RJ Adams

Asked: 2018-10-24 17:07:12 +0800 CST2018-10-24 17:07:12 +0800 CST 2018-10-24 17:07:12 +0800 CST

I ran ChkRootkit and came up with a infected file. I need help

So I ran a chkrootkit. I have linux.xor.ddos showing as infected. I read other forums online and I have seen things mentioning false positives. What is linux.xor.ddos file and how can I check if they are fine?

2 Answers

Voted

Best Answer

Lewis Smith
2018-10-25T02:22:42+08:002018-10-25T02:22:42+08:00
Binaries in /tmp are flagged as "linux.xor.ddos" regardless of if they're infected or not. This was the case with the poster.
3

anotherday

2020-12-05T15:23:33+08:002020-12-05T15:23:33+08:00

Any file under temporary folder marked as executable will raise a flag.

enigma@t495:/tmp$ touch virus
enigma@t495:/tmp$ chmod +x virus
enigma@t495:/tmp$ sudo chkrootkit
Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/virus

I ran ChkRootkit and came up with a infected file. I need help

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?