HELP! Trojen TR/WMA.WIMAD.D.2

Hi,

I am having a problem when trying to access some of my sites. One of my visitors says that they got notified that a virus was on my site called Trojen TR/WMA.WIMAD.D.2. Can anyone assist me because my site keeps trying to redirect to this domain: http://nwtwebworks.com/ which I believe has something to do with this trojen.

Here is some information on my server:
WHM 10.8.0 cPanel 10.8.1-R113
RedHat Enterprise 3 i686 - WHM X v3.1.0

Processor InformationProcessor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Celeron(R) CPU 2.40GHz
Processor #1 speed: 2423.945 MHz
Processor #1 cache size: 128 KB



Memory InformationMemory: 1535024k/1564608k available (1529k kernel code, 24976k reserved, 1065k data, 164k init, 647104k highmem)



System InformationLinux 2.4.21-15.0.3.EL #1 Tue Jun 29 18:17:52 EDT 2004 i686 i686 i386 GNU/Linux



Physcial Diskshda: WDC WD800JB-00FSA0, ATA DISK drive
hdb: ST340014A, ATA DISK drive
hda: attached ide-disk driver.
hda: host protected area => 1
hda: 156301488 sectors (80026 MB) w/8192KiB Cache, CHS=9729/255/63, UDMA(100)
hdb: attached ide-disk driver.
hdb: host protected area => 1
hdb: 78165360 sectors (40021 MB) w/2048KiB Cache, CHS=4865/255/63, UDMA(100)



Current Memory Usage total used free shared buffers cached
Mem: 1539576 1529608 9968 0 42872 1294464
-/+ buffers/cache: 192272 1347304
Swap: 2097136 142856 1954280
Total: 3636712 1672464 1964248



Current Disk UsageFilesystem Size Used Avail Use% Mounted on
/dev/hda3 69G 21G 44G 33% /
/dev/hda1 198M 14M 174M 8% /boot
none 752M 0 752M 0% /dev/shm
/usr/tmpDSK 243M 16M 215M 7% /tmp
/tmp 243M 16M 215M 7% /var/tmp


------------------------------------------------------------------------------
Show Current Running Processes

Pid Name Exe Cwd
--------------------------------------------------------------------------------
1 (init) /sbin/init /
init


--------------------------------------------------------------------------------
2 (keventd) /



--------------------------------------------------------------------------------
3 (kapmd) /



--------------------------------------------------------------------------------
4 (ksoftirqd/0) /



--------------------------------------------------------------------------------
7 (bdflush) /



--------------------------------------------------------------------------------
5 (kswapd) /



--------------------------------------------------------------------------------
6 (kscand) /



--------------------------------------------------------------------------------
8 (kupdated) /



--------------------------------------------------------------------------------
9 (mdrecoveryd) /



--------------------------------------------------------------------------------
13 (kjournald) /



--------------------------------------------------------------------------------
68 (khubd) /



--------------------------------------------------------------------------------
478 (kjournald) /



--------------------------------------------------------------------------------
2211 (eth0) /



--------------------------------------------------------------------------------
2333 (syslogd) /sbin/syslogd /
syslogd -m 0


--------------------------------------------------------------------------------
2337 (klogd) /sbin/klogd /
klogd -x


--------------------------------------------------------------------------------
2418 (sshd) /usr/sbin/sshd /
/usr/sbin/sshd


--------------------------------------------------------------------------------
2433 (xinetd) /usr/sbin/xinetd /
xinetd -stayalive -pidfile /var/run/xinetd.pid


--------------------------------------------------------------------------------
2493 (chkservd) /usr/bin/perl /
chkservd


--------------------------------------------------------------------------------
2556 (clamd) /usr/sbin/clamd /
/usr/sbin/clamd


--------------------------------------------------------------------------------
2562 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -bd -q60m


--------------------------------------------------------------------------------
2566 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -tls-on-connect -bd -oX 465


--------------------------------------------------------------------------------
2572 (antirelayd) /usr/bin/perl /
antirelayd


