[SOLVED] Virus infested my laptops (dell 620 D820etc) 17. by doing a loopback on the cd rom cannot remove.
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
If you want to wipe the hard drive, just go back to gparted and delete the partitions from /dev/sda. It appears that this is the only hard drive in the laptop. The structure looks like a very conventional default Linux install:
/dev/sda1 = big main OS partition (ext4)
/dev/sda2 = small extended container partition (contains other partitions)
/dev/sda5 = small swap partition (within sda2)
In gparted, delete all three of these partitions and click on the check button to make it perform the requested actions.
This will wipe the drive with the exception of the main boot record. You can use various methods to truly erase everything on the drive, but start with this.
Afterward, you should see /dev/sda with no partitions, just unallocated space.
Do not concern yourself with /rofs or cloop. Those are associated with the Mint LiveCD. There is only one actual hard drive. It is the only thing you need to wipe. You can use similar procedures to wipe any USB drive.
If you want to use GParted to delete partitions, you must first unmount them or verify that they are not mounted whether you are using an installed system or a GParted
bootable iso on a CD/DVD or flash drive. When you open GParted, you see the main window with the various drives/partitions and you click on one to highlight it and then
right click to see if you have an unmount option. If you do, that means it is mounted so click unmount to unmount it. Verify all the partitions you want to delete are
not mounted and then click the Partition tab at the top and select Delete.
I booted a Mint 17 iso and shred is on it so either you used the wrong command or you need to prefix the command you want to run with sudo.
I agree with IsaacKuo in post #13 above ... I, too, do not smell a "virus" here ... and I strongly urge you to stop.
"ROFS" means "Read-Only File System." Most of the other "symptoms" that you describe here also appear to have benign(!) explanations.
Always remember: "a digital computer isnot(!) a biological organism. You might be able to be struck with Ebola just by walking into the wrong elevator, but your computer can't. All that it can do is to execute software. Your computer, therefore, cannot "become infected," in the biological sense. This is the biggest fallacy that has ever been thrust upon the general public by snake-oil salesmen.
As above, you could use a LiveCD to mount and clean HDDs or some distros eg RHEL/Centos come with a Rescue Mode option on the install media, which enables you to do the same ie mount offending HDDs as purely data disks and then format+mkfs etc.
DBANNED Installed Clamtk here are results: 107 virus 1 trojan
Thank you all for all your help! I FINALLY have the data you need. It took quite awhile and a lot of DBAN to get here. I am using a dell latitude with 17.1 Mate 32 bit installed yesterday from a CD, after using it as a live user for 2 days, installing nothing, just changing all my passwords, and replacing old e-mail addresses with new as sign on and recovery. I changed my cell number. I talked to my ISP, if you recommend that I trade in my modem then we are ready. Whatever you need let me know.
I put 3 pkgs on. 2 from the software manager: Qbittorrent, Picasa (installed but NOT have opened it yet) and Clamtk from a Linux site
Clamtk took me a long time to get- I finally was able to install it but cannot retrieve one update. I was able to scan / I have 8 screen shots of all the info. 107 viruses, 1 trojan. The part citing the trojan I also saved as a copy and blew it up. I still have the original screen shot and will include that too. It will tell you way more than I can.
Here is my Problem at the moment: When I went to quarantine all of them, the results were gone and the results showed zero. If I had not taken the screen shots first, I would have nothing to show you.
Lastly, on the blown up image you will not see a date or time, if you look at the smaller images it will show this information.
My previous idiocy is what threw you off. The upshot to that mess was I was using an infected usb and giving myself the same virus again and again, is what I believe happened. Another possibility is that someone has my IP. Nothing has been compromised, my bank accounts etc.
Windows is not installed on this laptop. It has been completely wiped by Dban 2ce. Then I inserted a CD of 17.1 and installed it. I just went into the terminal to update Clamtk because I cannot do so in the menu. When I did the 'apt-get update Clamtk'
It stated that I had the latest version. Then it wanted to update quite a few more things. I copied the entire session; here is the link:
I too am wondering if you installed some things in wine where you'd get a C:\ drive or what??
Do you have another drive in the machine also? Use Gparted on top right for pull down to see if you have an extra drive or recovery drive in there. Even if the partition was marked hidden it should have shown up in gparted.
The "WIN" stuff in the screenshots are files which may affect Windows, not Linux - although it looks like a Windows application for Picasa is indeed installed via WINE.
The stuff in .cache/mozilla/firefox would have nothing to do with the USB drive. It's just garbage you may have picked up while web browsing.
But in any case, it's likely that nothing listed in the screenshot is a trojan or a virus. They start with "PUA" which simply means "Potentially Unwanted Application". But the stuff listed is all probably wanted or simply incidental false positives. The libreroffice templates, for example, are just sample template files which ship with libreoffice. They exist in the place you'd expect them to exist - in /usr/.../share/..., which is a directory only root would have access to anyway. The location of Picasa is also where I'd expect something you wanted to install it would go. The stuff in the firefox cache is probably just random junk you've picked up while web browsing.
I stand by my original assessment that the symptoms do not sound like any virus is involved. Just expected behavior from trying to use gparted on a read only cdrom filesystem.