do i have a rootkit or infected system

Question

I used chkrootkit recently and it turned up the following:

/usr/lib/pymodules/python2.7/.path
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit
/usr/lib/jvm/.java-1.7.0-openjdk-i386.jinfo
/usr/lib/jvm/.java-8-oracle.jinfo
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.core.runtime.compatibility.registry_3.5.100.v20120521-2346/.api_description
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/.settings
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/profileRegistry/JMC.profile/.lock
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/profileRegistry/JMC.profile/.data
/usr/lib/jvm/java-8-oracle/lib/visualvm/platform/.lastModified
/usr/lib/jvm/java-8-oracle/lib/visualvm/profiler/.lastModified
/usr/lib/jvm/java-8-oracle/lib/visualvm/visualvm/.lastModified
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/.settings
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/profileRegistry/JMC.profile/.data

and also:

Searching for Suckit rootkit...                             
Warning: /sbin/init INFECTED

score 0 · Answer 1 · edited Apr 13 '17 at 12:23

chkrootkit does not do full checks for additional files with "Suckit rootkit", so this is almost certainly a false-positive.

A tool which I would instead recommend using is called rkhunter, and this is because it does do additional file checks for Suckit Rootkit, and so does not make the same mistake.

You can install rkhunter with:

sudo apt-get install rkhunter

Read this for more information on chkrootkit detecting Suckit Rootkit's presence on the system, when in fact it is not present on the system: https://askubuntu.com/a/25179/364819

do i have a rootkit or infected system

1 Answers1