Download the following:

Rootkit Hunter -- Install and run that. It's a very simple tool to install and run. It's a piece of cake as we like to say.

Next you'll want to get Chkrootkit

[root@host src]# tar zxvf chkrootkit.tar.gz
====8<------
[root@host src]# cd chkrootkit-0.47/
[root@host chkrootkit-0.47]# ls
ACKNOWLEDGMENTS chkproc.c chkwtmp.c README
check_wtmpx.c chkrootkit COPYRIGHT README.chklastlog
chkdirs.c chkrootkit.lsm ifpromisc.c README.chkwtmp
chklastlog.c chkutmp.c Makefile strings.c
[root@host chkrootkit-0.47]# make sense
====8<------
[root@host chkrootkit-0.47]# ./chkrootkit

Now there's a few issues with Chkrootkit, it will show a few false positives, especially if you're running CPanel.

Next, run this command:

find /dev/ -type f

There should be only a few files in there. MAKEDEV is one, .udev.tdb is another. If there's anything other than that, check it by using the file command.

file <filename>

You can see what the files are, if there are executables you'll want to delete them immediately!

There's plenty more you can do, but this is a good start. CPanel has several tools in the security section, use those too. If you have any questions or see something suspicious, email This e-mail address is being protected from spambots. You need JavaScript enabled to view it or head over to the Portal.