LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-11-2013, 03:44 PM   #1
xfool
Member
 
Registered: Aug 2013
Posts: 49

Rep: Reputation: Disabled
Red face Bad Virus on asus 900 xandros has root access


Greetings,

I have a nasty virus that has taken over my asus eee pc 900 Xandros linux. I know nothing about linux and embarrassing as this is, I don't understand the manual. Ok, I hope I am giving you the info correctly: It took the 2nd partition and labeled it /ro. I unmounted the second partition but it simply moved to / as a file called ro that when you click on it you find that it is a directory. It mimics Xandros i.e in task manager you will see keysguard, system and below it is keysguardd, virus. All the processes show that they are sleepig. I am unable to access packages and repositories, I get an error that i386 & dhcop? is missing. I tried to go thru the terminal, following instructions, and get no such bash 'sudo' command. It has full internet access. I changed my access point and password with my isp but the nasty is attached to me and gets my password. Also in the task manager are netmonitor2 listed 3 times and powermonitor, I kill the netmonitor2s, when I try to kill powermonitor I get a message stating that the connection has been lost. There a host of other things like I can not download anything, it gives me tar errors (but that may be me making mistakes) I am getting desperate! I have no info on the 900 and have reset to factory 3 times, no help at all. For all intent and purposes It is me to the 900. Does anyone have any suggestions? My gratitude would never cease. 1 thing I do have to say I have no knowledge of Asus speak. If you have any suggestions,,please give as you would to a 5 year old! Thanks again for any help you can offer!

Last edited by xfool; 08-11-2013 at 03:47 PM.
 
Old 08-11-2013, 04:56 PM   #2
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Xandros & freespire have been discontinued so I doubt if you willget a working system from it. May as well back up important data & install another os.
The latest was Debian based, so try Debian or LMDE
 
Old 08-11-2013, 05:09 PM   #3
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,184

Rep: Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168
Junk it and buy a Samsung Chromebook for $249.
 
Old 08-11-2013, 05:23 PM   #4
xfool
Member
 
Registered: Aug 2013
Posts: 49

Original Poster
Rep: Reputation: Disabled
Thank you. I think this has debian, but I am not sure. I tried to go to Ubuntu but was denied access.I just went into terminal as user/ root I typed in tar --help and was given instructions for back up. Underneath was the following:
*THIS* tar defaults to:
--format=gnu -f- -b20- --quoting-style=escape --rmt-command=/usr/sbin/rmt
rsh-command=/usr/bin/rsh

I'm guessing rmt = remote and usr = user and I need a new hdd?

Thank you for the quick response. Truly amazing and very kind.I had already registered under another name (bad advice from a good friend with the best of intentions) and didn't remember that I did. I was so confused- I have a 701 with the same exact problems so I have been running around in circles. I appreciate your help, bad news or not.

Good health to you and yours.
 
Old 08-11-2013, 05:35 PM   #5
xfool
Member
 
Registered: Aug 2013
Posts: 49

Original Poster
Rep: Reputation: Disabled
Snowpine- thanks for making me laugh. I've spent twice that in hair dye trying to figure this out. Luckily, I have an Acer Aspire- although that is in for repair from the same virus. So is my android tablet. I am cursed, I swear. The really sad part is that I bought the 900 forgetting that I had a bid on the 701 on ebay. Next I am going to have to put an enormous fake flower on my car antenna to find it in the grocery store parking lot.

Thanks again for the chuckles- have a great day!
 
Old 08-11-2013, 05:45 PM   #6
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,184

Rep: Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168
It wasn't a joke.

EDDY1 gives you some good advice; Xandros is completely unsupported, so you should either wipe the hard drive completely and do a fresh reinstall of a supported operating system (choose something specifically for low-end hardware such as Antix or Crunchbang), OR replace the hardware entirely as I suggest (the EEE 900 has very poor hardware specs by 2013 standards; you can get a much better computer in the price range of $0-300).

ps How do you know it is a virus??
 
Old 08-11-2013, 06:52 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
I very much doubt it would be a virus rather the OP (with all due respect) not being that familiar with how the OS operates "under the hood", maybe with some HW/SW problems sprinkled on top. And sure the stock SDD the Eee came with five years ago will be sluggish compared to current specs but not everybody has the inclination to immediately go off and buy the newest gizmo. Backing up data and installing a "light" current, maintained Linux distribution should be the way forward. Might require UNetbootin to create a bootable USB drive.
 
Old 08-11-2013, 08:32 PM   #8
rokytnji
LQ 5k Club
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17 , ChromeOS
Posts: 5,075
Blog Entries: 20

Rep: Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326Reputation: 2326
http://antix.freeforums.org/viewtopic.php?f=4&t=3868

For the instructions above. Download and install 13.1 386 AntiX Full iso to secondary 16gig ssd drive. Format the soldered 4 gig ssd as ext2 and use it for storage like a pendrive.

If videos help

https://www.youtube.com/watch?v=9kCotJWcoiE

I still have my 701SD and 900 and both run AntiX 13.1 now. I ditched Xandros ages ago and I had my Xandros install tricked out

SD cards hold my movies and comic books. They fit in my motorcycle saddlebags quite nicely.

