LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-24-2015, 12:29 PM   #16
jross
Member
 
Registered: Apr 2014
Distribution: Xubuntu 14.04
Posts: 164

Rep: Reputation: Disabled

It's alarming to me that every time someone brings up malware in linux, a lot of people seem to immediately dismiss it without even looking into it. It just seems to me that when it comes to security these days, you can't take anything for granted.

I always post this video of a successful malware attack (using firefox and flash) on a linux machine:

https://www.youtube.com/watch?v=94QsgdXnsmU
 
Old 02-24-2015, 12:31 PM   #17
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
@loshakova: please read replies carefully as others have suggested trying another browser or at least using a clean profile (as that would give you a clean slate wrt history, cache, cookies, addons and plugins). This is something you can efficiently try while your system scan runs and could speed up troubleshooting.
 
Old 02-24-2015, 12:37 PM   #18
albinard
Member
 
Registered: Jan 2011
Location: New Mexico
Distribution: Xubuntu Core
Posts: 183

Rep: Reputation: 58
More on the Komodia stuff, from Ars Technica:

http://arstechnica.com/security/2015...mber-of-users/
 
Old 02-24-2015, 12:39 PM   #19
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: Slackware
Posts: 7,007

Rep: Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530Reputation: 2530
It's extremely unlikely that you got Komodia malware.

I'd look into a new browser profile (as many cool heads have correctly recommended) and also maybe take a paranoid peek at /etc/hosts.

Last edited by dugan; 02-24-2015 at 12:41 PM.
 
Old 02-24-2015, 12:39 PM   #20
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by jross View Post
when it comes to security these days, you can't take anything for granted.
FWIW it's not just "these days" and one shouldn't take anything for granted anyway. And if people would just try to inform themselves properly (gaining in-depth knowledge by doing proper research is probably too much to ask for) instead of trying to piece things together from hearsay, sensationalist articles on popular web sites and video tutorials we would have less scaremongering and more detached, efficient, technical troubleshooting going on...
 
Old 02-24-2015, 01:20 PM   #21
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
The scan finished. It found two different pieces of malware, as follows:

Exploit.PDF-JS.Gen.C03
Gen:Trojan.Heur.GM.2008040880

These both look to be several years old, which struck me as odd -- I only updated my OS about a year ago, and I was running regular scans with Bitdefender beforehand.

I tried to delete the files through Bitdefender, but wasn't able to, so I did it manually. I then realized that I'd forgotten to check for Bitdefender updates before running the scan (d'oh), so I downloaded them and then tried to run a fresh scan to confirm I'd solved the problem. I'm now getting a segmentation fault message when I try to run a new scan. Suggestions?
 
Old 02-24-2015, 01:43 PM   #22
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: Oregon, USA
Distribution: Lubuntu 14.04, Windows Vista
Posts: 5,166
Blog Entries: 3

Rep: Reputation: 692Reputation: 692Reputation: 692Reputation: 692Reputation: 692Reputation: 692
Quote:
Originally Posted by loshakova View Post
The scan finished. It found two different pieces of malware, as follows:

Exploit.PDF-JS.Gen.C03
Gen:Trojan.Heur.GM.2008040880

These both look to be several years old, which struck me as odd -- I only updated my OS about a year ago, and I was running regular scans with Bitdefender beforehand.

I tried to delete the files through Bitdefender, but wasn't able to, so I did it manually. I then realized that I'd forgotten to check for Bitdefender updates before running the scan (d'oh), so I downloaded them and then tried to run a fresh scan to confirm I'd solved the problem. I'm now getting a segmentation fault message when I try to run a new scan. Suggestions?
Hi...

Not sure, if you don't get an answer here, perhaps the folks over at Bitdefender forum could give you a hand. Have you tried the advice by //////, dugan and others by uninstalling and reinstalling the browser, deleting the settings folder for the browser or creating a new profile?

Regards...

Last edited by ardvark71; 02-24-2015 at 01:46 PM. Reason: Correction.
 
Old 02-24-2015, 01:44 PM   #23
helios98
Member
 
Registered: Dec 2014
Distribution: Lubuntu on Chromebook c300
Posts: 35

Rep: Reputation: Disabled
Quote:
Originally Posted by loshakova View Post
The scan finished. It found two different pieces of malware, as follows:

Exploit.PDF-JS.Gen.C03
Gen:Trojan.Heur.GM.2008040880

These both look to be several years old, which struck me as odd -- I only updated my OS about a year ago, and I was running regular scans with Bitdefender beforehand.

I tried to delete the files through Bitdefender, but wasn't able to, so I did it manually. I then realized that I'd forgotten to check for Bitdefender updates before running the scan (d'oh), so I downloaded them and then tried to run a fresh scan to confirm I'd solved the problem. I'm now getting a segmentation fault message when I try to run a new scan. Suggestions?
i've think i have found your solution here
 
Old 02-24-2015, 02:22 PM   #24
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 269

Rep: Reputation: 83
Is the malicious browser behaviour gone after you removed the files? And cleared your browser profile like suggested?

