Virus problem...

Ray Parrish crp at cmc.net
Fri Mar 19 23:31:45 UTC 2010 

Carl Friis-Hansen wrote:
> Ray Parrish wrote:
>   
>> Ray Parrish wrote:
>>     
>>> Hello,
>>>
>>> Well, evidently it is not impossible to get a virus in Ubuntu... have a 
>>> look at this screen shot of clamav. 
>>> http://www.rayslinks.com/Screenshot-68.png
>>>
>>> When I select quarantine file from the clamav pop up menu, the file 
>>> listings disappear, but when I select empty quarantine, it tells me 
>>> there is nothing to delete. Then when I do a scan again, this listing 
>>> pops up again with the same files.
>>>
>>> Any ideas how I'm going to get out of this without a complete re-install?
>>>
>>> Thanks for any help you can be. Ray Parrish
>>>   
>>>       
>> Apparently those entries in the screen shot are pointing to folders in 
>> the /root/.clamtk/ folder, which were written when it found the viruses, 
>> and I quarantined them the first time, then deleted them. I cannot open 
>> the folders in gedit's file open dialog to inspect any files which may 
>> reside in them.
>>
>> ray at RaysComputer:~/Downloads$ cd /root/.clamtk
>> ray at RaysComputer:/root/.clamtk$ ls -a
>> .  ..  history  prefs  viruses
>> ray at RaysComputer:/root/.clamtk$ cd ./viruses
>> ray at RaysComputer:/root/.clamtk/viruses$ ls -a
>> .  ..  cache.VIRUS.VIRUS.VIRUS.VIRUS  gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS
>> ray at RaysComputer:/root/.clamtk/viruses$ cd 
>> ./gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS
>> bash: cd: ./gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS: Permission denied
>> ray at RaysComputer:/root/.clamtk/viruses$
>>
>> Once again, any help appreciated. There was a dd process running as weil 
>> which I killed with terminal, as it could not be killed in System 
>> Monitor. I do not normally see dd processes running on my system, so I 
>> killed it.
>>
>> [other than that, all things are running well with no anomalies that I see]
>>
>> Later, Ray Parrish
>>     
>
> I suppose the virus scanner has set the permissions so directory 
> listning is disallowed.  You might need to set x for the directory by 
> means of sudo.
>
> Are you sure it is not just a false positive?
>
>
> Carl Friis-Hansen
>
>   
Well, I failed to save to log file the first results which would have 
shown the original file names, and I was immediately suspicious after 
running the Alice.sh file, as a couple of very large .sh files appeared 
in my Downloads folder, which I was not able to open in text editor, 
indicating that they were binary, so I deleted them as well, and do not 
remember their names. I do know they were not anything I had downloaded. 
One was around 150 mbs large.

I think what clamav is detecting now is it's own quarantine folder 
names, and I was successful in deleting any viruses that if found. I 
haven't rebooted yet, but everything seems to be running ok. LOL, think 
I should change all of my passwords now?

What a day... Ray Parrish

-- 
Linux dpkg Software Report script set..
http://www.rayslinks.com/LinuxdpkgSoftwareReport.html
Ray's Links, a variety of links to usefull things, and articles by Ray.
http://www.rayslinks.com
Writings of "The" Schizophrenic, what it's like to be a schizo, and other
things, including my poetry.
http://www.writingsoftheschizophrenic.com

More information about the ubuntu-users mailing list