Quote:
System: Host: antiX1 Kernel: 3.3.5-antix.1-486-smp i686 (32 bit)
Desktop: IceWM 1.3.7 Distro: antiX-full Edelwei▀piraten 26 May 2012
Machine: System: ASUSTeK product: 900 version: 0405
Mobo: ASUSTeK model: 900
version: x.xx Bios: American Megatrends version: 0601 date: 05/26/2008
CPU: Single core Intel Celeron M (-UP-) cache: 512 KB flags: (nx sse sse2) clocked at 900.106 MHz
Graphics: Card: Intel Mobile 915GM/GMS/910GML Express Graphics Controller
X.Org: 1.12.1.902 drivers: intel (unloaded: fbdev,vesa) Resolution: 1024x600@59.5hz
GLX Renderer: N/A GLX Version: N/A
Audio: Card: Intel 82801FB/FBM/FR/FW/FRW (ICH6 Family) High Definition Audio Controller driver: snd_hda_intel
Sound: Advanced Linux Sound Architecture ver: 1.0.24
Network: Card-1: Atheros L2 Fast Ethernet driver: atl2
IF: eth0 state: down mac: <filter>
Card-2: Atheros AR242x / AR542x Wireless Network Adapter (PCI-Express) driver: ath5k
IF: wlan0 state: up mac: <filter>
Drives: HDD Total Size: 22.2GB (3.2% used) 1: id: /dev/sda model: ASUS size: 4.0GB
2: id: /dev/sdb model: ASUS size: 16.1GB
3: USB id: /dev/sdc model: DataTraveler_2.0 size: 2.0GB
Partition:
Sensors: System Temperatures: cpu: 54.0C mobo: N/A
Fan Speeds (in rpm): cpu: 0
Info: Processes: 85 Uptime: 15 min Memory: 154.7/2016.8MB Client: Shell inxi: 1.8.5
 
Old 08-11-2013, 08:48 PM   #9
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,132
Blog Entries: 14

Rep: Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067Reputation: 3067
What they said about Xandros is quite true. And it was lame out of the box.

Your best course of action is likely to reformat the drive and install something else.

If you do want to investigate the virus theory more closely, I can recommend Trinity Rescue Kit. It packs a large toolbox of troubleshooting in a small package. When one of my acquaintances needed help with her Windows computer, the first thing I did was burn Knoppix and TRK CDs (turned out I didn't need them, but that's another story).

Frankly, although I am as paranoid about viruses as anyone (I'm one of the minority of Linux users who routinely runs an AV program), I must say I've not heard of a Linux virus in the wild, so I tend to agree with unSpawn that there's likely something else going on.

I would urge you to investigate it further, because I think that would be a great way for you to hone your skills.

Last edited by frankbell; 08-11-2013 at 08:49 PM.
 
Old 08-12-2013, 01:46 AM   #10
xfool
Member
 
Registered: Aug 2013
Posts: 49

Original Poster
Rep: Reputation: Disabled
Snowpine, I apologize for misinterpreting your post. The fact that you took the time to read and advise makes my response even more rude. I did not intend for it to be. Mea maxima culpa.
I routinely back up my computers to an external. The acer got the trogan. I had to have the hdd replaced. I didn't wipe my external. There was an odd file. I clicked on it and got a little message that said Thank You. I ignored it. On my new hdd some oddities occurred so I restored to factory and rebooted from my image that I made the very first day. The trogan took over my c drive turned it into X. I had zero access to anything. Not one antivirus could detect it. I used the Kaspersky rescue disk. Every command was blocked and my Internet was shutdown. I turned to the 900. In the beginning all was going well. I followed the Tux family guides to get the launch instead of easy mode. I made an error and duplicated 2 repositories. I turned to the tuxfamily again to find out how to correct this. They had comprehensive directions. Before I used them I created a back up. I followed the directions and kept getting errors. I assumed that I boggled and reset to factory with my external connected. Then things went from bad to worse. I went into the terminal to update packages by using sudo synaptic. There were 118. I chose apply. The updates downloaded but would not install. I looked at the event log and there were an enormous amount of warnings. So I used Kwrite get-app, the text editor came up and I copied and pasted the tuxfamily great information. I saved the text and when the terminal did it's thing. I reopened the text editor file wanting to understand how kde worked. On the bottom of the text was a full set of new commands that contradicted mine. I don't know enough to have written that. All files became locked stating that I need to have permission to view files. Downloads were being cancelled. I was unable to update my browser. Mozilla was stumped. This was becoming acer redux. I have saved all the event logs, the errors etc. Then I find out that there is a .exe trojan called win32 delf.Bc. I called Microsoft and was advised it was a Linux based Trojan. So my acer infected my 701 and my 900. Like an idiot I downloaded kaspersky pure to my tablet to a flash Dr. I put the flash into the 900. It wouldn't even download. Thinking that I had not copied the file correctly, I hooked the flash back to the tablet and the file was indeed there as well as a small surprise. The tablet actually locked me out totally by using face lock. Since I had no idea that face lock was there it wasn't my error. On the 900 when I created my wireless a message came up that my Internet was being used by another party. I hit details and there was a User called lanse connected. I had encrypted, used wps and password. Then other users began showing up using my wireless name as dependant on and fall back. I deleted my account and created another thru network changed my wl name and the users popped up again dependant on and fallback my new User name. I called my isp had my access and password changed. When I created my wireless I went pending, verbose sleeping. I hook directly into my router
 
