Highest Voted 'chkrootkit' Questions - Ask Ubuntu Stack Exchange

25

votes

4 answers

chkrootkit shows "tcpd" as INFECTED. Is it a false positive?

Scan by chkrootkit shows "tcpd" as being INFECTED. Although a scan by rkhunter shows ok,(except for regular false positives) Shall I be worried? (I'm on Ubuntu 16.10 with 4.8.0-37-generic)

asked Feb 15 '17 at 05:59

user633620

253
1
3
4

19

votes

3 answers

Chkrootkit says "Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd", should I be worried?

I recently ran sudo chkrootkit and this was one of the results: Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd In my research on this I discovered this thread, so I tried running the…

ssh security rootkit chkrootkit

asked Dec 14 '15 at 20:58

user364819

4

votes

3 answers

Why doesn't chkrootkit test syslogd?

When I scan my machine with chkrootkit I notice that it always says for one of them: Checking `syslogd'... not tested Why is this not tested for? Should this be tested for? And if it is a good thing for it to…

security antivirus syslog rsyslog chkrootkit

asked Apr 03 '15 at 15:37

user364819

4

votes

2 answers

I ran ChkRootkit and came up with a infected file. I need help

So I ran a chkrootkit. I have linux.xor.ddos showing as infected. I read other forums online and I have seen things mentioning false positives. What is linux.xor.ddos file and how can I check if they are fine?

chkrootkit

asked Oct 24 '18 at 01:07

RJ Adams

43
1
3

3

votes

1 answer

Chkrootkit false-positive "whitelist"

I want to "white-list" some of the false-positives of chkrootkit, therefor i would like to use the /etc/chkrootkit.conf as a "white-list". But this does not work: RUN_DAILY_OPTS="-q -e '/sbin/init /sbin/dhclient' And i still get the following…

14.04 security chkrootkit

asked Sep 05 '16 at 13:04

Alex W.

33
3

3

votes

3 answers

How can I remove LINUX/EBURY from Ubuntu 16.04?

I was alerted that I had a virus in my Ubuntu 16.04 which I installed a few weeks ago. I verified the system with chkrootkit to see if it found anything and it did indeed find "LINUX/EBURY". I searched Google for information about how I can…

antivirus chkrootkit

asked Jul 12 '16 at 13:42

nogueira13

31
1
3

3

votes

2 answers

RKhunter and Chkrootkit

Running rkhunter showed the following error message-"Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/lwp-request". A quick search showed that I could get away with it by "commenting" the line…

rkhunter chkrootkit

asked Jul 26 '15 at 16:23

Mayank Singh

173
1
10

2

votes

0 answers

How did I get a rootkit?

I am running Ubuntu 14.04 32bit. Recently, I decided to install ClamAV. It keeps warning me about this pua.win.trojan.xored-1. I read online that this means I have a rootkit. I download and ran chkrootkit. It says the following: The following…

clamav rootkit chkrootkit

asked Apr 10 '17 at 07:01

Lumo5

249
2
7

2

votes

0 answers

what is the WTED file and what is it used for?

What is the WTED file and what is it used for? We ran the chkrootkit command and this was the output: Checking 'wted'... 1 deletion(s) between and After a lot of googling unfortunately we got nothing that clearly tells us…

debian chkrootkit

asked Mar 13 '17 at 19:20

xorinzor

124
1
13

2

votes

2 answers

What exactly is /lib/modules/4.4.0-XX-generic/vdso/.build-id

I did a rootkit search with chkrootkit and it came up with this strange set of files: /usr/lib/debug/.build-id /lib/modules/4.4.0-51-generic/vdso/.build-id /lib/modules/4.4.0-47-generic/vdso/.build-id /lib/modules/4.4.0-38-generic/vdso/.build-id…

kernel cleanup chkrootkit

asked Dec 03 '16 at 04:42

Astrum

151
3
10

2

votes

1 answer

rkhunter shows a possible rootkit or a false possitive?

When I do an rkhunter --check it shows me that I have possible rootkits: /usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator /usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator /usr/bin/rkhunter: 14795:…

kde5 rootkit rkhunter chkrootkit

asked Jun 05 '18 at 19:35

louiesanchezdj

722
2
6
13

1

vote

0 answers

chkrootkit reports tcpd to be infected, should I be worried?

I ran sudo chkrootkit today and was told this as a part of the output: Checking `tcpd'... INFECTED I am running Ubuntu GNOME 16.10 with GNOME 3.22, what does this mean, should I be worried and how can I…

security rootkit chkrootkit

asked Jan 03 '17 at 20:45

user364819

1

vote

1 answer

Is there any conflicts between running rkhunter and chkrootkit on one system?

Can I run rkhunter and chkrootkit at the same time on my Ubuntu Linux laptop without having to worry about conflicts?

malware rootkit rkhunter chkrootkit

asked Jan 24 '16 at 03:24

user496917

1

vote

1 answer

Backdoor.Linux.Gafgyt.A - How to detect an infection with this backdoor.

Yesterday I found out about the existence of the Backdoor.Linux.Gafgyt.A trojan backdoor. I did run chkrootkit vs 0.49 and rkhunter 1.40. But surprisingly in the logs, I could not see these programs had this quite new backdoor in their database.…

rkhunter chkrootkit trojan

asked Jun 10 '15 at 12:59

grtz

61
7

1

vote

1 answer

chkrootkit says "grep --color=auto INFECTED," what should I do?

I just installed and ran chkrootkit for the first time and when I ran sudo chkrootkit | grep INFECTED, it returned ![user] 21342 pts/0 grep --color=auto INFECTED I'm a complete novice at this and have no idea what that means or what I should do.…

grep malware chkrootkit

asked Nov 24 '22 at 09:42

galleon

11
1

Questions tagged [chkrootkit]