Virus problem...
Fred Roller
fred at fwrgallery.com
Sat Mar 20 02:53:23 UTC 2010
Cybe R. Wizard wrote:
> On Fri, 19 Mar 2010 19:05:28 -0700
> NoOp <glgxg at sbcglobal.net> wrote:
>
>
>> On 03/19/2010 04:10 PM, Ray Parrish wrote:
>>
>>> Ray Parrish wrote:
>>>
>>>> Hello,
>>>>
>>>> Well, evidently it is not impossible to get a virus in Ubuntu...
>>>> have a look at this screen shot of clamav.
>>>> http://www.rayslinks.com/Screenshot-68.png
>>>>
>>>> When I select quarantine file from the clamav pop up menu, the
>>>> file listings disappear, but when I select empty quarantine, it
>>>> tells me there is nothing to delete. Then when I do a scan again,
>>>> this listing pops up again with the same files.
>>>>
>>>> Any ideas how I'm going to get out of this without a complete
>>>> re-install?
>>>>
>>>> Thanks for any help you can be. Ray Parrish
>>>>
>>>>
>>> I suspect the following download of being the source of the
>>> infection, as I gave this install script permission to execute, and
>>> ran it with sudo... here are the reults of that run -
>>>
>>> http://www.alice.org/index.php?page=alice3/download
>>>
>>> ray at RaysComputer:~/Downloads$ sudo /home/ray/Downloads/Alice.sh
>>> Configuring the installer...
>>> Searching for JVM on the system...
>>> Extracting installation data...
>>>
>>> Installer file /home/ray/Downloads/Alice.sh seems to be corrupted
>>>
>> Perhaps you have a false positive? The offline installer:
>> Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh
>> is 557Mb (downloading it now). So that would be the reason your
>> /download started to fill with large files (I suspect).
>>
>> I scanned the offline download file:
>> $ md5sum Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
>> ee972a5deffb222458ee403e09ca26b5
>> Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh
>> with a fully updated Bitdefender (linux - BD for unices) and found no
>> issue with it. I also scanned with a fully updated clamav 0.95.3. I
>> also looked at it with gvim & can't find anything obvious. Once the
>> files are downloaded (offline) I'll slide them over to an isolated
>> test machine and have another look.
>>
>> There are some dd in the online installer:
>>
>>> checkFreeSpace $size "$name"
>>> LAUNCHER_TRACKING_SIZE_BYTES=`expr
>>> "$LAUNCHER_TRACKING_SIZE" \* "$FILE_BLOCK_SIZE"`
>>>
>>> if [ 0 -eq $diskSpaceCheck ] ; then
>>> dir=`dirname "$name"`
>>> message "$MSG_ERROR_FREESPACE" "$size"
>>> "$ARG_TEMPDIR" exitProgram $ERROR_FREESPACE
>>> fi
>>>
>>> if [ 0 -lt "$fullBlocks" ] ; then
>>> # file is larger than FILE_BLOCK_SIZE
>>> dd if="$LAUNCHER_FULL_PATH" of="$name" \
>>> bs="$FILE_BLOCK_SIZE" count="$fullBlocks"
>>> skip="$start"\
>>> > /dev/null 2>&1
>>> LAUNCHER_TRACKING_SIZE=`expr
>>> "$LAUNCHER_TRACKING_SIZE" + "$fullBlocks"`
>>> LAUNCHER_TRACKING_SIZE_BYTES=`expr "$LAUNCHER_TRACKING_SIZE" \*
>>> "$FILE_BLOCK_SIZE"` fi if [ 0 -lt "$oneBlocks" ] ; then
>>> dd if="$LAUNCHER_FULL_PATH" of="$name.tmp.tmp"
>>> bs="$FILE_BLOCK_SIZE" count=1\ skip="$oneBlocksStart"\
>>> > /dev/null 2>&1
>>>
>>> dd if="$name.tmp.tmp" of="$name" bs=1
>>> count="$oneBlocks" seek="$fullBlocksSize"\
>>> > /dev/null 2>&1
>>>
>>> rm -f "$name.tmp.tmp"
>>> LAUNCHER_TRACKING_SIZE=`expr
>>> "$LAUNCHER_TRACKING_SIZE" + 1`
>>>
>> But I doubt those are nefarious (could be wrong of course). That
>> said, I do get the "seems to be corrupted" corrupted msg when trying
>> to run the Alice3BetaInstaller-Complete-3.0.0.1.1-linux.sh file.
>> Perhaps it might be a good idea to contact:
>> http://kenai.com/projects/alice/pages/InstallerProblem
>> Or check on the Alice forums for further help?
>>
>>
> Hmmm, Alice3BetaInstaller-Online-3.0.0.1.1-linux.sh is only 3.1 MB.
> Where would the difference be between online installation and offline
> installation?
>
> Cybe R. Wizard
>
About 554 more megs. A little lower below the download button is the
offline link. ;-) Speaking of which, should be done downloading...
--
Fred
www.fwrgallery.com
"Life is like linux, simple. If you are fighting it you are doing something wrong."
More information about the ubuntu-users
mailing list