Cross-browser firefox/konqueror malware on Ubuntu Dapper

Jacob Weeks jaweeks at gmail.com
Fri Aug 4 16:32:03 UTC 2006 

you would also want to delete the browser configs as well.. for
firefox it would ~/.mozilla in your home directory.  Also the config
folders for the other browsers as well.

******* LAST RESORT******.. ALL CUSTOMIZATIONS WILL BE REMOVED AND
ANYTHING NOT BACKED UP WILL BE LOST.
- back up your personal files
- remove the user from the system
- remove the home directory ( you could test this whole process by
renaming this folder)
- recreate the user
- restore you backup files

AGAIN!!! this is the last resort, as all customizations will be
removed. and all files not backedup will be lost.


if this doesn't clear the issue.. either the system itself is
compromised, and should be dealt with accordingly.. or the files you
backedup were the infected portions. repeat again, and trim the files
you don't absoultely need from your backup.

hope this helps.. or sheds some light on things for you.


On 8/4/06, Charlie Zender <zender at uci.edu> wrote:
>
> Help! My Ubuntu Dapper laptop has malware infecting its browswers!
> About three weeks ago my Firefox browser started showing signs of
> malware infestation. The symptoms are that the browser re-directs
> my normal requests to click-for-pay sites www.ownbox.com and usseek.com.
> To get rid of this malware I've tried
>
> 0. Re-booting
> 1. Purging and re-installing firefox
> 2. Deleting my ~/.firefox directory
> 3. Running Konqueror instead
>
> None of these work. After a few hours of browsing the re-directs to
> the click-for-pay sites begin again. So this cross-browser malware
> has somehow installed itself in files that survive re-boots and
> browser re-installs. I've found other reports of this malware related
> to Windows PCs, but no instructions on how to erase it from Linux.
> Any ideas
>
> 1. How to find it's source and erase it completely from disk?
> 2. How to tell if it's phoning home my passwords?
> 3. Sites that discuss this particular malware?
>
> Thanks,
> Charlie
> --
> Charlie Zender, surname at uci.edu, Department of Earth System Science
> 3228 Croul Hall, UC Irvine, Irvine CA 92697-3100. (949) 824-2987 :)
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>


-- 
-- Never do today, what you can blame someone else for not doing tomorrow.

More information about the ubuntu-users mailing list