: 24622
Found HIDDEN PID: 24744
Found HIDDEN PID: 24745
Found HIDDEN PID: 24756
Found HIDDEN PID: 24759
Found HIDDEN PID: 24784
Found HIDDEN PID: 24875
Found HIDDEN PID: 25084
Found HIDDEN PID: 25397
Found HIDDEN PID: 25455
Found HIDDEN PID: 25457
Found HIDDEN PID: 25461
Found HIDDEN PID: 25501
Found HIDDEN PID: 25581
Found HIDDEN PID: 25589
Found HIDDEN PID: 25592
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 25899
Command: /usr/sbin/apache2
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26698
Found HIDDEN PID: 26700
Found HIDDEN PID: 26918
Found HIDDEN PID: 26925
Found HIDDEN PID: 27038
Found HIDDEN PID: 27076
Found HIDDEN PID: 27156
Found HIDDEN PID: 27240
Found HIDDEN PID: 27241
Found HIDDEN PID: 27242
Found HIDDEN PID: 27243
Found HIDDEN PID: 27248
Found HIDDEN PID: 27259
Found HIDDEN PID: 27261
Found HIDDEN PID: 27262
Found HIDDEN PID: 27623
Found HIDDEN PID: 27625
Found HIDDEN PID: 27626
Found HIDDEN PID: 27627
Found HIDDEN PID: 27628
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 29432
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 31017
Found HIDDEN PID: 31180
Found HIDDEN PID: 31215
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
[*]Searching for Hidden processes through sched_getscheduler() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 407
Found HIDDEN PID: 735
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 2713
Found HIDDEN PID: 2772
Found HIDDEN PID: 2773
Found HIDDEN PID: 2774
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 4239
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6186
Found HIDDEN PID: 6187
Found HIDDEN PID: 6188
Found HIDDEN PID: 6706
Found HIDDEN PID: 6755
Found HIDDEN PID: 6813
Found HIDDEN PID: 6814
Found HIDDEN PID: 6815
Found HIDDEN PID: 7115
Found HIDDEN PID: 7144
Found HIDDEN PID: 7145
Found HIDDEN PID: 7146
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 9032
Found HIDDEN PID: 9040
Found HIDDEN PID: 10946
Found HIDDEN PID: 10947
Found HIDDEN PID: 11244
Found HIDDEN PID: 11246
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 12931
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 15157
Found HIDDEN PID: 15158
Found HIDDEN PID: 17069
Found HIDDEN PID: 17292
Found HIDDEN PID: 18093
Command: /usr/sbin/apache2
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 18801
Found HIDDEN PID: 18848
Found HIDDEN PID: 18913
Found HIDDEN PID: 18914
Found HIDDEN PID: 19108
Found HIDDEN PID: 19122
Found HIDDEN PID: 19825
Command: sshd: root@pts/1
Found HIDDEN PID: 19872
Command: -bash
Found HIDDEN PID: 19937
Command: clamscan
Found HIDDEN PID: 19938
Command: tee
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 20604
Found HIDDEN PID: 22693
Found HIDDEN PID: 22797
Found HIDDEN PID: 22799
Found HIDDEN PID: 22869
Found HIDDEN PID: 23443
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 24587
Found HIDDEN PID: 24593
Found HIDDEN PID: 24619
Found HIDDEN PID: 24620
Found HIDDEN PID: 24621
Found HIDDEN PID: 24622
Found HIDDEN PID: 24744
Found HIDDEN PID: 24745
Found HIDDEN PID: 24756
Found HIDDEN PID: 24759
Found HIDDEN PID: 24784
Found HIDDEN PID: 24875
Found HIDDEN PID: 25084
Found HIDDEN PID: 25397
Found HIDDEN PID: 25455
Found HIDDEN PID: 25457
Found HIDDEN PID: 25461
Found HIDDEN PID: 25501
Found HIDDEN PID: 25581
Found HIDDEN PID: 25589
Found HIDDEN PID: 25592
