I think if you have a root kit it is very unlikely to get rid of it without backing up and reimaging but you may be able to achieve it if you try first rkhunter and second apparmor which is similar to selinux which was developed by the nsa and made accessible as a Red Hat package. Both solutions have the ability to limit what root can do and is your only real option for saving a rooted system. It is important that if you try this that you dump your memory rkunter picks up a memory anomaly. Fileless malware is popular among sophisticated threat actors and rkhunter is equipped to find malware that resides in memory. Apparmor is included in Debian.
Thanks,
Michael Lazin