Virus problem...

Cybe R. Wizard cyber_wizard at mindspring.com
Sat Mar 20 02:32:13 UTC 2010


On Fri, 19 Mar 2010 19:05:28 -0700
NoOp <glgxg at sbcglobal.net> wrote:

> On 03/19/2010 04:10 PM, Ray Parrish wrote:
> > Ray Parrish wrote:
> >> Hello,
> >>
> >> Well, evidently it is not impossible to get a virus in Ubuntu...
> >> have a look at this screen shot of clamav. 
> >> http://www.rayslinks.com/Screenshot-68.png
> >>
> >> When I select quarantine file from the clamav pop up menu, the
> >> file listings disappear, but when I select empty quarantine, it
> >> tells me there is nothing to delete. Then when I do a scan again,
> >> this listing pops up again with the same files.
> >>
> >> Any ideas how I'm going to get out of this without a complete
> >> re-install?
> >>
> >> Thanks for any help you can be. Ray Parrish
> >>   
> > I suspect the following download of being the source of the
> > infection, as I gave this install script permission to execute, and
> > ran it with sudo... here are the reults of that run -
> > 
> > http://www.alice.org/index.php?page=alice3/download
> > 
> > ray at RaysComputer:~/Downloads$ sudo /home/ray/Downloads/Alice.sh
> > Configuring the installer...
> > Searching for JVM on the system...
> > Extracting installation data...
> > 
> > Installer file /home/ray/Downloads/Alice.sh seems to be corrupted
> 
> Perhaps you have a false positive? The offline installer:
> Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh
> is 557Mb (downloading it now). So that would be the reason your
> /download started to fill with large files (I suspect).
> 
> I scanned the offline download file:
> $ md5sum Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
> ee972a5deffb222458ee403e09ca26b5
> Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
> with a fully updated Bitdefender (linux - BD for unices) and found no
> issue with it. I also scanned with a fully updated clamav 0.95.3. I
> also looked at it with gvim & can't find anything obvious. Once the
> files are downloaded (offline) I'll slide them over to an isolated
> test machine and have another look.
> 
> There are some dd in the online installer:
> > checkFreeSpace $size "$name"	
> > 	LAUNCHER_TRACKING_SIZE_BYTES=`expr
> > "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
> > 
> > 	if [ 0 -eq $diskSpaceCheck ] ; then
> > 		dir=`dirname "$name"`
> > 		message "$MSG_ERROR_FREESPACE" "$size"
> > "$ARG_TEMPDIR" exitProgram $ERROR_FREESPACE
> > 	fi
> > 
> >         if [ 0 -lt "$fullBlocks" ] ; then
> >                 # file is larger than FILE_BLOCK_SIZE
> >                 dd if="$LAUNCHER_FULL_PATH" of="$name" \
> >                         bs="$FILE_BLOCK_SIZE" count="$fullBlocks"
> > skip="$start"\
> > 			> /dev/null  2>&1
> > 		LAUNCHER_TRACKING_SIZE=`expr
> > "$LAUNCHER_TRACKING_SIZE" + "$fullBlocks"`
> > LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \*
> > "$FILE_BLOCK_SIZE"` fi if [ 0 -lt "$oneBlocks" ] ; then
> > 		dd if="$LAUNCHER_FULL_PATH" of="$name.tmp.tmp"
> > bs="$FILE_BLOCK_SIZE" count=1\ skip="$oneBlocksStart"\
> > 			 > /dev/null 2>&1
> > 
> > 		dd if="$name.tmp.tmp" of="$name" bs=1
> > count="$oneBlocks" seek="$fullBlocksSize"\
> > 			 > /dev/null 2>&1
> > 
> > 		rm -f "$name.tmp.tmp"
> > 		LAUNCHER_TRACKING_SIZE=`expr
> > "$LAUNCHER_TRACKING_SIZE" + 1`
> 
> But I doubt those are nefarious (could be wrong of course). That
> said, I do get the "seems to be corrupted" corrupted msg when trying
> to run the Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh file.
> Perhaps it might be a good idea to contact:
> http://kenai.com/projects/alice/pages/InstallerProblem
> Or check on the Alice forums for further help?
> 
Hmmm, Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh is only 3.1 MB.
Where would the difference be between online installation and offline
installation?

Cybe R. Wizard
-- 
When Windows are opened the bugs come in.
	Winduhs




More information about the ubuntu-users mailing list