--------------------------------------------------------------------------------
2638 (spamd) /usr/bin/perl /
/usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid -
-max-children=5

--------------------------------------------------------------------------------
2652 (spamd) /usr/bin/perl /
spamd child


--------------------------------------------------------------------------------
2653 (spamd) /usr/bin/perl /
spamd child


--------------------------------------------------------------------------------
2663 (crond) /usr/sbin/crond /var/spool
crond


--------------------------------------------------------------------------------
2678 (mysqld_safe) /bin/bash /var/lib
/bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-
file=/var/lib/mysql/server.bahamabrands.com.pid

--------------------------------------------------------------------------------
2724 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2848 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/base
cpsrvd - waiting for connections


--------------------------------------------------------------------------------
2857 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2858 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2867 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2868 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2869 (cpanellogd) /usr/bin/perl /
cpanellogd - sleeping for logs


--------------------------------------------------------------------------------
2874 (eximstats) /usr/bin/perl /
/usr/bin/perl /usr/local/cpanel/bin/eximstats


--------------------------------------------------------------------------------
2876 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2891 (entropychat) /usr/bin/perl /
entropychat


--------------------------------------------------------------------------------
2898 (melange) /usr/local/cpanel/3rdparty/ /
/usr/local/cpanel/bin/startmelange


--------------------------------------------------------------------------------
2900 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2920 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
2922 (stunnel-4.04lo /usr/bin/stunnel-4.04local /usr/local/cpanel/var/run/st
/usr/bin/stunnel-4.04local
/usr/local/cpanel/etc/stunnel/default/stunnel.conf.run

--------------------------------------------------------------------------------
2935 (rhnsd) /usr/sbin/rhnsd /
rhnsd --interval 240


--------------------------------------------------------------------------------
2954 (ipalert_statd) /usr/bin/perl /
/usr/bin/perl /usr/local/bin/ipalert_statd


--------------------------------------------------------------------------------
2976 (portsentry) /usr/sbin/portsentry /
/usr/sbin/portsentry -tcp


--------------------------------------------------------------------------------
3012 (cppop) /usr/local/cpanel/bin/cppop /
cppop - accepting on port 110


--------------------------------------------------------------------------------
3035 (loop0) /



--------------------------------------------------------------------------------
3036 (kjournald) /



--------------------------------------------------------------------------------
3049 (mdadm) /sbin/mdadm /
mdadm --monitor --scan -f


--------------------------------------------------------------------------------
3067 (mdmpd) /sbin/mdmpd /
mdmpd


--------------------------------------------------------------------------------
3081 (mingetty) /sbin/mingetty /
/sbin/mingetty tty1


--------------------------------------------------------------------------------
3082 (mingetty) /sbin/mingetty /
/sbin/mingetty tty2


--------------------------------------------------------------------------------
3083 (mingetty) /sbin/mingetty /
/sbin/mingetty tty3


--------------------------------------------------------------------------------
3084 (mingetty) /sbin/mingetty /
/sbin/mingetty tty4


--------------------------------------------------------------------------------
3085 (mingetty) /sbin/mingetty /
/sbin/mingetty tty5


--------------------------------------------------------------------------------
3086 (mingetty) /sbin/mingetty /
/sbin/mingetty tty6


--------------------------------------------------------------------------------
3318 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3321 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3325 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3341 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3777 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3778 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3780 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
3784 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
4924 (named) /usr/sbin/named /
/usr/sbin/named -u named


--------------------------------------------------------------------------------
13850 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16172 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16174 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16176 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16179 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16180 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16181 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16182 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
16184 (mysqld) /usr/sbin/mysqld /var/lib/mysql
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
pid-file=/var/lib/mysql/server.bahamabrands.com.pid --skip-locking --
socket=/var/lib/mysql/mysql.sock
--------------------------------------------------------------------------------
21366 (sshd) /usr/sbin/sshd /
sshd: root@pts/0


--------------------------------------------------------------------------------
21368 (bash) /bin/bash /root
-bash


