Chkrootkit results, how to reinstall tpcd ?

Question

I run chkrootkit and these were the results.

Checking `tcpd'...                                          INFECTED
Searching for Linux.Xor.DDoS ...                            INFECTED: 
Possible Malicious Linux.Xor.DDoS installed
/tmp/timeshift/WwbV62M9/2018-22-12_10-00-02/script.sh
/tmp/timeshift/rPVBQw24/2018-21-12_08-00-02/script.sh
/tmp/timeshift/ICt8w9QP/2018-23-12_10-00-02/script.sh
/tmp/timeshift/Gi32umT0/2018-23-12_09-00-01/script.sh

Then for

sudo sha1sum /usr/sbin/tcpd

Result is: (which seems infected)

9ee346a9400f52e16576db35c310a72af391e199  /usr/sbin/tcpd

Possible duplicate of chkrootkit shows "tcpd" as INFECTED. Is it a false positive? — user535733, Dec 24 '18 at 22:48

score 0 · Answer 1 · answered Dec 24 '18 at 22:37

Very likely a false positive - check out this question:
chkrootkit shows "tcpd" as INFECTED. Is it a false positive?

Same for the other hit you got:
I ran ChkRootkit and came up with a infected file. I need help.

On my system it also flags tcpd as Infected although I don't even have it installed.

Chkrootkit results, how to reinstall tpcd ?

1 Answers1