Old 08-12-2013, 01:53 AM   #11
xfool
Member
 
Registered: Aug 2013
Posts: 49

Original Poster
Rep: Reputation: Disabled
Sorry I ran out of room. I have auto correct and it keeps changing Trojan to trogan. I truly do know how to spell. Into the router set up my lan and my wireless. Same scenario. That's why I think it is a Trojan. Sorry to write the sequel to war and peace but there wasn't any other way to connect it together.
 
Old 08-12-2013, 02:18 AM   #12
xfool
Member
 
Registered: Aug 2013
Posts: 49

Original Poster
Rep: Reputation: Disabled
To Unspawn, Rokytnji and FrankBell:
With all of you, who are incredibly knowledgable agreeing that it most likely my lack of experience and familiarity with the os, I'm going with your advice and conclusions. I am so impressed by all of you responding and being so kind. I truly appreciate all of your help and guidance. I wish I had asked this forum before the 'unnatural' events occurred. I'm sure that all would have been fixed immediately with your tutoring. I didn't forget you Eddy1. You were the first to respond, and so courteous. I'm sorry I wrote you a book. I'm going to take the classes before I start assuming that it is a Trojan and not operator error.
Many thanks to all of you! You are a wonderful group! Regards.
 
Old 08-12-2013, 06:59 AM   #13
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,184

Rep: Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168
You got some bad advice, my friend. According to Microsoft's own website, win32 delf.Bc is a Windows trojan that lives in the Windows system folder and infects the Windows registry. Linux does not have a Windows system folder or a windows registry, therefore it is immune to this threat.

http://www.microsoft.com/security/po...in32%2fDelf.BC

Sounds like you spoke with a salesperson trying to instill a sense of FUD (Fear Uncertainty and Doubt) to make you scared of Linux so you would buy Microsoft Windows instead.

If I had to guess (since I have not seen your logs or error messages) I'd say that the upgrade warnings were due to the fact Xandros is unsupported (and didn't really have much support to begin with). I recommend that you do not follow tutorials and how-to's from random websites and blogs, but rather follow the official documentation for a currently-supported distro. If you create the Live USB for whichever distro you pick on a computer you trust to be non-infected, and then use it to completely wipe the EEE and do a fresh install, then you are guaranteed to wipe out whatever malware may or may not be living there. Or you can spend $249 on a Chromebook--my roommate is an older gentleman with zero computer knowledge; he bought the Chromebook last month and is happily web surfing, emailing, and watching Youtube on a malware-free Linux system with up-to-date software, without any effort or technical skills.
 
Old 08-12-2013, 08:45 AM   #14
xfool
Member
 
Registered: Aug 2013
Posts: 49

Original Poster
Rep: Reputation: Disabled
I agree. I must be doing something wrong. I sent both back to Asus and they reinstalled the OS. When I got them back I still had the same problems. The only common denominator is me. Thank you for reminding me of the very first rule, if you don't understand the manual call the manufacturer. The absolute worst is I was under the impression that windows was Linux and that the 'trojan' scenario could and did happen. You all have been super, I regret causing you to expend such effort. This forum is very lucky to have you. With many thanks and twice the appreciation, I remain, the xfool.
 
Old 08-12-2013, 09:15 AM   #15
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,184

Rep: Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168Reputation: 1168
My recommendation is that you not bother expending any more effort trying to troubleshoot or analyze the problem with Xandros. It is like asking "I baked a cake with some expired milk I found at the back of the fridge. Why does the cake taste bad, and what are the specific steps to make a delicious cake with this curdled milk?" A better recommendation is to replace the spoiled milk (Xandros) with fresh milk (current version of Antix, Crunchbang, Debian, etc). Fortunately, Linux doesn't cost anything, so it's like getting a free lifetime supply of fresh milk.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ASUS EEEPC 900 Linux Xandros 4GB Pearl White doncos Linux - Laptop and Netbook 14 11-21-2011 06:23 PM
Asus Eeepc 900 Xandros - Youtube videos don't run! ruistracke Linux - Newbie 5 09-13-2011 01:06 PM
No AV database found upon av scan Linux Xandros FF2.0 EPC 900 4GB doncos Linux - Software 1 05-16-2010 03:42 AM
lfs on the asus eee (900 for me) jason87x Linux - Software 1 07-01-2009 09:48 PM
ericson 810 on asus 900 pommern Linux - Wireless Networking 2 09-28-2008 07:46 AM


All times are GMT -5. The time now is 11:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration