cat /dev/sda output contains references to malware

Question

When using "cat /dev/sda" I see the word trojan appear a lot as well as many names of known trojans like Nymaim, Bedep and so on. Here is a snippet:

b5928a2d2656ba5ef3001dc04350e5a0:399262:Win.Malwar e.Nymaim-5165:73
15739e1c0caeb02e3a2ab49dca1e630c:523584:Win.Malwar e.Nymaim-5166:73
d83bdaa831c5784f98dd9535c406abdd:398848:Win.Malwar e.Nymaim-5167:73
7f052f366d2db24e665df30a6c57e512:621568:Win.Malwar e.Nymaim-5168:73
92f97eddf93f2c1b60ad81d5ffe8e7b0:455450:Win.Malwar e.Nymaim-5169:73
af05d12c942d0b32b7c74f9b6260b7d1:858528:Win.Malwar e.Nymaim-5170:73
be3b18835ffb457d1adec8eb92454699:704656:Win.Malwar e.Nymaim-5171:73
a6b90fede77dd72bf3a22fb681174836:460659:Win.Malwar e.Nymaim-5172:73
9c67bc979b6b8a6a73f0b5bc9892af92:882176:Win.Malwar e.Nymaim-5173:73
9d521721d18d51a2c05001c6053e0fac:632832:Win.Malwar e.Nymaim-5174:73
ffcd0c4673e6bafe1d832c0c9c155df2:631808:Win.Malwar e.Nymaim-5175:73
e82598e1b5ec50ad0a2945d3decc8c47:459481:Win.Malwar e.Nymaim-5176:73
af8aa6dacd8ce8a1cb315ec8e575dc31:413306:Win.Malwar e.Nymaim-5177:73
ce7d2a159bf7ee9c9259a2a1562fc5d0:823808:Win.Malwar e.Nymaim-5178:73
0263a52151c4dbad15aa1f973e0fb667:878080:Win.Malwar e.Nymaim-5179:73
b9a6b570c06711f5353de0df378d938a:463672:Win.Malwar e.Nymaim-5180:73
761db21243595084594f3c24800793f6:621568:Win.Malwar e.Nymaim-5181:73
09b0e76ed51c2915ecb1c883f02541a3:628224:Win.Malwar e.Nymaim-5182:73
a3602215150edc5eb9c8d7e41e84a26c:492360:Win.Malwar e.Nymaim-5183:73
eabd837f079d154c08d971f11541ce16:126845:Win.Malwar e.Nymaim-5184:73
b54adf172042cb0b7b68cbffc500cf02:500351:Win.Malwar e.Nymaim-5185:73
88c1ade5713a32615b9e65a9d7b8d7fc:514936:Win.Malwar e.Nymaim-5186:73
255d34cd4244d56643f27b799f62e592:358766:Win.Malwar e.Nymaim-5187:73
17c3dbd3999be0e50b3b9d620e20b027:645632:Win.Malwar e.Nymaim-5188:73
ec6ad6c943dd497c46ccd9219471ccf9:458368:Win.Malwar e.Nymaim-5189:73
c4e1239d87fc4db44b0a56d0e6ec66da:496128:Win.Malwar e.Nymaim-5190:73
5f7c663c15dd0484274d22a899248523:651776:Win.Malwar e.Nymaim-5191:73
4ff7c4eab0ab82e7205fe123e1f7057b:637952:Win.Malwar e.Nymaim-5192:73
7f979bf76fdaea505356ba0133db5bdd:916320:Win.Malwar e.Nymaim-5193:73

I'm running Ubuntu 16.04 LTS.

Does this mean I a infected with various Malware/Trojans and if so how do I safely remove them?

Or is a full hard drive wipe the safest way?

Thanks in advance

Answer 1

There is absolutely nothing to worry about.

cat /dev/sda prints the raw contents of your whole first hard disk (all partitions and unpartitioned space, including all files on there as well as all unused space which might contain remainders of stuff that was previously stored there).

What you see is part of a malware signature file used by some antivirus software you might have installed.

---

I actually checked these lines on my own system and I found them - they are part of the file /var/lib/clamav/daily.cld (and maybe some other files in that directory).

As expected, this file is part of ClamAV, a malware scanner. If you want, you can examine this file with a text viewer like less /var/lib/clamav/daily.cld (probably better not with a GUI editor, because the file is quite big, around 100-200MB).