[SOLVED] Possible malware infection on Mint 13 -- need help
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
It does and doesn't sound like malware. To me it sounds like ads and such being allowed to run in your browser. I always install AdWatch and NoScript, there are other add-ons, but I install add ons intended to limit what is allowed to be run in a web page, this has always helped me immensely.
Couple of things to try. First, try the add-ons and see if they can clean this up and resolve it. Next, save any bookmarks, un-install fully Firefox and then re-install it. Put in some add-ons to block scripts and ad pop ups and use those.
Sounds like you've already done the un-install/re-install. I suspect that you had an add-on which the writers of it are all fine with, but your common user is not because all it is, is a self serving add.
I personally use Ad Block Plus and No Script.
And if you hadn't done an un-install/re-install I'd recommend you check to see what add-ons you have installed because maybe an actual malware add-on got installed and this is why you're seeing these problems.
@rtmistler: I uninstalled and re-installed Firefox twice yesterday. I also cleaned out my cache/cookies/history and installed AdBlock Plus. None of that worked until I did the malware scan, and the scan found 6 pieces of malware, so I suspect that it was in fact a malware issue. I just checked anyway, and there are no unfamilar extensions. I have very few.
@jross: I checked, and I seem to have Java 7 installed. Should I remove it? On Firefox, I have the Iced Tea web plug-in, which uses Java. I didn't install it myself -- I think it came with the browser. Is that bad? Should I set it to "never activate"? There are several media players there that I don't remember installing, actually, so either they came with Firefox or they are unwanted guests. If there is one you know of that's trustworthy, I can set all the others to "never activate" and see if that will help. The only one that is currently on "always activate" is Open H264 Video Codec provided by Cisco Systems, Inc. I do watch Amazon Prime videos, so I need something that will play those.
@rtmistler: I uninstalled and re-installed Firefox twice yesterday. I also cleaned out my cache/cookies/history and installed AdBlock Plus. None of that worked until I did the malware scan, and the scan found 6 pieces of malware, so I suspect that it was in fact a malware issue.
Where were those files?
Uninstalling a browser does not remove your profile information (including, for example, a fake proxy configuration that points all web requests to a third party server where they can be intercepted). As we said before, you should have just switched to a clean browser profile, since that's probably the only thing that was infected.