My system has picked up a virus and I need help to eradicate it

The last one you showed was a false positive, and you can’t tell the difference, I have no reason to think the others aren’t as well.

The ClamAV has flagged a received e-Mail as being suspicious –

  1. Are you a CitiBank customer?
  2. If yes then, <???> are valid URLs to access that bank’s on-line services.
  3. If no then, that e-mail could, possibly be a Phishing e-mail but, the URL does point to a CitiBank service …

Take a look at the file mentioned with a text editor – the files in those Akonadi file DB data directories are “SMTP mail, ASCII text, with very long lines” …

  • If, the e-Mail header doesn’t contain anything suspicious –
    Return-Path:” isn’t pointing to a crazy domain;
    From:” isn’t pointing to a crazy domain;
    Date:” is sensible –
    Then, ClamAV is flagging a false positive …

Please consider activating the Spam Filter at the provider(s) of your e-Mail accounts –

  • Login to the Web interface(s) of your e-Mail account(s) and check under “Settings” if, the provider of your e-Mail account(s) provides such a service.

If your e-Mail service provider(s) aren’t so nice, consider installing the “bogofilter-common” and “bogofilter-db” packages to handle Spam directly in your KDE KMail.

But, I am not convinced that, either the KDE KMail application or the Mozilla Firefox application, have installed a Virus in your user space/directories …

  • You can check by using a fresh, new, test user – if that user doesn’t experience any issues with the GUI session’s Clipboard and LibreOffice then, there ain’t nothing strange installed on your system as such.

Which then, only leaves the Clipboard of the user who is experiencing this issue …


When I mention the KDE Plasma Clipboard, I mean this thing –

Thank you to all who are helping me with this problem. I should reiterate that the main flag that triggered my original post was the erratic placement of latent clipboard content into the LibreOffice document. I did a single paste and a latent clipboard content got pasted multiple times in a random fashion throughout the large LibreOffice document. This is certainly a sign of malware being present in my system!!

Update. I used the
clamscan -r --remove /home/USER command to delete the infected files.
I am considering my machine disinfected.
Again thank you for all help.

Ardour user here. I’m just curious, now that you’ve identified and cleared the virus / malware from your system, can you tell us which one it was ?
Also, did you build Ardour yourself or used an official build from the site ?

I picked up something by accessing a rogue Ardour manual, apparently before Firefox identified it as problematic.

" should not even exist. We need to fix that. It’s just "

This quote was copied from the Ardour forum that I likewise posted this issue on.

I only use official builds at this point.

I’m glad you’ve got it sorted, but I’m dubious you actually had malware. The issues that the antivirus found sound like it finding spam emails (which everyone receives). As long as you didn’t click on any links in those emails, you’re fine.

Obviously something went screwy with the pasting, but I’d suspect more likely a keyboard problem or maybe some software issue.


Same here. And the title sounds rather like panic. To begin with only one user was affected and NOT the system (as the “my system” in the title suggests). And there is no prove what soever that is was a virus:

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs.

The OP posted no indication of it replicating itself in any other program.


Just out of curiosity, after the clipboard contents were pasted into the document, did you simply close the document and tell LibreOffice not to save? That would seem an obvious first step.

You’re being incredibly pedantic in a way that unless you work in an information security space no one else is. Virus and malware to the vast majority are interchangeable, and it was clear from the post that this was the case here.

It was also pretty clear they did not have a problem.