You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2021-12-06 05:29
- Stump
- Member
- Registered: 2021-12-06
- Posts: 2
rkhunter and chkrootkit results
I downloaded q4os-4.7-x64-tde.r1.iso from Sourceforge today, checked the md5sum as correct and then installed it to my HP computer. After installation, I installed rkhunter and chkrootkit and ran them against the newly installed system.
I am concerned about the results as posted below, especially the ones in the middle section.
I don't have enough technical knowledge to figure them out. I am reporting them to you first to let you know of an issue from a freshly downloaded and installed system, and also in hopes you can provide guidance as to what I should do.
Results were as follows:
groundhog@groundhog-hpelitedesk800g1usdt:~$ sudo chkrootkit -q
-e The following suspicious files and directories were found:
/usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo
/usr/lib/debug/.dwz
/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore
/usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep
/usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore
/usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore
/usr/lib/llvm-9/build/utils/lit/tests/.coveragerc
/usr/lib/hashcat/modules/.lock
/usr/lib/debug/.dwz
INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/.devcpq4.sh
OooPS, not expected 145601 value
chkproc: Warning: Possible LKM Trojan installed
wlx9cefd5fb1bcb: PACKET SNIFFER(/usr/sbin/NetworkManager[810], /usr/sbin/wpa_supplicant[818], /usr/sbin/wpa_supplicant[818])
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 878 tty7 /usr/lib/xorg/Xorg -br -deferglyphs 16 -nolisten tcp :0 vt7 -auth /var/run/xauth/A:0-qPZxXa
! groundh+ 145604 pts/1 /bin/bash
! groundh+ 261156 pts/1 sudo chkrootkit -q
! root 261157 pts/1 /bin/sh /usr/sbin/chkrootkit -q
! root 261847 pts/1 ./chkutmp
! root 261849 pts/1 ps axk tty,ruser,args -o tty,pid,ruser,args
! root 261848 pts/1 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
groundhog@groundhog-hpelitedesk800g1usdt:~$
Thanks in advance for your help.
Offline
#2 2021-12-06 12:47
- q4osteam
- Q4OS Team
- Registered: 2015-12-06
- Posts: 4,263
- Website
Re: rkhunter and chkrootkit results
The warnings are false positive surely. The "/tmp/.devcpq4.sh" file is a simple few lines script intended for development purposes. You can view and check it, you will see that the warning doesn't make much sense. The other files are just Debian files, if you are interested, you could compare md5sums of these files with the Debian originals.
Offline
#3 2021-12-06 22:41
- Stump
- Member
- Registered: 2021-12-06
- Posts: 2
Re: rkhunter and chkrootkit results
Thank you so much for the quick response.
I will use this as a baseline for my system moving forward, so I can know if anything invades my system in the future.
I used to have Eset Nod32 antivirus, but they are going end of life next year. I am trying to patch together some kind of antivirus / antimalware package to replace it as best I can.
Thank you.
Offline
#4 2021-12-07 10:34
- rаluma
- Member
- Registered: 2021-12-07
- Posts: 16
Re: rkhunter and chkrootkit results
Thank you so much for the quick response.
I will use this as a baseline for my system moving forward, so I can know if anything invades my system in the future.
I used to have Eset Nod32 antivirus, but they are going end of life next year. I am trying to patch together some kind of antivirus / antimalware package to replace it as best I can.
Thank you.
Hello!
Install clamav, it is included in the distribution.
Xor.DDoS it can find.
Regards.
Offline
Pages: 1