How to scan if Ubuntu is infected? server attack
Solution 1:
You could start with the following:
clamav
aide - it's not a malware scanner but an integrity tool, meaning you can check what files were changed since say yesterday.
-
check open ports:
sudo netstat -lpntu | less
If you have some wide open one, restrict them by IP for instance.
-
also check the running services to make sure you don't have anything suspicious:
pstree | less ps axu | less
check cron tasks
Solution 2:
Use ClamAV from Ubuntu see the instructions here. https://help.ubuntu.com/community/ClamAV
It is very strange to have any kind of malware on Ubuntu, but if any known viruses have been installed that should find it. However, I suspect that you do not use a static IP address and that the dynamically assigned IP address has been blocked prior to it being assigned to you. You should check and log your WAN IP address whenever you have the issue and when you don't for comparison.
Solution 3:
Advice above looks good also.
Adding this >> How to determine if mysterious programs in nethogs listing are malware ?
Are mysterious programs in nethogs listing malware ?
Confirm nethogs info using netstat to NAME the calling Program
# netstat -tapec
Active Internet connections (servers and established)
Proto, Recv-Q, Send-Q, Local Address, Foreign Address, State, User Inode, PID/Program name
root@-:~ tcp 0 0 192.168.0.55:46092 stackoverflow.com:https ESTABLISHED 2360457 3618/firefox
tcp 0 0 192.168.0.55:60884 ec2-35-160-7-16.u:https ESTABLISHED 35667 3618/firefox