LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 09-26-2011, 11:21 AM   #1
wjnso2
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Rep: Reputation: 0
Trojan Sasfis


HI

I'm relatively new to Linux. I am using CLAM on Linux mint 10 and a recent scan stated it detected the Trojan Sasfis.
The interent appears to state this is a "Windows only" virus. I'm guessing this will do no harm but Id still like to get rid of it. CLAM does not seem to have this capability.

Does anyone have any suggestions on how I can remove it?
Thanks
 
Old 09-26-2011, 12:02 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,374
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
Moved: as it is not a question about Linux Security this thread is more suitable in the General forum. Your thread has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 09-26-2011, 12:06 PM   #3
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047Reputation: 4047
The best way would be to delete the infected file and download it again from a trusted source, with a new scan after that of course. Since Windows-only viruses can't spread on a Linux platform it obviously has to be in the original file it came in. If it still is there after re-downloading I would refuse to use that software at all.
 
Old 09-26-2011, 12:09 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,374
Blog Entries: 54

Rep: Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870Reputation: 2870
IIGC this trojan spreads via email and installers. If you find this attached to emails on your Linux file system you could (make a backup and) open the mailbox if it is a plain text file in an editor and edit out the MIME part. If it's installers or executables you just delete them. If you conveniently forgot to mention you scanned your Wintendo partitions instead and it is installed there already check for removal tools from reputable AV firms. Else contemplate nuking your Wintendo installation and re-install from scratch.
 
Old 09-26-2011, 01:05 PM   #5
wjnso2
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks for the responses. The computer infected is a Linux only computer with nothing relating to windows on it. It probably came in via email. The scan keeps saying its in my inbox, although I dont see any unusual files.

Unspawn, your comment made me think to uninstall and then reinstall Thunderbird(email client). Maybe this will erase the Trajan if it indeeed is still within the email directory.
 
Old 09-27-2011, 08:55 AM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,381

Rep: Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109
Just make sure that all of your Windows logins are non-Administrator accounts, and that your Windows installations on those computers are up-to-date.

Malware for Windows always assumes what is too-often true: that the users in question are password-free Administrators. In other words, sitting ducks.

But otherwise, the popular term "virus" is entirely a misnomer -- chosen, of course, for marketing reasons. There's nothing biological about a computer program. Computer software installations can be modified without your knowledge i-f you foolishly give yourself the power to make such modifications, but if you "simply don't do that," the program is powerless.

Last edited by sundialsvcs; 09-27-2011 at 08:56 AM.
 
Old 09-30-2011, 10:13 AM   #7
wjnso2
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Original Poster
Rep: Reputation: 0
I have 3 email accounts on Thunderbird. Deleting only the infected email account (as well as its inbox) rather than Thunderbird removed the Trojan. I then reinstalled the email account and rescanned. Everything is fine.
 
  


Reply

Tags
virus


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSHD or Trojan? sucram2g Linux - Security 2 02-08-2007 11:38 AM
LKM trojan? help! synaptical Linux - Security 3 03-07-2004 07:16 AM
lkm trojan nullpt Linux - Security 3 12-26-2003 06:42 PM
lkm trojan nullpt *BSD 3 12-25-2003 12:09 AM
Possible Trojan ! FreeFox Linux - General 4 08-03-2003 08:52 PM


All times are GMT -5. The time now is 06:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration