Information Security

Chkrootkit actions for node js and npm packages?

The problem is, my Linux has started to slow down wildly and now I'm looking for a reason. i5, 8 GB CPU, 256 gb ssd, but the YouTube page loads 2-3 minutes, and sometimes even hangs. top –i gives out a load of 5-15% percent and 15-20% RAM, basically consumes all chrome, 15-20 tabs are open all the time. Ran through lynis

and chkrootkit, the first one gave out a bunch of red messages

- Running 'systemd-analyze security'
        - ModemManager.service:                               [ MEDIUM ]
        - NetworkManager.service:                             [ EXPOSED ]
        - accounts-daemon.service:                            [ UNSAFE ]
        - alsa-state.service:                                 [ UNSAFE ]
...

and second

Searching for Linux.Xor.DDoS ...                            INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/yarn--1636842147265-0.38813459800572225/yarn
/tmp/yarn--1636842147265-0.38813459800572225/node


Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:  
/usr/lib/nodejs/iconv-lite/generation/source-data/.gitignore /usr/lib/nodejs/pump/.travis.yml /usr/lib/nodejs/ajv/.tonic_example.js /usr/lib/nodejs/ajv/scripts/.eslintrc.yml /usr/lib/nodejs/unique-filename/node_modules/unique-slug/.travis.yml /usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/noentry/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess

rkhunter issued

/usr/bin/lwp-request                                     [ Warning ]
    /usr/bin/bsd-mailx                                       [ Warning ]
Checking if SSH root access is allowed                   [ Warning ]

File properties checks...
    Files checked: 144
    Suspect files: 6

Rootkit checks...
    Rootkits checked : 499
    Possible rootkits: 1

also pieces 10+ warnings

other scans will work for a long time such as clamav

what, what actions would you advise to do with the examples above?