The message about the OKBD rootkit seems to be a false alarm...take a look at this thread. I think there's no reason to worry; it's just something related to java.
As for the "suspicious files and dirs" message: I googled a little bit and I also don't think it's anything to worry about. A lot of other people have reported getting the same output from chkrootkit, and no one has linked it to malicious activity. On the other hand, I didn't find anything (although I didn't search exhaustively) explaining what those hidden directories are for...no one seemed to have a definitive answer. But my guess is that since a lot of other people have similar results when running chkrootkit, it would definitely be clear if this were indicative of a trojan. Since that's not the case, I don't think you need to worry. I'm guessing that the only reason chkrootkit is worried about those files is that they're hidden directories at locations where it doesn't expect there to be hidden directories, but that doesn't necessarily mean there's a problem. If chkrootkit found hidden processes, that would be something to worry about.
If you want to remove those directories, try:
Code:
sudo rm -r /usr/lib/firefox/.autoreg /lib/linux-restricted-modules/.nvidia_new_installed /lib/modules/2.6.22-14-generic/volatile/.mounted
but again, I don't think this is necessary. The kind of rootkits you get on Linux are not like the trojans and other malware that bombard a Windows box. To get a rootkit on Linux, you have to do something really dumb, or somebody has to really want to attack you, which is probably not the case if you're just a casual desktop user. The biggest reason is that when you're logged in to your Ubuntu desktop, you don't have root privileges, so anything that touches you while you're browsing the web or reading email--the biggest entry points for malware--can't actually affect the system, even if it somehow could work on Linux (and all the hidden directories above were found in places where you can't write to without being root, so it's very improbable that any of them are related to your pr0n event). This isn't the case in Windows (at least up to XP; I hear that Vista locks down regular accounts but I don't know as I've never used it).
If you're really concerned about security, you might want to take a look at OSSEC. It basically watches your system constantly and tells you when it notices suspicious changes or suspicious log entries. It's going to be some work to set it up, but if you're really into security it could be worth it for you.
Bookmarks