Do I have a rootkit? suckit detected in /sbin/init & chkutmp errors

just ran chkrootkit on a recently installed 14.04 lubuntu and it came up with:

Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:  
/lib/modules/3.16.0-30-generic/vdso/.build-id /lib/modules/3.16.0-31-generic/vdso/.build-id
/lib/modules/3.16.0-30-generic/vdso/.build-id /lib/modules/3.16.0-31-generic/vdso/.build-id

Searching for Romanian rootkit...                           nothing found
Searching for Suckit rootkit...                             Warning: /sbin/init INFECTED

Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         1204 tty7   /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected

As you can see there's some anomalies; what are those suspicious files and dirs? sickit in /sbin/init? chkutmp? I don't get any results like that on my other machine... So I tried rkhunter aswell, I'd post the whole log file but it's too many characters fand the post is limited to 30000

[12:14:00]   /usr/bin/unhide.rb                              [ Warning ]
[12:14:00] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text

[12:15:19] System checks summary
[12:15:19] =====================
[12:15:19]
[12:15:19] File properties checks...
[12:15:19] Files checked: 134
[12:15:19] Suspect files: 1
[12:15:19]
[12:15:19] Rootkit checks...
[12:15:19] Rootkits checked : 291
[12:15:19] Possible rootkits: 0
[12:15:19]
[12:15:19] Applications checks...
[12:15:19] All checks skipped
[12:15:19]
[12:15:19] The system checks took: 1 minute and 38 seconds
[12:15:19]
[12:15:19] Info: End date is Mon Mar 16 12:15:19 GMT 2015

rkhunter doesn't seem to indicate suckit, so is that a false positive from chkrootkit? or a false negative from rkhunter? what about those other warnings, can anyone give me any insight as to what they mean? I googled a few of those anomalous results but couldn't find anything.... which is usually a bad sign.

so, do I have a rootkit and if so, how do I remove it and repair any damage done?


chkrootkit does not do full checks for additional files with "Suckit rootkit", so this is almost certainly a false-positive if rkhunter does not detect the Suckit rootkit as being present on the machine in question, as rkhunter does do additional checks for these additional files which will be present on the system when it is infected with Suckit rootkit.

Read this for more information on chkrootkit detecting Suckit Rootkit's presence on the system, when in fact it is not present on the system: https://askubuntu.com/a/25179/364819