I don’t remember installing it, everything about it seems “legitimate” grepping through the logs the installation date seems to be 21st January. There was always some slow down when I initially started firefox and today I had HTOP open just to see what was happening and Clamav and ClamAV freshclam process was there. How do I check if it is compromised or which user if any installed it?
SSH is disabled.
deleted by creator
Was anything else installed on the 21st? Might have been pulled down as a dependency of something.
to answer this question: if you’re on a dpkg-based system, check
/var/log/dpkg.log(or/var/log/dpkg.log.2.gzto get logs from January, if your system rotates them once a month).Or as a way for someone putting malware on the system to keep other malware away…
ClamAV
But on a serious note, no, I have no idea why that would happen.
As a start, you can use opensnitch to see what connections it makes.
Or Wireshark
