Virus problem...

Ray Parrish crp at cmc.net
Sat Mar 20 02:51:37 UTC 2010 

NoOp wrote:
> On 03/19/2010 04:10 PM, Ray Parrish wrote:
>   
>> Ray Parrish wrote:
>>     
>>> Hello,
>>>
>>> Well, evidently it is not impossible to get a virus in Ubuntu... have a 
>>> look at this screen shot of clamav. 
>>> http://www.rayslinks.com/Screenshot-68.png
>>>
>>> When I select quarantine file from the clamav pop up menu, the file 
>>> listings disappear, but when I select empty quarantine, it tells me 
>>> there is nothing to delete. Then when I do a scan again, this listing 
>>> pops up again with the same files.
>>>
>>> Any ideas how I'm going to get out of this without a complete re-install?
>>>
>>> Thanks for any help you can be. Ray Parrish
>>>   
>>>       
>> I suspect the following download of being the source of the infection, 
>> as I gave this install script permission to execute, and ran it with 
>> sudo... here are the reults of that run -
>>
>> http://www.alice.org/index.php?page=alice3/download
>>
>> ray at RaysComputer:~/Downloads$ sudo /home/ray/Downloads/Alice.sh
>> Configuring the installer...
>> Searching for JVM on the system...
>> Extracting installation data...
>>
>> Installer file /home/ray/Downloads/Alice.sh seems to be corrupted
>>     
>
> Perhaps you have a false positive? The offline installer:
> Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh
> is 557Mb (downloading it now). So that would be the reason your
> /download started to fill with large files (I suspect).
>
> I scanned the offline download file:
> $ md5sum Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
> ee972a5deffb222458ee403e09ca26b5
> Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
> with a fully updated Bitdefender (linux - BD for unices) and found no
> issue with it. I also scanned with a fully updated clamav 0.95.3. I also
> looked at it with gvim & can't find anything obvious. Once the files are
> downloaded (offline) I'll slide them over to an isolated test machine
> and have another look.
>
> There are some dd in the online installer:
>   
>> checkFreeSpace $size "$name"	
>> 	LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
>>
>> 	if [ 0 -eq $diskSpaceCheck ] ; then
>> 		dir=`dirname "$name"`
>> 		message "$MSG_ERROR_FREESPACE" "$size" "$ARG_TEMPDIR"	
>> 		exitProgram $ERROR_FREESPACE
>> 	fi
>>
>>         if [ 0 -lt "$fullBlocks" ] ; then
>>                 # file is larger than FILE_BLOCK_SIZE
>>                 dd if="$LAUNCHER_FULL_PATH" of="$name" \
>>                         bs="$FILE_BLOCK_SIZE" count="$fullBlocks" skip="$start"\
>> 			> /dev/null  2>&1
>> 		LAUNCHER_TRACKING_SIZE=`expr "$LAUNCHER_TRACKING_SIZE" + "$fullBlocks"`
>> 		LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
>>         fi
>>         if [ 0 -lt "$oneBlocks" ] ; then
>> 		dd if="$LAUNCHER_FULL_PATH" of="$name.tmp.tmp" bs="$FILE_BLOCK_SIZE" count=1\
>> 			skip="$oneBlocksStart"\
>> 			 > /dev/null 2>&1
>>
>> 		dd if="$name.tmp.tmp" of="$name" bs=1 count="$oneBlocks" seek="$fullBlocksSize"\
>> 			 > /dev/null 2>&1
>>
>> 		rm -f "$name.tmp.tmp"
>> 		LAUNCHER_TRACKING_SIZE=`expr "$LAUNCHER_TRACKING_SIZE" + 1`
>>     
>
> But I doubt those are nefarious (could be wrong of course). That said, I
> do get the "seems to be corrupted" corrupted msg when trying to run the
> Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh file. Perhaps it might
> be a good idea to contact:
> http://kenai.com/projects/alice/pages/InstallerProblem
> Or check on the Alice forums for further help?
>   
Yes, I have signed up for the Alice forums so I can ask them what's 
going on with the corrupted installer files.

It is possible that what happened to me a couple of nights ago with Face 
Book was the source of the viruses as well, as I had a problem with not 
connecting, and had to rename my .mozilla folder and start over with 
Firefox to get connected to it again.

Anyway, I've scanned thoroughly with Bit Defender, and it finds nothing 
so I feel that whatever may have been there is now gone.

Thanks for checking things out for me. I'll find out what the Alice 
Forums have to say about the installer being corrupt. It's an amazing 
game design engine that also teaches programming so I'd like to get it 
for my nephew if I can.

Later, Ray Parrish


-- 
Linux dpkg Software Report script set..
http://www.rayslinks.com/LinuxdpkgSoftwareReport.html
Ray's Links, a variety of links to usefull things, and articles by Ray.
http://www.rayslinks.com
Writings of "The" Schizophrenic, what it's like to be a schizo, and other
things, including my poetry.
http://www.writingsoftheschizophrenic.com

More information about the ubuntu-users mailing list