Help with likely security issue

Support for security such as Firewalls and securing linux
Post Reply
TomE
Posts: 20
Joined: 2011/09/19 22:09:35

Help with likely security issue

Post by TomE » 2014/04/29 13:59:49

I'm running CentOS 5.4 as a mail/web/samba server at our business. There are 6 windows clients, a mix of windows 7 professional and XPsp2. It appears one of the XP machines has some sort of malware/virus on it that is trying to launch - something, I don't know what. Here is an output from logwatch:

Code: Select all

Couldn't find services:
    inspectio : 4 Time(s)
    inspection : 100 Time(s)
    inspection.bat : 1 Time(s)
    inspection.cmd : 1 Time(s)
    inspection.com : 1 Time(s)
    inspection.dll : 1 Time(s)
    inspection.exe : 1 Time(s)
    inspection.lnk : 1 Time(s)
    inspection.pif : 1 Time(s)
    is : 20 Time(s)
    iso.bat : 5 Time(s)
    iso.cmd : 5 Time(s)
    iso.com : 5 Time(s)
    iso.dll : 5 Time(s)
    iso.exe : 5 Time(s)
    iso.lnk : 5 Time(s)
    iso.pif : 5 Time(s)
    jobbos : 4 Time(s)
    jobboss.bat : 1 Time(s)
    jobboss.cmd : 1 Time(s)
    jobboss.com : 1 Time(s)
    jobboss.dll : 1 Time(s)
    jobboss.exe : 1 Time(s)
    jobboss.lnk : 1 Time(s)
    jobboss.pif : 1 Time(s)
    quote : 4 Time(s)
    quotes.bat : 1 Time(s)
    quotes.cmd : 1 Time(s)
    quotes.com : 1 Time(s)
    quotes.dll : 1 Time(s)
    quotes.exe : 1 Time(s)
    quotes.lnk : 1 Time(s)
    quotes.pif : 1 Time(s)
    to : 16 Time(s)
    tom.bat : 4 Time(s)
    tom.cmd : 4 Time(s)
    tom.com : 4 Time(s)
    tom.dll : 4 Time(s)
    tom.exe : 4 Time(s)
    tom.lnk : 4 Time(s)
    tom.pif : 4 Time(s)
Inspection, iso, quotes, and tom are all shares on the samba server.

I've run all kinds of AV and anti-malware utilities but can't find anything. I realize this is likely a windows problem, but I was hoping someone had seen something like this and could offer some advice on how I should approach this.
Top
gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Help with likely security issue

Post by gerald_clark » 2014/04/29 14:52:00

This is not a Windows forum. Furthermore, XP is no longer supported.

CentOS 5.4 is outdated and contains many attack vectors.
You should 'yum update' to 5.10 immediately.
Top
TomE
Posts: 20
Joined: 2011/09/19 22:09:35

Re: Help with likely security issue

Post by TomE » 2014/04/29 16:19:39

I realize its not a windows forum, I thought I made a disclaimer to that effect. I thought people who maintained centos/linux servers would be more likely to see the warning I am getting in logwatch than typical windows users.

While I'm tied to XP on the buggy machine, thanks for the advice on updating 5.4 to 5.10.
Top
drk
Posts: 405
Joined: 2014/01/30 20:38:28

Re: Help with likely security issue

Post by drk » 2014/04/29 19:16:07

TomE wrote:I've run all kinds of AV and anti-malware utilities but can't find anything. I realize this is likely a windows problem, but I was hoping someone had seen something like this and could offer some advice on how I should approach this.
Maybe try CCleaner. It's free from Piriform.
Top
Post Reply

Return to “CentOS 5 - Security Support”