Help with possibile suckit rootkit

This morning i find:

Searching for Suckit rootkit ... Warning: /sbin/init INFECTED

and also:

Checking `sniffer'... /proc/6355/fd: No such file or directory


I know that suckit replaces /sbin/init with itself and then runs on a reboot, i ran:

ls -li /sbin/init /sbin/telinit

which looks ok

119402 -rwxr-xr-x 1 root root 27036 Feb 5 21:55 /sbin/init*
119410 lrwxrwxrwx 1 root root 4 May 13 00:59 /sbin/telinit -> init*

The strange listed process returns this:

6355 0.0 0.0 0 0 ? Z May13 0:00 [upcp <defunct>]


I did update cpanel the day before yesterday, so is this just a false alert and bit of a buggy cPanel update? i'm unsure of what to look for now so any help would be useful, thanks.

 

 

 

 

Top