2

I am running Ubuntu 14.04 32bit.

Recently, I decided to install ClamAV. It keeps warning me about this pua.win.trojan.xored-1. I read online that this means I have a rootkit.

I download and ran chkrootkit. It says the following:

The following suspicious files and directories were found:  
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit

Searching for Suckit rootkit...  Warning: /sbin/init INFECTED

I just ran rkhunter and this came up:

/usr/bin/unhide.rb [ Warning ]

To remedy the problem, I am currently downloading a new Ubuntu ISO. I will re-install everything from scratch. Assuming that I have a rootkit, is this enough to solve the problem?

Update: I didn't know that rkhunter wasn't finished yet. Here is some more:

Checking /dev for suspicious file types                  [ Warning ]
Checking for hidden files and directories                [ Warning ]
Lumo5
  • 249
  • 2
  • 7
  • 3
    You didn't. ClamAV is able to find more files not infected by a rootkit than it can find rootkits. The amount of false positives nears 100%. Delete it and never look at it again would be my advice. "I am currently downloading a new Ubuntu ISO" Please don't. – Rinzwind Apr 10 '17 at 07:56
  • I did download it but I didn't install it yet. I updated my question. I didn't realise that rkhunter wasn't finished yet. Are you sure that I am safe? – Lumo5 Apr 10 '17 at 09:34
  • 2
    I have not a single shred of doubt when claiming you are safe. It is impossible to get a rootkit on Ubuntu IF you stick to the repositories and known sources for installing software, and do not mess with your security settings Ubuntu uses as a default. The they only issue might be the people around you; so use a good password and do not leave your system unattended with a sudo session active. – Rinzwind Apr 10 '17 at 09:38

0 Answers0