Score:-1

Ubuntu

How can you detect if you are infected with malware, trojans and viruses in Ubuntu?

TheBlueNightSky

2/7/23, 12:08 AM

First off, I will say that I am a complete newbie and novice to Ubuntu. Currently, I am running 20.04.3 LTS.

So I have been dealing with a RAT that first infected my Windows PC and I highly suspect spread to my Android cellphone. I reinstalled Windows several times after wiping the hard drive and it kept coming back. So I switched to Ubuntu as a temporary fix.

I have been very cautious about any abnormal behavior exhibited by Ubuntu. I have noticed some strange behavior.

One is that an error message randomly popped up regarding focal security universe binary amd64. See photo posted below.

There was also an instance where the user login page looked different and I wondered if it was an overlay screen. Please see link of video here: https://streamable.com/gynn2t The backup logo appeared on the login screen and I could not click on it. Also, there is a brief secondary login screen after I already logged in to the first screen which makes me think it was an overlay login screen that I logged into.

There was also a file called agent.1761 and when I googled it, I found this link: https://community.synology.com/enu/forum/20/post/140792 This referenced a NAS which can be used to backup an OS including Windows and Ubuntu..

At one point, I also noticed that a network icon appeared on the login screen.

For reference, I reinstalled Ubuntu after I noticed all of this strange behavior. The current installation I have is where the error message popped up.

I also notice that the acessibility icon pops up on the login screen during night hours. I am on PST time. Hackers in other countries often log on during my night hours since it is daytime over in their region. When my Windows OS was hacked, the computer was removed into almost exclusively during my night hours.

My biggest question is how can I detect if Ubuntu has been hacked, has malware, a virus or a trojan? Secondly, how can I protect Ubuntu? I appreciate any help.

https://ibb.co/7yWgHKd https://ibb.co/pJKSWmH https://ibb.co/Y7yGz1P

'Error opening the cache (E: Unable to parse package file /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_focal-security_universe_binary-amd64_Packages(1), W:You may want to run apt-get update to correct these problems, E:The package cache file is corrupted)'. This usually means that your installed packages have unmet dependencies

220

0 + 0

security

trojan

ChanganAuto

2/7/23, 12:22 AM

What you're showing has absolutely nothing to do with threats. It is likely a consequence of a poorly maintained system that may or may not have been caused by third party software (you should know what you installed outside of the official repositories). Start by correcting it: `sudo apt update && sudo apt full-upgrade` (in terminal). If any errors then please edit the question and post those messages in full within code tags, please do NOT post screenshots of command and commands output.

matigo

2/7/23, 12:24 AM

Did you do as was recommended, open the Terminal, and run `sudo apt update`? Have you also been adding/removing repositories from your apt configuration? If so, you'll want to confirm that there are no errors in the files and that everything is targeting the proper release of Ubuntu, which would be "focal" for your machine.

Nmath

2/7/23, 2:34 AM

Ubuntu is considered safe unless you do something to make it not safe. Example of this include: installing untrusted or or outdated software that isn't in repositories, executing unsafe commands, running commands or scripts you found on the internet when you don't know what they do, altering system files or permissions without understanding the consequences, opening or forwarding ports, etc.

TheBlueNightSky

2/7/23, 4:16 AM

Hi all, so I ran the commands as posted, sudo apt update and sudo apt full-upgrade. It said 37 packages can be upgraded. I then ran sudo apt full-upgrade. Everything went fine and no errors appeared. I did see it installed new version of configuration file /etc/dhcp/dhclient-entee-hooks.d/resolved. What does that do? Apologies for what may sound like dumb questions. As you can imagine I'm pretty cautious at this point.

TheBlueNightSky

2/7/23, 4:27 AM

Also wanted to mention that the only things I installed were ffmpeg and another codec I found on ask Ubuntu but can't remember the name of (I think it was libavcodec58). I also installed the yubikey software by following the yubikey website instructions. I have another question, has anyone heard of agent.1761‽ that was in my temp folder when I was noticing strange behaviors in Ubuntu and when I did a Google search, there was something that came up about a remote backup program that works with windows and Linux. At that time, I also noticed a backup icon was showing up on the login screen.

TheBlueNightSky

2/7/23, 4:34 AM

Here is the video of the weird login screen. You can see the backup icon that randomly appeared and I could not click on it. Then when I proceed to login, another login screen appears very briefly right after I log in which made me think the screen I logged into was possibly an overlay. https://streamable.com/gynn2t

karel

2/7/23, 6:25 AM

Does this answer your question? [sudo apt get update gives error - The package cache file is corrupted](https://askubuntu.com/questions/895622/sudo-apt-get-update-gives-error-the-package-cache-file-is-corrupted)

TheBlueNightSky

2/7/23, 4:12 PM

Hi Karl, thanks for the link! Unfortunately, that does not answer my question fully. There are multiple strange behaviors I encountered while using Ubuntu and I really just want to know how to detect if there is a virus or Trojan on my computer. Also, information on how to secure the Ubuntu OS would also be helpful. :)

Score:0

Ubuntu

pasman pasmański

2/7/23, 5:01 AM

This message is not a sign that Ubuntu is hacked.

First, try to repair apt's cache. In terminal run commands:

sudo apt update
sudo apt --fix-broken install

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can you detect if you are infected with malware, trojans and viruses in Ubuntu?

TH: คุณจะตรวจจับได้อย่างไรว่าคุณติดมัลแวร์ โทรจัน และไวรัสใน Ubuntu?

RO: Cum puteți detecta dacă sunteți infectat cu malware, troieni și viruși în Ubuntu?

RU: Как определить, заражены ли вы вредоносными программами, троянами и вирусами в Ubuntu?

VI: Làm thế nào bạn có thể phát hiện nếu bạn bị nhiễm phần mềm độc hại, trojan và vi rút trong Ubuntu?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.