I have 4 to 5 viruses every day under UBUNTU / FIREFOX says ClamTK
 

NO FIREFOX TABS OPEN
TIME VIRUS CLEAN 2016-07-18 19:56

LATER ONLY TABS OPEN:
Google
Facebook
Gmail

TIME VIRUS CHECK 2016-07-19 2:28
VIRUSES (ClamTK Home Directory 10,095 Files scanned):
PUA.Doc.Tool.LibreOfficeMacro-1

Seems to not come from the sites, but through the ports, like that famous worm in the early 00's

Is new for me: not in the Mozilla subdirectories but in the LibreOffice subdirectory, usually have 4 to 5 viruses per day in Mozilla subdirectories

I've heard about Basic on Linux. Probably kind of a technological progress or something... It's this or the candlestick.

Yes could be a visual basic macro

Can't find anything useful with "candlestick hack" or "candlestick virus" with google, what do you mean?

CLAMTK sometimes scans more files than othertimes, could be that this time he scanned the most, and alleged virus is a false positive

former scan 9,000 files
last scan 10,000 files

I don't know CLAMTK very well, but now the same installation also scans sometimes only 4,000, 5,000 or 6,000 files in home directory, I scan several times a day, so I noticed this in the reports

PUA is not enabled by default. Don't, or

OK

I do CLAMTK GUI most of the time

if there are viruses found by CLAMTK also: clamscan --remove -r /

also funny first scan only SSD any consecutive scan with same command it suddenly does whole computer (SSD, PHOTO CAMERA USB Stick, harddisk) takes forever ( > 4 hours) 1 Tb

You don't need to scan /

clamav doesn't clean anything. Have you noticed?
Remove and quarantine. you really want to trash your system for a false-positive
because clam-tk with PUA enabled, scanning / gave you the --remove "option"?
Do you think there's a reason to consider what I'm saying?

Worry about your stuff is my advice and you have that command.
Don't waste your time scanning anything that is not "your stuff". Linux can take of itself.

IF PUA.Doc.Tool.LibreOfficeMacro-1 showed up in "your stuff", upload the suspect file to virustotal.com
Clear your browser's cache once in awhile.

man clamscan shows -i is for "infected" and -r is for "report".
Nice and tidy short list of how many, and what/where infection of "your stuff".

clam-tk is just lipstick on the pig.
Don't trust your system to a lipstick wearing pig.

Than I would do:
I want recursive scan and get rid of the viruses, I delete in CLAMTK never quarantine, however if I can help the anti virus movement and must therefore quarantine in order to be able to send them by email to virustotal.com or upload or whatever, I would do that

Do you mean I get a list of viruses and locations, with

I must than upload them to virustotal.com, and manually delete the files? A bit laborious but I'm willing to help

What is "laborious" is scanning / unnecessarily.
Uploading to virustotal.com of a suspect file is just good Linux Admin 101.

Any monkey can delete stuph without investigating. Don't trash your system.

1. dont' scan /
2. Don't scan with PUA
3. Verify backup of your $HOME ("your stuff")
4. clamscan -ir $HOME --remove

Do what you want.

OK Thanks

How do I upload to virustotal.com? From quarantine directory or so? Would be nice if I first quarantined and from that uploaded, then I am already rid of the viruses. Moreover I have then a archive of the infections.

Uh, the "Choose File" button at virustotal.com?
Forget virustotal.
Trash your system, I don't care.

All I intended to say is
don't scan /
don't scan with PUA
delete if you want after independent verification at virustotal.com

Am I not making it clear?
Quarantine? You're using the --remove option.
Stop using the gui, it's useless to you.

Good Luck.

CLAMTK up to now only found PUA, with PUA's viruses system slows down to the point screen gets gray scale and freezes, no LINUX UBUNTU menu anymore, only mouse movement, no functionality

reboot, clamtk scan, delete 4 to 5 PUA's, system behaves normally for a couple of hours, then the next day the whole cycle over again

PUA's like:
html.trojan.agent.37075
html.exploit.cve_2015_1692-1
win.trojan.xored-1

Are these harmless HABITUAL?

I think you're falling into the trap of thinking that Linux is Windows and that ClamAV is picking up Linux viruses. What you are seeing are false positives because you're using a virus scanner mainly meant to pick up Windows viruses on a Linux server to prevent it serving those to Windows machines which may become infected.
Take a step back and explain what it is you are trying to do here. I think it's highly unlikely (though not impossible) that you'll have a virus slowing down your Linux system.

From my experience it helps to remove these PUA viruses, system becomes responsive for a couple of hours again, maybe your right, all I know is that something or someone is messing with my UBUNTU system, could coincidently correlate with the amount of "Windows" viruses, could be intended too to make me think that the cause is these PUA viruses, the fog of war

They're not viruses though.
It's typical when Windows runs slow to think "Oh, no, I must have a virus!" and do a virus scan because that can often be the case in Windows (sometimes it's not the case there either) but under Linux viruses are extremely rare. I could go on about a virus that slows down a system is pointless as it won't make money and a load of other things but the bottom line is that a slow system does not automatically mean that you have a virus (even under Windows).
Take a step back and look at what's happening when your system becomes unresponsive and in what way it is unresponsive. I suspect something like badly-scripted web pages full of rubbish are filling RAM and taking far too many processor cycles.

what is the "candlestick" Uplawski is talking about?