frogbreath, to the Linux Community of Bleeping Computer Forums!
Looks like you have experience, exactly what we need here & hope that you'll feel right at home here. Unlike 'dedicated' Linux sites, we don't get into bashing members over our chosen OS, even if dual booting with another, or running another on a different computer, that's our choice. Rather, we focus on learning & assisting one another to the best of our knowledge, even if the 'cure' is a link from another Forum.
That stated, should you choose a security app, avoid ESET NOD32 for Linux like the plague, while it can be useful in some situations, for most, only causes negative issues, such as not shutting down, or a long delay before a reboot. If running a SSD, this is not good for the drive to force shutdowns. I discovered that the app was the cause after a clean install of Linux Mint 18 on the notebook my wife uses, the difference in shutdown/reboot was like day & night, does either in no time. Then Installed NOD32 & that's when things went downhill again, so removed it not only from that computer, the rest also. All that it did was detect Windows threats, which may be good if running a Mail server for Windows machines, most of us aren't that deep into this. All we want is an OS that properly runs & does what's needed/desired
I recall the Sophos Topic sometime back, although didn't bother with setup because of the complicated steps involved. However their free edition provides excellent active security on a Windows computer & installs easily. Would be fantastic if Sophos for Linux was offered as a .deb file, or a similar one for non'Ubuntu based Linux versions. there are several, some with entirely different file systems (type of formatting).
As to rkhunter, I've ran it, came back with a lot of false positives, same with a similar app, chkrootkit & were on new installs with the ufw Firewall enabled by default, therefore shouldn't had been infected. I used to run these tools regularly, although stopped because of this & just make sure to securely close the browser, deleting coolies & private data. Click & Clean can do this for Google Chrome, while available for Firefox, am unsure if it works the same, so have the Better Privacy app installed, which deletes LSO cookies that are hard to find & lingers if not purged.
When making a transaction, I now use the latest bootable version of Linux Mint on DVD (the non-RW type), which runs in memory only & the optical media has been finalized, why it's imperative for security to use + or -R media, and not a USB stick. Then I'm assured of a clean environment, as long as I've not been browsing around & get to business Malware free, regardless of the condition of the installed OS on the internal drive, be it Linux or Windows.
Good Luck with your OS, hopefully the integrity test that I've never ran will come back clean.