any one can check this and tell us if its abad files(trojans)

Hi

last two days my server load show very very high (66) and netstat show many connections about (250) ....i tried every thing i can do ...but no thing happend ...

so i try to suspend all sites ...then unsuspend them one by one...

finally i discover the site wich cause high ****en load .....

when i check his cgi-bin folder i found these files ....which i added it to attachment .......

so plz i need any one to check them and tell me if that bad files ...

one of them called :

cpanelwrap.cgi


and here you are its content:
#!/usr/bin/perl

print "Content-type: text/html\r\n\r\n";

$quser = $ENV{'QUERY_STRING'};
$quser =~ s/\n//g;
$quser =~ s/\r//g;

chomp($pwd = `pwd`);
open(PASSWD,"/etc/passwd");
while(<PASSWD>){
($name,$x,$uid,$gid,undef,$homedir,$shell) =
split(/:/,$_);
next if (length($homedir) < 3);

if ($pwd =~ /^${homedir}\// || $pwd =~ /^${homedir}$/) {
$founduid = 1;
last;
}
}
close(PASSWD);
if ($founduid) {
print "MYUID: $uid\n";
} else {
if (getpwnam($quser)) {
$uid = (getpwnam($quser))[2];
print "MYUID: $uid\n";
}
}

print "REALUID: $>\n";

thnx in advance

 

 

 

 

Top