Virus problem...

Cybe R. Wizard cyber_wizard at mindspring.com
Fri Mar 19 23:43:44 UTC 2010 

On Sat, 20 Mar 2010 00:13:45 +0100
Carl Friis-Hansen <ubuntuuser at carl-fh.com> wrote:

> Ray Parrish wrote:
> > Ray Parrish wrote:
> >> Hello,
> >>
> >> Well, evidently it is not impossible to get a virus in Ubuntu...
> >> have a look at this screen shot of clamav. 
> >> http://www.rayslinks.com/Screenshot-68.png
> >>
> >> When I select quarantine file from the clamav pop up menu, the
> >> file listings disappear, but when I select empty quarantine, it
> >> tells me there is nothing to delete. Then when I do a scan again,
> >> this listing pops up again with the same files.
> >>
> >> Any ideas how I'm going to get out of this without a complete
> >> re-install?
> >>
> >> Thanks for any help you can be. Ray Parrish
> >>   
> > Apparently those entries in the screen shot are pointing to folders
> > in the /root/.clamtk/ folder, which were written when it found the
> > viruses, and I quarantined them the first time, then deleted them.
> > I cannot open the folders in gedit's file open dialog to inspect
> > any files which may reside in them.
> > 
> > ray at RaysComputer:~/Downloads$ cd /root/.clamtk
> > ray at RaysComputer:/root/.clamtk$ ls -a
> > .  ..  history  prefs  viruses
> > ray at RaysComputer:/root/.clamtk$ cd ./viruses
> > ray at RaysComputer:/root/.clamtk/viruses$ ls -a
> > .  ..  cache.VIRUS.VIRUS.VIRUS.VIRUS
> > gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS
> > ray at RaysComputer:/root/.clamtk/viruses$
> > cd ./gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS bash:
> > cd: ./gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS: Permission denied
> > ray at RaysComputer:/root/.clamtk/viruses$
> > 
> > Once again, any help appreciated. There was a dd process running as
> > weil which I killed with terminal, as it could not be killed in
> > System Monitor. I do not normally see dd processes running on my
> > system, so I killed it.
> > 
> > [other than that, all things are running well with no anomalies
> > that I see]
> > 
> > Later, Ray Parrish
> 
> I suppose the virus scanner has set the permissions so directory 
> listning is disallowed.  You might need to set x for the directory by 
> means of sudo.
> 
> Are you sure it is not just a false positive?
> 
> 
> Carl Friis-Hansen
> 
DL the source from here:
http://www.alice.org/index.php?page=downloads/download_alice_linux
and see for yourself.  I am getting it right now just to see what I
can see. 

I really doubt the virus, though, as it is from a respected
university and Sun Microsystems.  It would not be in their best
interests to infect anyone.

Cybe R. Wizard
-- 
When Windows are opened the bugs come in.
	Winduhs

More information about the ubuntu-users mailing list