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26698
Found HIDDEN PID: 26700
Found HIDDEN PID: 26918
Found HIDDEN PID: 26925
Found HIDDEN PID: 27038
Found HIDDEN PID: 27076
Found HIDDEN PID: 27156
Found HIDDEN PID: 27240
Found HIDDEN PID: 27241
Found HIDDEN PID: 27242
Found HIDDEN PID: 27243
Found HIDDEN PID: 27248
Found HIDDEN PID: 27259
Found HIDDEN PID: 27261
Found HIDDEN PID: 27262
Found HIDDEN PID: 27623
Found HIDDEN PID: 27625
Found HIDDEN PID: 27626
Found HIDDEN PID: 27627
Found HIDDEN PID: 27628
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/sshd
Found HIDDEN PID: 28180
Command: /usr/sbin/xinetd
Found HIDDEN PID: 28272
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28283
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28285
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28286
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 28647
Command: qmail-send
Found HIDDEN PID: 28649
Command: splogger
Found HIDDEN PID: 28650
Command: qmail-lspawn
Found HIDDEN PID: 28651
Command: qmail-rspawn
Found HIDDEN PID: 28652
Command: qmail-clean
Found HIDDEN PID: 28784
Found HIDDEN PID: 28804
Found HIDDEN PID: 29432
Found HIDDEN PID: 30456
Command: /usr/sbin/apache2
Found HIDDEN PID: 31017
Found HIDDEN PID: 31180
Found HIDDEN PID: 31215
Found HIDDEN PID: 32041
Command: /usr/sbin/sw-cp-serverd
Found HIDDEN PID: 32239
Command: /usr/sbin/cron
[*]Searching for Hidden processes through sched_rr_get_interval() scanning
Found HIDDEN PID: 1
Command: init [2]
Found HIDDEN PID: 407
Found HIDDEN PID: 735
Found HIDDEN PID: 1431
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:47525)
Found HIDDEN PID: 1759
Command: proftpd: connected: 72.159.168.50 (72.159.168.50:33625)
Found HIDDEN PID: 2713
Found HIDDEN PID: 2772
Found HIDDEN PID: 2773
Found HIDDEN PID: 2774
Found HIDDEN PID: 3737
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3796
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3797
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 3798
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 4239
Found HIDDEN PID: 5263
Command: /usr/sbin/apache2
Found HIDDEN PID: 6186
Found HIDDEN PID: 6187
Found HIDDEN PID: 6188
Found HIDDEN PID: 6706
Found HIDDEN PID: 6755
Found HIDDEN PID: 6813
Found HIDDEN PID: 6814
Found HIDDEN PID: 6815
Found HIDDEN PID: 7115
Found HIDDEN PID: 7144
Found HIDDEN PID: 7145
Found HIDDEN PID: 7146
Found HIDDEN PID: 7210
Command: unhide-linux26
Found HIDDEN PID: 7211
Command: tee
Found HIDDEN PID: 7730
Command: /usr/sbin/apache2
Found HIDDEN PID: 7779
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7837
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7838
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 7839
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8139
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8168
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8169
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 8170
Command: /usr/bin/sw-engine-cgi
Found HIDDEN PID: 9032
Found HIDDEN PID: 9040
Found HIDDEN PID: 10946
Found HIDDEN PID: 10947
Found HIDDEN PID: 11244
Found HIDDEN PID: 11246
Found HIDDEN PID: 11970
Command: /usr/sbin/apache2
Found HIDDEN PID: 11971
Command: /usr/sbin/apache2
Found HIDDEN PID: 12268
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1734)
