Virus problem...

NoOp glgxg at sbcglobal.net
Sat Mar 20 02:05:28 UTC 2010 

On 03/19/2010 04:10 PM, Ray Parrish wrote:
> Ray Parrish wrote:
>> Hello,
>>
>> Well, evidently it is not impossible to get a virus in Ubuntu... have a 
>> look at this screen shot of clamav. 
>> http://www.rayslinks.com/Screenshot-68.png
>>
>> When I select quarantine file from the clamav pop up menu, the file 
>> listings disappear, but when I select empty quarantine, it tells me 
>> there is nothing to delete. Then when I do a scan again, this listing 
>> pops up again with the same files.
>>
>> Any ideas how I'm going to get out of this without a complete re-install?
>>
>> Thanks for any help you can be. Ray Parrish
>>   
> I suspect the following download of being the source of the infection, 
> as I gave this install script permission to execute, and ran it with 
> sudo... here are the reults of that run -
> 
> http://www.alice.org/index.php?page=alice3/download
> 
> ray at RaysComputer:~/Downloads$ sudo /home/ray/Downloads/Alice.sh
> Configuring the installer...
> Searching for JVM on the system...
> Extracting installation data...
> 
> Installer file /home/ray/Downloads/Alice.sh seems to be corrupted

Perhaps you have a false positive? The offline installer:
Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh
is 557Mb (downloading it now). So that would be the reason your
/download started to fill with large files (I suspect).

I scanned the offline download file:
$ md5sum Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
ee972a5deffb222458ee403e09ca26b5
Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
with a fully updated Bitdefender (linux - BD for unices) and found no
issue with it. I also scanned with a fully updated clamav 0.95.3. I also
looked at it with gvim & can't find anything obvious. Once the files are
downloaded (offline) I'll slide them over to an isolated test machine
and have another look.

There are some dd in the online installer:
> checkFreeSpace $size "$name"	
> 	LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
> 
> 	if [ 0 -eq $diskSpaceCheck ] ; then
> 		dir=`dirname "$name"`
> 		message "$MSG_ERROR_FREESPACE" "$size" "$ARG_TEMPDIR"	
> 		exitProgram $ERROR_FREESPACE
> 	fi
> 
>         if [ 0 -lt "$fullBlocks" ] ; then
>                 # file is larger than FILE_BLOCK_SIZE
>                 dd if="$LAUNCHER_FULL_PATH" of="$name" \
>                         bs="$FILE_BLOCK_SIZE" count="$fullBlocks" skip="$start"\
> 			> /dev/null  2>&1
> 		LAUNCHER_TRACKING_SIZE=`expr "$LAUNCHER_TRACKING_SIZE" + "$fullBlocks"`
> 		LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
>         fi
>         if [ 0 -lt "$oneBlocks" ] ; then
> 		dd if="$LAUNCHER_FULL_PATH" of="$name.tmp.tmp" bs="$FILE_BLOCK_SIZE" count=1\
> 			skip="$oneBlocksStart"\
> 			 > /dev/null 2>&1
> 
> 		dd if="$name.tmp.tmp" of="$name" bs=1 count="$oneBlocks" seek="$fullBlocksSize"\
> 			 > /dev/null 2>&1
> 
> 		rm -f "$name.tmp.tmp"
> 		LAUNCHER_TRACKING_SIZE=`expr "$LAUNCHER_TRACKING_SIZE" + 1`

But I doubt those are nefarious (could be wrong of course). That said, I
do get the "seems to be corrupted" corrupted msg when trying to run the
Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh file. Perhaps it might
be a good idea to contact:
http://kenai.com/projects/alice/pages/InstallerProblem
Or check on the Alice forums for further help?

More information about the ubuntu-users mailing list