If the problem happens on https://www.google.com/: Check the certificate (Click on the icon left of the address). The certificate must be issued by "Google, Inc". Google only use their own certificate authority.


There are two main posibilities:

1) Something on your computer got corrupted

2) The junk is injected on the way from and to your computer. Hacked router, hacked internet service provider, dns spoofing, malicious wifi access point...

There is a relatively easy and relatively reliable way to identify case 2): Try torbrowser. If it is available for your distribution: Install it and check some sites which do not require a login. A bad hop in your communication route cannot intercept the encrypted traffic. There are some problems with tor though: Google might temporarily lock your account and force you to change your password because they think someone else knows your password. That is because you appear to be in some "random" country and Google flags the login attempt as suspicious. So do not try to login to your Google account in Torbrowser. And you will often see CloudFlare's captcha because tor exit nodes appear to do bad stuff all the time, and big hosters like CloudFlare flag their ip's as malicious. And do not download anything executable. The tor exit nodes can see and manipulate cleartext connections and provide manipulated programs.
 
Old 02-25-2015, 08:57 AM   #25
Soadyheid
Senior Member
 
Registered: Aug 2010
Location: Near Edinburgh, Scotland
Distribution: Cinnamon Mint 17.0 at present.
Posts: 1,168

Rep: Reputation: 201Reputation: 201Reputation: 201
Quote:
The scan finished. It found two different pieces of malware, as follows:

Exploit.PDF-JS.Gen.C03
Gen:Trojan.Heur.GM.2008040880
and what files were infected? I think the first one is a Java exploit so common to most platforms running java in the browser and the second looks like a Windows trojan. Does Bitdefender scan for Unix viruses or Windows viruses within files on a Unix/Linux box?, I'd reckon the latter.

@loshakova
To the point of appearing rude? HAVE YOU TRIED USING A DIFFERENT BROWSER OR CLEARING CACHE, COOKIES AND PLUGINS FROM THE ONE DISPLAYING THE PROBLEM??

You still haven't answered the question asked by most of us.

Play Bonny!

 
Old 02-25-2015, 09:33 AM   #26
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Nope. That's not rude: that's a valid question.

@loshakova: if you're about to ignore the above polite question (asked thrice now) then be warned I'll be making you reply using a different approach. You do not want that.
 
Old 02-25-2015, 09:37 AM   #27
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
@Soadyheid: No need for shouty caps. I'm sorry I didn't respond quickly enough for you. I wasn't able to get my problems with Bitdefender resolved yesterday -- still waiting for a response from their customer support, so I was waiting to post here too.

So far, in addition to running two full system scans and deleting a total of 6 pieces of malware from my hard drive, I have also uninstalled and reinstalled my browser through Package Manager and cleared all the settings. Things seem to be working again now.
 
Old 02-25-2015, 09:51 AM   #28
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
@UnSpawn: I don't know what to say. I wasn't ignoring anything. I'm home very sick with gut inflammation, and I have been trying to deal with my computer in between many trips to the bathroom. I did appreciate the advice I got here, and I followed it (please see previous post), but I couldn't be here all day yesterday.

I've never gotten this kind of a response on a forum here before.
 
Old 02-25-2015, 10:08 AM   #29
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by loshakova View Post
(..) I have also uninstalled and reinstalled my browser through Package Manager and cleared all the settings. Things seem to be working again now.
With Linux there is almost never a reason to un- and reinstall software. With your web browser the simplest easiest most efficient thing to do would have been to use a clean profile. As was suggested. Doing things ones own way has the advantage of learning things on ones own. However that not rarely amounts to learning things the hard way ;-p


Quote:
Originally Posted by loshakova View Post
I'm home very sick with gut inflammation,
I'm sorry to hear that. Get well soon.


Quote:
Originally Posted by loshakova View Post
I've never gotten this kind of a response on a forum here before.
That's because LQ is not your run of the mill forum where people don't really care. Here we do and to the extent that we sometimes feel certain members need a bit more TLC when things seem to be dragging along. We don't mind doing that as long as the result is positive ;-p And so it has been. Good to hear things seem to be working again.
 
Old 02-25-2015, 10:39 AM   #30
loshakova
Member
 
Registered: Apr 2012
Posts: 103

Original Poster
Rep: Reputation: Disabled
@UnSpawn: User ///// had suggested using Package Manager in Post #15. I didn't know how to create a clean browser profile, and had come back here to ask when I saw that suggestion, so I tried it instead first.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Spyware Malware removal software in Linux Mint? Novatian Linux - Security 4 12-13-2014 10:17 AM
Malware infection in Linux snatale1 Linux - Software 12 01-12-2012 03:29 PM
[SOLVED] malware scanner for Mint? catilley1092 Linux - Security 5 03-28-2010 01:22 AM
[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 22 08-17-2008 02:05 PM
May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 1 06-12-2008 06:10 AM


All times are GMT -5. The time now is 06:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration