Virus problem...
NoOp
glgxg at sbcglobal.net
Sat Mar 20 02:05:28 UTC 2010
On 03/19/2010 04:10 PM, Ray Parrish wrote:
> Ray Parrish wrote:
>> Hello,
>>
>> Well, evidently it is not impossible to get a virus in Ubuntu... have a
>> look at this screen shot of clamav.
>> http://www.rayslinks.com/Screenshot-68.png
>>
>> When I select quarantine file from the clamav pop up menu, the file
>> listings disappear, but when I select empty quarantine, it tells me
>> there is nothing to delete. Then when I do a scan again, this listing
>> pops up again with the same files.
>>
>> Any ideas how I'm going to get out of this without a complete re-install?
>>
>> Thanks for any help you can be. Ray Parrish
>>
> I suspect the following download of being the source of the infection,
> as I gave this install script permission to execute, and ran it with
> sudo... here are the reults of that run -
>
> http://www.alice.org/index.php?page=alice3/download
>
> ray at RaysComputer:~/Downloads$ sudo /home/ray/Downloads/Alice.sh
> Configuring the installer...
> Searching for JVM on the system...
> Extracting installation data...
>
> Installer file /home/ray/Downloads/Alice.sh seems to be corrupted
Perhaps you have a false positive? The offline installer:
Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh
is 557Mb (downloading it now). So that would be the reason your
/download started to fill with large files (I suspect).
I scanned the offline download file:
$ md5sum Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
ee972a5deffb222458ee403e09ca26b5
Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
with a fully updated Bitdefender (linux - BD for unices) and found no
issue with it. I also scanned with a fully updated clamav 0.95.3. I also
looked at it with gvim & can't find anything obvious. Once the files are
downloaded (offline) I'll slide them over to an isolated test machine
and have another look.
There are some dd in the online installer:
> checkFreeSpace $size "$name"
> LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
>
> if [ 0 -eq $diskSpaceCheck ] ; then
> dir=`dirname "$name"`
> message "$MSG_ERROR_FREESPACE" "$size" "$ARG_TEMPDIR"
> exitProgram $ERROR_FREESPACE
> fi
>
> if [ 0 -lt "$fullBlocks" ] ; then
> # file is larger than FILE_BLOCK_SIZE
> dd if="$LAUNCHER_FULL_PATH" of="$name" \
> bs="$FILE_BLOCK_SIZE" count="$fullBlocks" skip="$start"\
> > /dev/null 2>&1
> LAUNCHER_TRACKING_SIZE=`expr "$LAUNCHER_TRACKING_SIZE" + "$fullBlocks"`
> LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
> fi
> if [ 0 -lt "$oneBlocks" ] ; then
> dd if="$LAUNCHER_FULL_PATH" of="$name.tmp.tmp" bs="$FILE_BLOCK_SIZE" count=1\
> skip="$oneBlocksStart"\
> > /dev/null 2>&1
>
> dd if="$name.tmp.tmp" of="$name" bs=1 count="$oneBlocks" seek="$fullBlocksSize"\
> > /dev/null 2>&1
>
> rm -f "$name.tmp.tmp"
> LAUNCHER_TRACKING_SIZE=`expr "$LAUNCHER_TRACKING_SIZE" + 1`
But I doubt those are nefarious (could be wrong of course). That said, I
do get the "seems to be corrupted" corrupted msg when trying to run the
Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh file. Perhaps it might
be a good idea to contact:
http://kenai.com/projects/alice/pages/InstallerProblem
Or check on the Alice forums for further help?
More information about the ubuntu-users
mailing list