My wife clicked on a link to a website via Firefox browser yesterday, and got a popup message “Botnet malware” detected on your computer!
I clicked on Distrowatch today, and got the the same popup Botnet malware on Chromium browser on my computer all of the sudden for the first time!

The message says:
“Spectrum has detected activity from your Internet modem that suggests one or more of the computers in your home is infected with advanced botnet malaware. You can help prevent future botnets from harming your computers by downloading Security Suite is FREE service included with your Spectrum Internet”.
The operating system of all of our computers are KDE neon & updated. I have already checked, the extensions installed on Chromium or Firefox browser, and don’t see any strange extensions either.

I did a search and installed chkrootkit, and ran it. Everything looks fine as far as I can tell.
Here’s the output of chrootkit:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not found
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/python3/dist-packages/PyQt5/uic/widget-plugins/.noinit /usr/lib/debug/.build-id /usr/lib/jvm/.java-1.8.0-openjdk-amd64.jinfo /lib/modules/4.13.0-45-generic/vdso/.build-id /lib/modules/4.15.0-33-generic/vdso/.build-id /lib/modules/4.13.0-43-generic/vdso/.build-id /lib/modules/4.8.0-58-generic/vdso/.build-id /lib/modules/4.15.0-29-generic/vdso/.build-id /lib/modules/4.13.0-39-generic/vdso/.build-id
/usr/lib/debug/.build-id /lib/modules/4.13.0-45-generic/vdso/.build-id /lib/modules/4.15.0-33-generic/vdso/.build-id /lib/modules/4.13.0-43-generic/vdso/.build-id /lib/modules/4.8.0-58-generic/vdso/.build-id /lib/modules/4.15.0-29-generic/vdso/.build-id /lib/modules/4.13.0-39-generic/vdso/.build-id
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for **** Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
enp3s0: PACKET SNIFFER(/sbin/dhclient[1480])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user fred deleted or never logged from lastlog!
Checking `chkutmp'... chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected

SYSTEM INFO:
Kernel: 4.15.0-33-generic x86_64 (64 bit gcc: 5.4.0)
Desktop: KDE Plasma 5.13.4 (Qt 5.11.1) Distro: neon 16.04 xenial
Machine: Mobo: Gigabyte model: B85M-DS3H-A v: x.x
Bios: American Megatrends v: F2 date: 08/10/2015
CPU: Quad core Intel Core i7-4790K (-HT-MCP-) cache: 8192 KB
flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 31928
clock speeds: max: 4400 MHz 1: 4283 MHz 2: 4096 MHz 3: 4281 MHz 4: 4276 MHz
5: 4264 MHz 6: 4091 MHz 7: 4384 MHz 8: 4267 MHz
Graphics: Card: Advanced Micro Devices [AMD/ATI] Caicos PRO [Radeon HD 7450]
bus-ID: 01:00.0
Display Server: X.Org 1.19.6 drivers: ati,radeon (unloaded: fbdev,vesa)
Resolution: 1920x1080@60.00hz, 1920x1080@60.00hz
GLX Renderer: AMD CAICOS (DRM 2.50.0 / 4.15.0-33-generic, LLVM 6.0.0)
GLX Version: 3.0 Mesa 18.0.5 Direct Rendering: Yes
Audio: Card-1 Intel 8 Series/C220 Series High Definition Audio Controller
driver: snd_hda_intel bus-ID: 00:1b.0
Card-2 Advanced Micro Devices [AMD/ATI] Caicos HDMI Audio [Radeon HD 6400 Series]
driver: snd_hda_intel bus-ID: 01:00.1
Sound: Advanced Linux Sound Architecture v: k4.15.0-33-generic
Network: Card: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
driver: r8169 v: 2.3LK-NAPI port: d000 bus-ID: 03:00.0
IF: enp3s0 state: up speed: 100 Mbps duplex: full mac: <filter>
Drives: HDD Total Size: 500.1GB (30.9% used)
ID-1: /dev/sda model: Samsung_SSD_850 size: 500.1GB
Partition: ID-1: / size: 428G used: 114G (29%) fs: ext4 dev: /dev/dm-1
ID-2: /boot size: 472M used: 400M (90%) fs: ext2 dev: /dev/sda1
ID-3: swap-1 size: 33.25GB used: 0.00GB (0%) fs: swap dev: /dev/dm-3
RAID: No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors: System Temperatures: cpu: 29.8C mobo: 27.8C gpu: 47.5
Fan Speeds (in rpm): cpu: N/A
Info: Processes: 257 Uptime: 7:59 Memory: 4675.7/32134.7MB
Init: systemd runlevel: 5 Gcc sys: 5.4.0
Client: Shell (bash 4.3.481) inxi: 2.2.35

I am baffled as to how in the world this creeped up on a KDE Linux OS? Does anyone have any idea?
P.S. I forgot to mention that I have GUFW Firewall installed, and it's ON all the time.

A possibility: Spectrum wants you to use Windows so they can sell you more malware?

Could it be that your router is compromised or some other IOT device on your home network?

That's the only thing that I could think that caused this is, either the router, or the modem. I have updated the router's firmware and have changed the router's Wifi password. I also called Spectrum, and verfied the source. The message indeed came from them, but they denied any wrong doing, like false advertising! He stated their system detected a malware on a computer or something in my network. I told him that was impossible because I don't run any Windows OS in my home network.
Anyway, I installed Bleachbit, and cleaned up the system, and I have not seen that Malware pop up message so far. I wonder if an iphone with a bad or infected app connected via Wifi could have caused this? Also from what I've read you have to replace the router it's indeed infected, and cannot be fixed. How ever, I wonder if a modem also could be infected?

Updating OS/firmware of network connected devices including smart phones in many cases will solve this problem. If not, then you should find out which device is compromised and remove it from home network.

IPhone can be part of a botnet, but in my opinion it is unlikely scenario. Usually smart phone malware steals money through banking apps or online purchases, shows ADs or spies on you.

Update: in case of PC/Laptop software update might not help you. With these you either use antivirus/anti-malware soft or reinstall OS.

My suspicion is the router after looking into all the devices. I have reset the router, and changed the password, and have no longer seen the message to appear. So hopefully I got rid of it!

fredhoud wrote:My suspicion is the router after looking into all the devices. I have reset the router, and changed the password, and have no longer seen the message to appear. So hopefully I got rid of it!

also change passwords for all your online accounts that have been accessed from those devices.