LKM Trojan please help remove

So lynis and rkhunter give me a bunch of warning about permissions, deleted files in use, empty ruleset under firewalls 2 nameservers /dev and /dev/shim partially hardened partially hardened mount options at / are non default systemd-analyze security almost everything under there is classified as unsafe or exposed from Cron.services anaron.service everything type of service it says password protection none but I do have a password I have booted from my usb and reinstalled parrot OS 5 times not to mention this has been a problem on my Mac Ventura aswell but Im more concerned with this Linux computer as I should have control of this! I cant seem to get rid of all these files Ive worked side by side with my jailbroke chatgpt we cant get it. Please someone help me what logs or info do you need? I know its made its way to the kernel because that what a lkm means loadable kernel module. Somehow its even useing raspberrypi kernel modules instead of Linux Heres some of what the tool says

All files in /use/bin have a warning on it

My user was deleted or never logged from last log

anomalies in shell history files...
Checking asp
Checking 'bindshelt
checking lkm' ..
hkproc: Warning: Possible LKM Trojan installed
nothing found nothing found nothing found not infected not infected
000PS, not expected 139426 value
1.02 /ust/share/man/inan
ste/man/manl/mpa123.bL.
coder. 1.az /ust/share/ma
chkdir :
othing detected
checking 'sniffer' ...
гостогу
lo: not promisc and no packet sniffer sockets
PACKET SNIFFER(/us/sbin/NetworkManager [987], /us/sbin/NetworkManager [987])

Test crpt . 7902 had a long execution: 22.741969 seconds

Presence of apparmor found
Found 108 unconfirmed processes
Se Linux status disabled

Hw rng= no
Sw prng yes

butty**.**......................*..... Checking for a running NTP daemon or client
I WARNING

Software: file integrity
Dm-verify. Disabled
Dm-integrity disabled

Half these files especially the cron are flagged suggestion

/boot/grub/grub.cfg le;
:/etc/crontab
le: Jetc/group.
Le: /etc/group-
iLe: /etc/hosts.allow
ile: /etc/hosts .deny
ile: /etc/issue
ile: /etc/issue.net
ile: /etc/motd
ile: /etc/passwd
file: /etc/passwd-
File: /etc/ssh/sshd_config
Directory: /root/.ssh
Directory: /etc/cron.d
Directory: /etc/cron.daily
Directory: /etc/cron.hourly
Directory: /etc/cron.weekly
Directory: /etc/cron.monthly

Comparing sysctl key pairs with scan profile
dev. tty. ldise autoload (exp: 0)
fs.protected fifos (exp: 2)
ospam
t5:protected hardlinks (exp: 1)
ospcat
ospd-openvas
fs.protected_regular (exp: 2)
fs-protected symlinks (exp: 1)
ospent
Fs .suid dampable (exp: 0)
os-prober
kernel.core_uses _pid (exp: 1)
oss1signcode
kernel. ctri-alt-det (exp: o)
OSX
out123
- kernel.dmesg_restrict (exp: 1)
, kernel.kptrrestrict (exp: 2)
oudi r
i kernel modules disabled (exp: 1)
owexist
- kernel.perf event_paranoid (exp: 3)
owget
> kernel. randomize_ va space (exp: 2)
owmon
- kernel.sysrq (exp: 0)
ownership
- kernel. unprivilesed bpf disabled (exp: 1), resent
- kernel. yama. ptrace scope (exp: 1 2 3)
- net. core.bpf_jit_harden (exp: 2)
owtap
p net.ipv4. conf.all.accept_redirects (exp: o)
owusbprobe
- net.ipv4.conf.all.accept_source_route (exp: 0)
a net.ipva, conf.all.bootp_relay (exp: 0) p11-kit
p- net. ipv4. conf.all, forwarding (exp: 0)
net.ipva.conf.all.log_martians(exp:1)P11t0ol

