-1

First off, I will say that I am a complete newbie and novice to Ubuntu. Currently, I am running 20.04.3 LTS.

So I have been dealing with a RAT that first infected my Windows PC and I highly suspect spread to my Android cellphone. I reinstalled Windows several times after wiping the hard drive and it kept coming back. So I switched to Ubuntu as a temporary fix.

I have been very cautious about any abnormal behavior exhibited by Ubuntu. I have noticed some strange behavior.

One is that an error message randomly popped up regarding focal security universe binary amd64. See photo posted below.

There was also an instance where the user login page looked different and I wondered if it was an overlay screen. Please see link of video here: https://streamable.com/gynn2t The backup logo appeared on the login screen and I could not click on it. Also, there is a brief secondary login screen after I already logged in to the first screen which makes me think it was an overlay login screen that I logged into.

There was also a file called agent.1761 and when I googled it, I found this link: https://community.synology.com/enu/forum/20/post/140792 This referenced a NAS which can be used to backup an OS including Windows and Ubuntu..

At one point, I also noticed that a network icon appeared on the login screen.

For reference, I reinstalled Ubuntu after I noticed all of this strange behavior. The current installation I have is where the error message popped up.

I also notice that the acessibility icon pops up on the login screen during night hours. I am on PST time. Hackers in other countries often log on during my night hours since it is daytime over in their region. When my Windows OS was hacked, the computer was removed into almost exclusively during my night hours.

My biggest question is how can I detect if Ubuntu has been hacked, has malware, a virus or a trojan? Secondly, how can I protect Ubuntu? I appreciate any help.

https://ibb.co/7yWgHKd https://ibb.co/pJKSWmH https://ibb.co/Y7yGz1P

'Error opening the cache (E: Unable to parse package file /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_focal-security_universe_binary-amd64_Packages(1), W:You may want to run apt-get update to correct these problems, E:The package cache file is corrupted)'. This usually means that your installed packages have unmet dependencies

error opening the cache

TheBlueNightSky
  • 1
  • 1
  • 1
    What you're showing has absolutely nothing to do with threats. It is likely a consequence of a poorly maintained system that may or may not have been caused by third party software (you should know what you installed outside of the official repositories). Start by correcting it: `sudo apt update && sudo apt full-upgrade` (in terminal). If any errors then please edit the question and post those messages in full within code tags, please do NOT post screenshots of command and commands output. – ChanganAuto Oct 07 '21 at 00:22
  • 3
    Did you do as was recommended, open the Terminal, and run `sudo apt update`? Have you also been adding/removing repositories from your apt configuration? If so, you'll want to confirm that there are no errors in the files and that everything is targeting the proper release of Ubuntu, which would be "focal" for your machine. – matigo Oct 07 '21 at 00:24
  • Ubuntu is considered safe unless you do something to make it not safe. Example of this include: installing untrusted or or outdated software that isn't in repositories, executing unsafe commands, running commands or scripts you found on the internet when you don't know what they do, altering system files or permissions without understanding the consequences, opening or forwarding ports, etc. – Nmath Oct 07 '21 at 02:34
  • Hi all, so I ran the commands as posted, sudo apt update and sudo apt full-upgrade. It said 37 packages can be upgraded. I then ran sudo apt full-upgrade. Everything went fine and no errors appeared. I did see it installed new version of configuration file /etc/dhcp/dhclient-entee-hooks.d/resolved. What does that do? Apologies for what may sound like dumb questions. As you can imagine I'm pretty cautious at this point. – TheBlueNightSky Oct 07 '21 at 04:16
  • Also wanted to mention that the only things I installed were ffmpeg and another codec I found on ask Ubuntu but can't remember the name of (I think it was libavcodec58). I also installed the yubikey software by following the yubikey website instructions. I have another question, has anyone heard of agent.1761‽ that was in my temp folder when I was noticing strange behaviors in Ubuntu and when I did a Google search, there was something that came up about a remote backup program that works with windows and Linux. At that time, I also noticed a backup icon was showing up on the login screen. – TheBlueNightSky Oct 07 '21 at 04:27
  • Here is the video of the weird login screen. You can see the backup icon that randomly appeared and I could not click on it. Then when I proceed to login, another login screen appears very briefly right after I log in which made me think the screen I logged into was possibly an overlay. https://streamable.com/gynn2t – TheBlueNightSky Oct 07 '21 at 04:34
  • Does this answer your question? [sudo apt get update gives error - The package cache file is corrupted](https://askubuntu.com/questions/895622/sudo-apt-get-update-gives-error-the-package-cache-file-is-corrupted) – karel Oct 07 '21 at 06:25
  • Hi Karl, thanks for the link! Unfortunately, that does not answer my question fully. There are multiple strange behaviors I encountered while using Ubuntu and I really just want to know how to detect if there is a virus or Trojan on my computer. Also, information on how to secure the Ubuntu OS would also be helpful. :) – TheBlueNightSky Oct 07 '21 at 16:12

1 Answers1

0

This message is not a sign that Ubuntu is hacked.

First, try to repair apt's cache. In terminal run commands:

sudo apt update
sudo apt --fix-broken install
Zanna
  • 69,223
  • 56
  • 216
  • 327
pasman pasmański
  • 1,757
  • 1
  • 6
  • 20