So I ran a chkrootkit. I have linux.xor.ddos showing as infected. I read other forums online and I have seen things mentioning false positives. What is linux.xor.ddos file and how can I check if they are fine?
Asked
Active
Viewed 3,734 times
5
Tejas Lotlikar
- 2,985
RJ Adams
- 53
2 Answers
5
Binaries in /tmp are flagged as "linux.xor.ddos" regardless of if they're infected or not. This was the case with the poster.
Kevin Bowen
- 20,055
- 57
- 82
- 84
Lewis Smith
- 430
4
Any file under temporary folder marked as executable will raise a flag.
enigma@t495:/tmp$ touch virus
enigma@t495:/tmp$ chmod +x virus
enigma@t495:/tmp$ sudo chkrootkit
Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/virus
anotherday
- 41