LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-24-2015, 10:32 AM   #1
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Rep: Reputation: Disabled
Possible malware infection on Mint 13 -- need help


When I went to check my email this morning, there was a new (gigantic) ad bar at the top of my gmail page. I tried to see if there was any mention of it on google, and noticed that an even more gigantic ad bar appeared at the top of each search result. The ad bar has "ad by: Media Player" in one corner, but no option to close it. I've restarted my computer, and checked to make sure my system updates were current. I've scanned my home directory with ClamTK, and nothing comes up. I've tried to download a free trial of Bitdefender (I thought this was free, but it isn't showing up in the package repository any more, so maybe not?) but whenever I try to access the Bitdefender home page or the home page of any other antivirus scanner, I get a giant malware-y looking ad page that says "YOUR COMPUTER MAY HAVE A VIRUS" with a phone number to call for help. I have not called the number. I'm very concerned now. I want to do a full system scan, but ClamTK doesn't appear to have that capability, and I don't know how to download another antivirus program safely with the ad blocking my access to the antivirus websites. Can someone help me please?

I'm running Mint 13 Maya/Cinnamon. I'm using Firefox as my browser. I did check to see if there were other reports of this problem with Firefox or Google, but couldn't find anything current.

Last edited by loshakova; 02-24-2015 at 10:35 AM. Reason: add info
 
Old 02-24-2015, 10:37 AM   #2
helios98
Member
 
Registered: Dec 2014
Distribution: Lubuntu on Chromebook c300
Posts: 35

Rep: Reputation: Disabled
Quote:
Originally Posted by loshakova View Post
When I went to check my email this morning, there was a new (gigantic) ad bar at the top of my gmail page. I tried to see if there was any mention of it on google, and noticed that an even more gigantic ad bar appeared at the top of each search result. The ad bar has "ad by: Media Player" in one corner, but no option to close it. I've restarted my computer, and checked to make sure my system updates were current. I've scanned my home directory with ClamTK, and nothing comes up. I've tried to download a free trial of Bitdefender (I thought this was free, but it isn't showing up in the package repository any more, so maybe not?) but whenever I try to access the Bitdefender home page or the home page of any other antivirus scanner, I get a giant malware-y looking ad page that says "YOUR COMPUTER MAY HAVE A VIRUS" with a phone number to call for help. I have not called the number. I'm very concerned now. I want to do a full system scan, but ClamTK doesn't appear to have that capability, and I don't know how to download another antivirus program safely with the ad blocking my access to the antivirus websites. Can someone help me please?

I'm running Mint 13 Maya/Cinnamon.
The only way a virus could happen in Linux is if you start typing in root commands in the terminal being root like sudo su or doing other root commands. Either than that it is almost impossible to get a virus in Linux.
 
Old 02-24-2015, 10:45 AM   #3
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
Well, then I don't understand how I could suddenly be getting all these ads, and be getting rerouted to bogus pages when I try to click on legitimate links. I know viruses and malware on Linux are uncommon, but this doesn't seem normal to me.

I have previously done some tasks as su, most recently when I was trying to get a new printer to work (previous thread -- still not completely resolved). That was a few weeks ago. This just started this morning.
 
Old 02-24-2015, 10:58 AM   #4
helios98
Member
 
Registered: Dec 2014
Distribution: Lubuntu on Chromebook c300
Posts: 35

Rep: Reputation: Disabled
Quote:
Originally Posted by loshakova View Post
Well, then I don't understand how I could suddenly be getting all these ads, and be getting rerouted to bogus pages when I try to click on legitimate links. I know viruses and malware on Linux are uncommon, but this doesn't seem normal to me.

I have previously done some tasks as su, most recently when I was trying to get a new printer to work (previous thread -- still not completely resolved). That was a few weeks ago. This just started this morning.
Have you install any addons on your browser lately?
 
Old 02-24-2015, 11:11 AM   #5
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: Oregon, USA
Distribution: Lubuntu 14.04, Windows Vista
Posts: 5,193
Blog Entries: 3

Rep: Reputation: 695Reputation: 695Reputation: 695Reputation: 695Reputation: 695Reputation: 695
Hi...

No, it's not normal. This screams of some kind of ad/spyware infection but I didn't know this was happening on Linux systems. I guess that time may be arriving.

I'm not sure if this will help but are you able to download Comodo's Antivirus for Linux here? There is a download option for Mint.

Not sure why this could be happening, unless, like helios98 mentioned, you installed any browser add-ons or any other software that contains malware.

Regards...
 
Old 02-24-2015, 11:16 AM   #6
helios98
Member
 
Registered: Dec 2014
Distribution: Lubuntu on Chromebook c300
Posts: 35

Rep: Reputation: Disabled
Quote:
Originally Posted by loshakova View Post
Well, then I don't understand how I could suddenly be getting all these ads, and be getting rerouted to bogus pages when I try to click on legitimate links. I know viruses and malware on Linux are uncommon, but this doesn't seem normal to me.

