Suspicious ports opened + spam in mailbox. Infected pc?

Viruses and worms
1

Hi,
I am just worried about couple things with my pc. First thing is that I received a lot of spam from one host on mailbox. 6 messages in a hour and next 10 during day.

Now I have just checked opened ports in my pc and I am really worried. Because processes such as chrome and firefox opens a lot of connections to different servers just after start, any page was not opened…

netstat -antp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -               
tcp      396      0 192.168.0.200:41758     64.233.167.138:443      ESTABLISHED 4811/chrome     
tcp      380      0 192.168.0.200:58280     213.189.45.123:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:55238     213.189.45.45:443       TIME_WAIT   -               
tcp        0      0 192.168.0.200:39124     74.125.206.94:443       ESTABLISHED 4577/firefox    
tcp        0      0 192.168.0.200:38119     74.125.71.95:443        ESTABLISHED 4811/chrome     
tcp        0  20984 192.168.0.200:58279     213.189.45.123:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:45964     74.125.195.101:443      TIME_WAIT   -               
tcp        0      0 192.168.0.200:38953     213.189.45.99:443       ESTABLISHED 4811/chrome     
tcp      348      0 192.168.0.200:48448     216.58.211.45:443       ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:49997     64.233.167.113:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:53494     74.125.206.95:443       ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:46935     213.189.45.94:443       ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:38118     74.125.71.95:443        ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:53466     91.214.237.8:8074       ESTABLISHED 2572/pidgin     
tcp        0      0 192.168.0.200:44764     74.125.206.138:80       TIME_WAIT   -               
tcp        0     77 192.168.0.200:54369     173.194.67.138:443      LAST_ACK    -               
tcp        0      0 192.168.0.200:49205     213.189.48.247:80       TIME_WAIT   -               
tcp        0      0 192.168.0.200:55923     173.194.65.188:5228     TIME_WAIT   -               
tcp        0      0 192.168.0.200:57702     74.125.71.99:443        ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:48447     216.58.211.45:443       ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:49998     64.233.167.113:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:43027     91.217.189.42:6667      ESTABLISHED 2572/pidgin     
tcp      380      0 192.168.0.200:41757     64.233.167.138:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:60637     74.125.136.188:5228     ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:35117     213.189.45.99:80        ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:39244     5.101.104.116:5222      ESTABLISHED 2572/pidgin     
tcp        0      0 192.168.0.200:35128     213.189.45.99:80        ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:42071     194.9.24.25:80          TIME_WAIT   -               
tcp        0      0 192.168.0.200:56299     213.189.45.88:443       ESTABLISHED 4577/firefox    
tcp        0      0 192.168.0.200:57668     137.254.120.26:80       TIME_WAIT   -               
tcp        0      0 192.168.0.200:48449     216.58.211.45:443       ESTABLISHED 4811/chrome     
tcp      396      0 192.168.0.200:52371     74.125.71.132:443       ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:53900     64.233.167.94:443       ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:54537     8.19.240.170:443        ESTABLISHED 4655/plugin-contain
tcp        0      0 192.168.0.200:60227     91.189.88.149:80        TIME_WAIT   -               
tcp        0      0 192.168.0.200:51627     213.189.45.98:443       ESTABLISHED 4577/firefox    
tcp      396      0 192.168.0.200:40153     173.194.112.204:443     ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:41154     91.189.92.152:80        TIME_WAIT   -               
tcp        0      0 192.168.0.200:49981     64.233.167.113:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:36725     213.189.45.49:443       TIME_WAIT   -               
tcp        0     77 192.168.0.200:49683     173.194.65.154:443      LAST_ACK    -               
tcp        0      0 192.168.0.200:39432     64.233.167.100:443      TIME_WAIT   -               
tcp        0      0 192.168.0.200:58379     185.26.183.130:80       TIME_WAIT   -               
tcp        0      0 192.168.0.200:48511     74.125.71.99:80         ESTABLISHED 4811/chrome     
tcp      380      0 192.168.0.200:38697     213.189.45.103:443      ESTABLISHED 4811/chrome     
tcp        0      0 192.168.0.200:44304     153.19.251.225:80       TIME_WAIT   -               
tcp        0      0 192.168.0.200:32918     91.189.95.83:80         TIME_WAIT   -               
tcp        0      0 192.168.0.200:49963     74.125.195.105:443      ESTABLISHED 4577/firefox    
tcp        0      0 192.168.0.200:59309     74.125.142.94:443       ESTABLISHED 4577/firefox    
tcp      380      0 192.168.0.200:56337     213.189.45.88:443       ESTABLISHED 4811/chrome     
tcp6       0      0 ::1:631                 :::*                    LISTEN      -               
tcp6       1      0 ::1:49806               ::1:631                 CLOSE_WAIT  -

