ClamAV found an infected file... should I use Darik's Boot and Nuke

Should I post the report I got or is it sensitive information?

Clam Antivirus found an infected file in Firefox folder. I was told by a computer savvy friend that I should use a trusted antivirus to remove any infected files.

Oh and the file seemed to have moved. Also I deleted the standard user account the file was in. I'm using Ubuntu 16.04 LTS. I think I want to just wipe my hard drive with Darik's Boot and Nuke and install Windows 10 and Debian or just Debian. What do you you think?

Without the report from ClamAV, it's hard to say what you mean by "infected". It should display the names of the files "infected", which I would not think would be "sensitive information".

Linux isn't Windows, it's much harder for viruses to propagate under a Linux system, because of the user privilege system implemented in Linux/UNIX.

It should be safe to just remove the "infected" file(s), but it would depend on the extent of the "infection".

1 members found this post helpful.

Here's the report:
The problem is I looked in that folder and found nothing.

I've since deleted that standard user account.
Does that solve my problem?

Yes, if that also deleted your user profile folder as well (normally does delete your user profile folder).

The file disappeared before I deleted the user account. Is using Darik's Boot and Nuke a good solution and installing a new OS a good solution?

Have you ran another virus scan?

While yes you could do what you're suggesting, it seems pretty heavy-handed to me. I think given that the detection was in Firefox's browser cache, just clearing the browser cache would have deleted it. Deleting your user account would have almost certainly cleared it, therefore I don't think there's any need for such a heavy-handed approach. It's up to you, but I think what you're suggesting is once again just overkill.

2 members found this post helpful.

I haven't run another scan. I think I'll try that. Thanks!
I wouldn't mind a heavy handed approach because I don't have anything important on this PC.
Thanks again.

Overkill IMO.
~/.cache/firefox/ can always be "nuked". All of any not-in-use ~/.cache/ for that matter.

Close browser, open terminal and issue >
back at your desktop, rescan, open browser, rescan again.
Observe and report.

deleting standard user account does NOT "fix" the problem

Clean the cache next time, and check again.

No, it does not. What is the problem? Finding nothing, or deleting "nothings"?

Next infection that is found here's what I'd do.

IF it below /home/$USER/.cache/ close the browser(s) and nuke /home/$USER/.cache/ and scan again.
Do not enable Potentially Unwanted Programs in clam-tk (PUPs)
No need to scan anything out of /home/$USER/

Don't need heavy handed anything.
"Nothing on it" is not a reason to go nuclear by deleting "user".

Just some advice
Good Luck!

1 members found this post helpful.

Just delete everything in
/home/$USER/.cache/
And clear the trash bin?

How is that different than deleting the account?

I think Habitual is just saying that deleting everything in the /home/$USER/.cache/ folder also deletes whatever apps cache that use that folder for their "cache", rather than using the app concerned (like Firefox) to clear that app's cache. Which is quite correct.

No, if your "trash bin" does not use that folder. On my machine the "trash bin" is actually stored in the /home/james/.local/share/Trash/ folder, which is a different folder again. Therefore in my case deleting the /home/$USER/.cache folder would have no effect on the "trash bin" and would not delete it's contents.

Because your "home" folder is only one part of your overall "user profile", your "user account" itself allows you to login and a "user account" could use a different folder to the /home/$USER folder. Also, your "user account" is defined in the /etc/passwd and /etc/shadow files, not in the /home/$USER folder. That's simply a folder dedicated to your "user account", where it can call "home".

1 members found this post helpful.

to explain:
something was in your browser's cache.
it disappeared by itself - that could have several harmless reasons. probably because your browser is set up to remove cached files after closing.

what was it then?
thankfully clamav has identified it for you.
searching yields one result.
if you, too, visited yahoo finance, that would explain it, but there is no reason that that particular baddie can't be found elsewhere.

did it do any harm to your computer? (i have no answer to that)

what to do?
browsing with an unconfigured browser is like sex with a stranger, without a condom.
you need to be careful which sites you visit, and especially where you allow javascript to be executed (99% of all mal/spy/etc.ware can't get onto your machine if javascript is disabled). i use the noscript addon.

I use noscript on one user account. But the account I posted about it didn't have noscript.

By securing my browser would you also say I change things that I currently have in Firefox like

1. Remembering my history
2. Remembering Usernames

I don't have Firefox remember passwords because I just write them down.

Sorry, I don't mean to waste anyone's time.
Here's the steps I've taken since starting this thread.
1. I've cleared cookies, site data and cached web content using Firefox preferences
2. I've scanned again with ClamAV twice and got a clean report.
3. I Googled "rm -fr ~/.cache/ ; exit" which habitual recommended but I didn't understand what it does (Although it's supposed to start with "rm -rf". I got this link
https://askubuntu.com/questions/3683...-from-terminal
I didn't really understand the other codes either.

I didn't visit the result ondoho was talking about because I don't know if clamxav.com is safe.

My friend said to make sure the problem wasn't a rootkit.
He advised reading the manpages for rkhunter if I didn't understand the program.
Wondering what my next steps should be.

One is overkill. One is a "fix" via proper maintenance.

Stitches vs surgery.

Gonna delete any user account that is infected, Forever??
http://linux.oneandoneis2.org/LNW.htm