--------------------------------------------------------------------------------
21475 (proftpd) /usr/sbin/proftpd /
proftpd: (accepting connections)


--------------------------------------------------------------------------------
21745 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
21746 (leechprotect) /usr/bin/perl /
/usr/bin/perl /usr/local/cpanel/bin/leechprotect


--------------------------------------------------------------------------------
27960 (proftpd) /usr/sbin/proftpd /
proftpd: connected: 127.0.0.1 (127.0.0.1:37404)


--------------------------------------------------------------------------------
28145 (httpd) /usr/local/apache/bin/httpd /home/bahamasi/public_html
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28162 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28163 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28164 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28166 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28167 (httpd) /usr/local/apache/bin/httpd /home/bahamasi/public_html
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28168 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28169 (httpd)



--------------------------------------------------------------------------------
28177 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28182 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28183 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28184 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28185 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28190 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/whostmgr/d
whostmgrd - serving 24.244.160.213


--------------------------------------------------------------------------------
28191 (whostmgr) /usr/local/cpanel/whostmgr/ /usr/local/cpanel/whostmgr/d
/usr/local/cpanel/whostmgr/bin/whostmgr ./simpleps


--------------------------------------------------------------------------------
28192 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/base
webmaild - serving 65.198.211.132


--------------------------------------------------------------------------------
28193 (php) /usr/local/cpanel/3rdparty/ /usr/local/cpanel/base/3rdpa
/usr/local/cpanel/3rdparty/bin/php
/usr/local/cpanel/base/3rdparty/squirrelmail/src/compose.php

--------------------------------------------------------------------------------
28198 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/base
webmaild - serving 65.198.211.132


--------------------------------------------------------------------------------
28201 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28202 (cppop) /usr/local/cpanel/bin/cppop /
cppop - serving 63.245.113.106 - AUTHORIZATION


--------------------------------------------------------------------------------
28204 (httpd) /usr/local/apache/bin/httpd /
/usr/local/apache/bin/httpd -DSSL


--------------------------------------------------------------------------------
28208 (php) /usr/local/cpanel/3rdparty/ /usr/local/cpanel/base/3rdpa
/usr/local/cpanel/3rdparty/bin/php
/usr/local/cpanel/base/3rdparty/squirrelmail/src/compose.php

--------------------------------------------------------------------------------
28213 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/base
webmaild - serving 65.198.211.132


--------------------------------------------------------------------------------
28215 (php) /usr/local/cpanel/3rdparty/ /usr/local/cpanel/base/3rdpa
/usr/local/cpanel/3rdparty/bin/php
/usr/local/cpanel/base/3rdparty/squirrelmail/src/compose.php

--------------------------------------------------------------------------------
28221 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -bd -q60m


--------------------------------------------------------------------------------
28222 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/base
webmaild - serving 65.198.211.132


--------------------------------------------------------------------------------
28223 (php) /usr/local/cpanel/3rdparty/ /usr/local/cpanel/base/3rdpa
/usr/local/cpanel/3rdparty/bin/php
/usr/local/cpanel/base/3rdparty/squirrelmail/src/compose.php

--------------------------------------------------------------------------------
28225 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -Mc 1FGe2U-0007Kc-W9


--------------------------------------------------------------------------------
28226 (simpleps) /usr/bin/perl /usr/local/cpanel/whostmgr/d
/usr/bin/perl /scripts/simpleps


--------------------------------------------------------------------------------
28227 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -Mc 1FGe2v-0007L0-3H


--------------------------------------------------------------------------------
28228 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -Mc 1FGe2w-0007Kx-1t


--------------------------------------------------------------------------------
28229 (exim) /usr/sbin/exim /var/spool/exim
/usr/sbin/exim -Mc 1FGe2w-0007Kk-2I


--------------------------------------------------------------------------------
28232 (exim) /usr/sbin/exim /
/usr/sbin/exim -Mc 1FGe2v-0007L0-3H


--------------------------------------------------------------------------------
28237 (exim)



--------------------------------------------------------------------------------

 

 

 

 

Top