Ubuntu – How to remove malware


I use ubuntu 32 bit and chrome's infected with the softwareupdaterlp virus. I don't really know what steps I should take aside from resetting/re-installing chrome. Would really appreciate any tips on identifying and removing corrupted or infected files related to the malware.

Best Answer

Here are couple of suggestions. When I mention commands, those are to be issued in command-line aka terminal , which you can access by pressing CtrlAltT

  1. Remove google-chrome related folders, e.g. /home/username/.config/google-chrome and /home/username/.cache/google-chrome. You can find others with locate google-chrome command.
  2. Remove google-chrome completely with sudo apt-get remove --purge google-chrome or sudo dpkg --purge google-chrome.
  3. Get an antivirus or rootkit checker, as well as system cleaning programs. jkrix mentioned ClamTK, which is decent option, but there's others. Open Software Center and simply search for rootkit or antivirus or security. As for cleaning software, I recommend BleachBit.
  4. Popup adware might not necessarily infect viruses but rather routers. Refer to this post on askubuntu.com.
  5. Remove .macromedia folder; flash-player related adware isn't something unheard of.
  6. Adware might not necessarily be attatched to the browser, but come from somewhere else. Open chrome (with only one page if possible) and in terminal isssue the command netstat -tulpan > netscan.txt && gnome-open netscan.txt. This will output list of established connections with list of which progams have established those connections. The text file will be opened as soon as the scan complete with gedit, which is a default text editor in Ubuntu.
  7. If things don't work out, backup your files and reinstall the whole system. Upon completing the reinstall get yourself a firewall and chrome plug-ins such as adblock or Better Privacy. Reinstalling whole system may sound paranoid, but if a system is seriously compromised, it's better be safe than sorry.

You could also ask about your issue on security.stackexchange.com . That site is all about cyber security in general, and you probably will find much better solutions than here.

Best of luck to you !