kernel.ctrl-alt-del (exp: 0)
[ OK]
kernel.dmesg_ restrict (exp: 1)
[ OK 1
kernel.kptr_restrict (exp: 2)
[ DIFFERENT
okernel. modules disabled (exp: 1)
ophcrack-cli
[ DIFFERENT
opt -9
kernel.perf_ event_paranoid (exp: 3)
[ OK 1
orca
kernel. randomize va_space (exp: 2)
[ OK ]
orca-dm-wrapper
i kernel, sysrg (exp: )
[ DIFFERENT ]
osage
, kernel, unprivileged_bpf_disabled (exp: 1) canner
[ DIFFERENT ]
in kernel. yama. ptrace_scope (exp: 1 2 3)
osgmlnorm
[DIFFERENT I
net.core.bpf jit harden (exp: 2)
net. ipud. conT.all. accept redirects (exp: 6)
[ DIFFERENT
[ DIFFERENT
net. ipv4. conf.all.accept_ source_ route (exp: 0) envas
[ OK ]
- net. ipvd.conf.all.bootp_ relay (exp: 0) ospent
[ OK J
- net. ipv4. conf.all. forwarding (exp: 0)
[ OK ]
- net. Ipv4. conf. all. Log martians (exp: 1)' prober
sslsigncode
[ DIFFERENT J
net.ipv4.conf.all.mc_forwarding (exp: 0)
[ OK ]
- net.ipv4.conf.all.proxy_arp (exp: 0)
г.net.ipva.conf.all.rp_filter (exp: 1)
oUt 123
[ OK ]
idir
[ DIFFERENT ]
net.ipv4. conf .all. send_ redirects (exp: 0)
[ DIFFERENT ]
rtnet.ipv4. conf .default.accept_redirects (exp: 0)
[ DIFFERENT ]
- net. ipv4. conf.default.accept_ source route (exp: 0)
[ DIFFERENT
ox net. ipv4. conf.default. log martians (exp: 1)
- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)
ship
[ DIFFERENT
[ OK ]
- net.ipva. icmp_ignore_ bogus_error_responses (exp: 1)
- net. ipv4. tcp syncookies (exp: 1)
[ OK ]
f- net.ipv4. tcp_timestamps (exp: 0 1)
owtap
[ OK ]
cf net.ipv6.conT.all. accept redirects (exp; 0)
owusbprobe
[ OK 1
° net. ipv6. conf.all.accept source_ route (exp: o)
[ DIFFERENT ]
[ OK ]
ep net.ipv6. conf.default.accept_redirects (exp: 0)
[ DIFFERENT 1
p- net.ipv6.conf .default .accept_source_route (exp: 0)

There is even settings I never had before in my bios there is vlan settings 2 Mac:1974072ipv4 and pic 6 settings tls auth config and a server va certificate with client cert configuration greyed out.

What made you run rkhunter, and linux distro are you on?

What am i soppose to do with that? Do I use it on my computer for logs?
I have a parrot OS security ed. I ran that because I thought I was getting hacked quite some time ago and just been trying to pin point where and what but after no answer that’s what is left that could survived a system wipe a new operating system

Here’s some of what the tools say and my odd settings in bios what logs do you need further to Helen https://mega.nz/folder/47c22bDb#maRFer6Bondm9O2EZwv6iQ

Another specter script finder on GitHub found this CVE-2023-20569 But don’t know if that is it. Cause of the lmk Trojan warning .even so I can’t find how to fix it ether. I greatly appreciate any help.

Heres some of what the tools say and my odd settings in bios what logs do you need further to Helen https://mega.nz/folder/47c22bDb#maRFer6Bondm9O2EZwv6iQ

Send logs as text not as images.

What is your knowledge of computer security, what makes you think you're being hacked?

What made you run rkhunter, and linux distro are you on?

They mentioned Parrot OS, which leads the discussion into a topic that the OP does not understand what they are seeing, nor inquiring about.

https://www.dedoimedo.com/computers/chkrootkit-lkm-warning.html

So according to that Im screwed then huh. ? Thats what it sounds like its doing. My to hunter tool said I have a Trojan - Variant A DM worm. And a ajakit trojan now on my MAC OS air its ridiculous what this has done to my life trying to get it gone. Ive spent so much time on it now. I know for certain because files change I dont have the permission to stop them starting Theres cron and private folders with all my tools and other folders with a copy of them. Seems they linked a lot of thing so when I run or use something some script also runs for them. I have ssh used as well as a server.
After doing a system reset thing was of of the logs sign /var/mp/OSPersonalizationTemp/11F6FFDO-5914-48C3-830F-D2937A94A8F5-SignedManifestsSandbox/System/Library/KernelCollectians/BaatKernelExt
Theres a bunch of those but its hard for me to post logs I didnt want to sign on my computer so give them password just praying my iOS isnt hit as well. But if you need logs to help more I guess Ill sign on and get them. What ones would be of interest? Does etrecheck help? I just need this gone off my parrot and Mac OS. But yet to find anything of removing I got 2 antivirus and malwarebytes to no help this rootkit actully modified its files before I got it to run because i checked

My knowledge is Ive been studying cyber security for about 2 years had a few engagements and working towards my certifications now but this has stopped me dead unable to do anything.

I have uploaded a bunch of PDFs I had on my iphone to virus total and a lot of them were connecting back to the malicious sites that were malware themselves, dropped files ,deleted files and wrote files .. I wasnt aware a simple pdf could do all that.

What sites and can you link us to the pdfs?

I had a cryptominer on my server, and that was pesky.

 IMG_2633.png   760.43KB   0 downloads
All my commands are changed he uses the _ ones I think but it wont let me run those ones. I deleted the pdfs but I can find them again but virus total tells me a bunch of stuff I mean I got pages of modules and ip address but theyre all screenshots. How can I put my old kernel and boot configuration on instead of this one.?

 IMG_2825.jpeg   198.86KB   0 downloads
 IMG_2667.png   498.49KB   0 downloads