Virus problem...
Ray Parrish
crp at cmc.net
Sat Mar 20 02:46:13 UTC 2010
Cybe R. Wizard wrote:
> On Sat, 20 Mar 2010 00:13:45 +0100
> Carl Friis-Hansen <ubuntuuser at carl-fh.com> wrote:
>
>
>> Ray Parrish wrote:
>>
>>> Ray Parrish wrote:
>>>
>>>> Hello,
>>>>
>>>> Well, evidently it is not impossible to get a virus in Ubuntu...
>>>> have a look at this screen shot of clamav.
>>>> http://www.rayslinks.com/Screenshot-68.png
>>>>
>>>> When I select quarantine file from the clamav pop up menu, the
>>>> file listings disappear, but when I select empty quarantine, it
>>>> tells me there is nothing to delete. Then when I do a scan again,
>>>> this listing pops up again with the same files.
>>>>
>>>> Any ideas how I'm going to get out of this without a complete
>>>> re-install?
>>>>
>>>> Thanks for any help you can be. Ray Parrish
>>>>
>>>>
>>> Apparently those entries in the screen shot are pointing to folders
>>> in the /root/.clamtk/ folder, which were written when it found the
>>> viruses, and I quarantined them the first time, then deleted them.
>>> I cannot open the folders in gedit's file open dialog to inspect
>>> any files which may reside in them.
>>>
>>> ray at RaysComputer:~/Downloads$ cd /root/.clamtk
>>> ray at RaysComputer:/root/.clamtk$ ls -a
>>> . .. history prefs viruses
>>> ray at RaysComputer:/root/.clamtk$ cd ./viruses
>>> ray at RaysComputer:/root/.clamtk/viruses$ ls -a
>>> . .. cache.VIRUS.VIRUS.VIRUS.VIRUS
>>> gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS
>>> ray at RaysComputer:/root/.clamtk/viruses$
>>> cd ./gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS bash:
>>> cd: ./gdm.VIRUS.VIRUS.VIRUS.VIRUS.VIRUS: Permission denied
>>> ray at RaysComputer:/root/.clamtk/viruses$
>>>
>>> Once again, any help appreciated. There was a dd process running as
>>> weil which I killed with terminal, as it could not be killed in
>>> System Monitor. I do not normally see dd processes running on my
>>> system, so I killed it.
>>>
>>> [other than that, all things are running well with no anomalies
>>> that I see]
>>>
>>> Later, Ray Parrish
>>>
>> I suppose the virus scanner has set the permissions so directory
>> listning is disallowed. You might need to set x for the directory by
>> means of sudo.
>>
>> Are you sure it is not just a false positive?
>>
>>
>> Carl Friis-Hansen
>>
>>
> DL the source from here:
> http://www.alice.org/index.php?page=downloads/download_alice_linux
> and see for yourself. I am getting it right now just to see what I
> can see.
>
> I really doubt the virus, though, as it is from a respected
> university and Sun Microsystems. It would not be in their best
> interests to infect anyone.
>
> Cybe R. Wizard
>
Well, I updated Bit Defender anti virus and ran a scan of /root /bin
/usr and some of my /home folder with no threats found, so I'm pretty
sure I'm clean.
Sorry it took me so long to report back, but the scan of /usr/ took a
couple of hours.
Later, Ray Parrish
--
Linux dpkg Software Report script set..
http://www.rayslinks.com/LinuxdpkgSoftwareReport.html
Ray's Links, a variety of links to usefull things, and articles by Ray.
http://www.rayslinks.com
Writings of "The" Schizophrenic, what it's like to be a schizo, and other
things, including my poetry.
http://www.writingsoftheschizophrenic.com
More information about the ubuntu-users
mailing list