Found HIDDEN PID: 12270
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:1756)
Found HIDDEN PID: 12931
Found HIDDEN PID: 13955
Command: /usr/bin/freshclam
Found HIDDEN PID: 15157
Found HIDDEN PID: 15158
Found HIDDEN PID: 17292
Found HIDDEN PID: 18316
Command: /usr/sbin/apache2
Found HIDDEN PID: 18801
Found HIDDEN PID: 18848
Found HIDDEN PID: 18913
Found HIDDEN PID: 18914
Found HIDDEN PID: 19108
Found HIDDEN PID: 19122
Found HIDDEN PID: 19228
Found HIDDEN PID: 19274
Found HIDDEN PID: 19825
Command: sshd: root@pts/1
Found HIDDEN PID: 19872
Command: -bash
Found HIDDEN PID: 19937
Command: clamscan
Found HIDDEN PID: 19938
Command: tee
Found HIDDEN PID: 20132
Command: sshd: root@pts/0
Found HIDDEN PID: 20146
Command: -bash
Found HIDDEN PID: 20252
Command: sshd: root@pts/2
Found HIDDEN PID: 20298
Command: -bash
Found HIDDEN PID: 20496
Found HIDDEN PID: 20520
Found HIDDEN PID: 20604
Found HIDDEN PID: 21353
Found HIDDEN PID: 21355
Found HIDDEN PID: 21520
Command: /usr/sbin/apache2
Found HIDDEN PID: 21544
Command: /usr/sbin/apache2
Found HIDDEN PID: 22377
Command: unhide-linux26
Found HIDDEN PID: 22379
Command: tee
Found HIDDEN PID: 22693
Found HIDDEN PID: 22797
Found HIDDEN PID: 22799
Found HIDDEN PID: 22869
Found HIDDEN PID: 23443
Found HIDDEN PID: 23717
Command: /usr/sbin/apache2
Found HIDDEN PID: 23821
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2955)
Found HIDDEN PID: 23823
Command: proftpd: connected: 78.137.160.65 (78.137.160.65:2977)
Found HIDDEN PID: 24467
Command: /bin/sh
Found HIDDEN PID: 24587
Found HIDDEN PID: 24593
Found HIDDEN PID: 24619
Found HIDDEN PID: 24620
Found HIDDEN PID: 24621
Found HIDDEN PID: 24622
Found HIDDEN PID: 24744
Found HIDDEN PID: 24745
Found HIDDEN PID: 24756
Found HIDDEN PID: 24759
Found HIDDEN PID: 24784
Found HIDDEN PID: 25084
Found HIDDEN PID: 25397
Found HIDDEN PID: 25455
Found HIDDEN PID: 25457
Found HIDDEN PID: 25461
Found HIDDEN PID: 25501
Found HIDDEN PID: 25581
Found HIDDEN PID: 25589
Found HIDDEN PID: 25592
Found HIDDEN PID: 25617
Command: logger
Found HIDDEN PID: 26108
Command: /usr/sbin/apache2
Found HIDDEN PID: 26421
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26479
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26481
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26485
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26525
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26605
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26613
Command: /usr/lib/courier-imap/couriertcpd
Found HIDDEN PID: 26616
Command: /usr/sbin/courierlogger
Found HIDDEN PID: 26698
Found HIDDEN PID: 26700
Found HIDDEN PID: 26918
Found HIDDEN PID: 26925
Found HIDDEN PID: 27038
Found HIDDEN PID: 27076
Found HIDDEN PID: 27156
Found HIDDEN PID: 27240
Found HIDDEN PID: 27241
Found HIDDEN PID: 27242
Found HIDDEN PID: 27243
Found HIDDEN PID: 27248
Found HIDDEN PID: 27259
Found HIDDEN PID: 27261
Found HIDDEN PID: 27262
Found HIDDEN PID: 27623
Found HIDDEN PID: 27625
Found HIDDEN PID: 27626
Found HIDDEN PID: 27627
Found HIDDEN PID: 27628
Found HIDDEN PID: 27722
Command: /sbin/ttyload
Found HIDDEN PID: 27724
Command: ttymon
Found HIDDEN PID: 27942
Command: /usr/sbin/apache2
Found HIDDEN PID: 27949
Command: /usr/sbin/apache2
Found HIDDEN PID: 28062
Command: /sbin/syslogd
Found HIDDEN PID: 28100
Command: /usr/sbin/ssh