My server seems to have been infected with a Trojan. I run a Ubuntu 14.04.3 LTS

When I approach one of the sites on my server my windows eset scanner blocks the link. Throwing a

"Trojan Iframe.MA"

detected.

When I scan with ClamAV after calling freshclam like so clamscan -r --bell --remove -i / clamscan found 1 infected file ... it removes it..

but then I also get 10.800 errors (Permission denied) some of the directories showing up are below

/sys/module/xt_tcpudp

/sys/module/xt_multiport

/sys/module/xt_conntrack

And the site still seems to be infected.

Does anyone recognize this issue? And what should I do about it?

It was suggested I should have run as root. Forgot to say I log in as root. Just to be sure I ran it again like so sudo clamscan -r --bell --remove -i /

I will just add this log summary this puts out

Known viruses: 4007738 Engine version: 0.98.7 Scanned directories: 28308 Scanned files: 133513 Infected files: 0 Total errors: 10828 Data scanned: 4755.18 MB Data read: 5678.44 MB (ratio 0.84:1) Time: 615.395 sec (10 m 15 s)

In the end I found out the virus was inside a theme for a joomla site. And was pushing out mail using PHPMailer. Almost got me blacklisted.

However the question about why ClamAV doesn't scan everything still stands. Thanks for having a look.