Another time when I runned:

netstat -antp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -               
tcp        0      0 192.168.0.200:48871     8.20.213.166:443        ESTABLISHED 3011/plugin-contain
tcp        0      0 192.168.0.200:44714     74.125.195.104:443      ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:45088     213.189.45.25:443       ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:36483     74.125.71.18:443        ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:57537     213.189.48.207:80       TIME_WAIT   -               
tcp        0      0 192.168.0.200:57582     213.189.45.123:443      ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:53353     200.144.1.147:80        ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:53354     200.144.1.147:80        ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:41782     216.58.217.195:443      ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:37904     74.125.71.100:80        ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:48598     173.194.112.170:443     ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:53466     91.214.237.8:8074       ESTABLISHED 2572/pidgin     
tcp        0      0 192.168.0.200:56491     159.253.177.131:443     ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:47569     213.189.45.44:443       ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:56492     159.253.177.131:443     ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:38162     213.189.45.113:443      ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:41728     31.222.66.39:443        ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:43027     91.217.189.42:6667      ESTABLISHED 2572/pidgin     
tcp        0      0 192.168.0.200:58707     74.125.136.188:5228     ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:44973     213.189.45.40:443       ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:53355     200.144.1.147:80        ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:57427     8.20.213.71:80          TIME_WAIT   -               
tcp        0      0 192.168.0.200:39244     5.101.104.116:5222      ESTABLISHED 2572/pidgin     
tcp        0      0 192.168.0.200:58054     8.20.213.49:80          ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:56494     159.253.177.131:443     ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:47570     213.189.45.44:443       ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:53357     200.144.1.147:80        ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:58696     74.125.133.157:443      ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:41914     31.222.66.39:443        ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:53356     200.144.1.147:80        ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:49282     64.233.167.113:443      ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:56493     159.253.177.131:443     ESTABLISHED 2870/firefox    
tcp        0      0 192.168.0.200:43290     213.189.45.20:443       ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:48495     194.9.24.50:443         ESTABLISHED 2663/chrome     
tcp        0      0 192.168.0.200:53358     200.144.1.147:80        ESTABLISHED 2663/chrome     
tcp6       0      0 ::1:631                 :::*                    LISTEN      -               
tcp6       1      0 ::1:49806               ::1:631                 CLOSE_WAIT  -

And I was just curious is there is any ip from spam list which I receive…

ping emilioribas.sp.gov.br
PING emilioribas.sp.gov.br (200.144.1.150) 56(84) bytes of data.

When we check previous connections we can find 200.144.1.147:80.

When I checked reverse dns for this ip then I got www.emilioribas.sp.gov.br

It is just terrible because I have updated ubuntu and I have no idea what is just happening now…
I have no idea how I got infected and what made this infection…

2

see instructions https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

3

Ok but from this what I see this tools are for windows, is there any sense to run it under linux using wine?

4

aha … Linux, then we have a problem, never ever seen any of the malware removal team here do any work on Linux/Mac here

but Geeks to Go have a Linux help section http://www.geekstogo.com/forum/forum/177-linux/