I have previously done some tasks as su, most recently when I was trying to get a new printer to work (previous thread -- still not completely resolved). That was a few weeks ago. This just started this morning.
I've done some research. there is a anti virus for Linux called Clam AV and it detects trojans, viruses, malware & other malicious threats. You can visit their site at clamav.net
 
Old 02-24-2015, 11:24 AM   #7
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
I installed Adblock Plus after I noticed the problem, but it hasn't fixed it. I haven't installed any other add-ons recently.
 
Old 02-24-2015, 11:27 AM   #8
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
Thank you, but as I mentioned, trying to navigate to any of the main antivirus pages was causing me to be rerouted to a bogus "YOUR COMPUTER MAY HAVE A VIRUS" webpage.

I found instructions for installing Bitdefender through the terminal as su, and did that. I'm running a full scan now. It has about 2 hours left to go.
 
Old 02-24-2015, 11:31 AM   #9
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Ubuntu MATE, Mint MATE & antiX MX-15
Posts: 1,664
Blog Entries: 5

Rep: Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562
Whilst the information on this link is aimed mainly at Windows users, the advice for removing the "Ads by MediaPlayer" virus from browsers is relevant:

http://malwaretips.com/blogs/ads-by-...layer-removal/
 
Old 02-24-2015, 11:32 AM   #10
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,260

Rep: Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948Reputation: 1948
What browser are you using? Have you tried another? If you didn't run anything as root/sudo, then the infection is limited to your home folder. Deleting the settings folder for your browser would probably clear it up.
 
Old 02-24-2015, 11:40 AM   #11
albinard
Member
 
Registered: Jan 2011
Location: New Mexico
Distribution: Xubuntu Core
Posts: 183

Rep: Reputation: 58
Comodo is produced by the Komodia firm, the same one that makes the Superfish malware that has been found recently on Lenovo computers. It injects a fake certificate that unlocks all SSL sites on the Internet.

That might be what is affecting your browser.
 
Old 02-24-2015, 11:44 AM   #12
Soadyheid
Senior Member
 
Registered: Aug 2010
Location: Near Edinburgh, Scotland
Distribution: Cinnamon Mint 17.0 at present.
Posts: 1,174

Rep: Reputation: 201Reputation: 201Reputation: 201
I agree with suicidaleggroll, try another browser. I'd reckon you've got some junk attached to the one you're currently using. Try blowing away the history and clearing the cache and cookies. Check and disable any plugins and check its operation again.

To the Gurus: Could this be some sort of java contamination associated with the browser? As mentioned, a rogue plugin?

I agree with the others, the probability of you having picked up a Linux virus is extremely low to non existent.

Play Bonny!

 
Old 02-24-2015, 11:57 AM   #13
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: Oregon, USA
Distribution: Lubuntu 14.04, Windows Vista
Posts: 5,193
Blog Entries: 3

Rep: Reputation: 695Reputation: 695Reputation: 695Reputation: 695Reputation: 695Reputation: 695
Quote:
Originally Posted by albinard View Post
Comodo is produced by the Komodia firm, the same one that makes the Superfish malware that has been found recently on Lenovo computers. It injects a fake certificate that unlocks all SSL sites on the Internet.

That might be what is affecting your browser.
Hi...

I didn't know this and I will research it. But I don't think it's affecting his browser since he wasn't even able to get to the download page.

Regards...

EDIT: I did some research and yes, there are HTTPS certificate issues with Comodo's Privdog which could expose folks to "man in the middle" attacks. From what I understand, this only affects the "stand alone" version of Privdog, not the one bundled with Comodo Internet Security. CIS itself I think works fine and is not affected by this. Here are a couple articles I found concerning this...

https://blog.hboeck.de/archives/865-...Superfish.html

http://arstechnica.com/security/2015...s-get-simpler/

Last edited by ardvark71; 02-24-2015 at 01:15 PM. Reason: Spelling correction, Added information.
 
Old 02-24-2015, 12:20 PM   #14
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
I'm still in the process of running the system scan, but it has found 2 infected files so far. So, not just my browser, it looks like.

I saved a screenshot of the page I was getting redirected to when I tried to go to the Bitdefender and Clam AV sites.
 
Old 02-24-2015, 12:24 PM   #15
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: tri boot :: Fedora 22 && 23 && Rawhide == Testing Systemd
Posts: 222

Rep: Reputation: 50
i have had my firefox browser ads hijacked by some malware in linux, removing firefox with package manager and deleting .mozilla from home folder fixed it.

edit: i installed firefox after those steps and ads disappeared.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Spyware Malware removal software in Linux Mint? Novatian Linux - Security 4 12-13-2014 10:17 AM
Malware infection in Linux snatale1 Linux - Software 12 01-12-2012 03:29 PM
[SOLVED] malware scanner for Mint? catilley1092 Linux - Security 5 03-28-2010 01:22 AM
[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 22 08-17-2008 02:05 PM
May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 1 06-12-2008 06:10 AM


All times are GMT -5. The time now is 05:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration