LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-26-2010, 08:12 PM   #1
lahqash
LQ Newbie
 
Registered: Apr 2010
Posts: 8

Rep: Reputation: 0
winnow.compromised.ts.jsexploit.5.UNOFFICIAL and winnow.spam.ts.domains.158.UNOFFICIA


Hello, this is the second time clamav detects the malware on my laptop under ubuntu:
winnow.compromised.ts.jsexploit.5.UNOFFICIAL
winnow.spam.ts.domains.158.UNOFFICIAL
gspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIAL
what does this mean, is it serious and what is the origin of this infection?
 
Old 04-26-2010, 11:03 PM   #2
paulsm4
Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
It probably means you've been exchanging Microsoft Word files with someone who's Windows PC has been infected

The good news is that Windows malware probably won't affect your Linux system.

It should also be pretty easy to identify the offending .doc or .docx files, delete them (or at least copy them off to USB or some other safe, external media), and see if ClamAv stops reporting warnings.
 
Old 04-27-2010, 09:24 PM   #3
lahqash
LQ Newbie
 
Registered: Apr 2010
Posts: 8

Original Poster
Rep: Reputation: 0
thanks
 
Old 05-12-2010, 09:02 AM   #4
lahqash
LQ Newbie
 
Registered: Apr 2010
Posts: 8

Original Poster
Rep: Reputation: 0
The problem reappears every time I open Gmail.
Whenever I scan my laptop after having opened Gmail clamav detect this file:
winnow.compromised.ts.jsexploit.5.UNOFFICIAL
So what does that mean?
 
Old 05-12-2010, 11:20 AM   #5
lahqash
LQ Newbie
 
Registered: Apr 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Gmail and winnow.compromised.ts.jsexploit.5.UNOFFICIAL malware

Whenever I scan my laptop after having opened Gmail Clamav detect this file in the cache of firefox:
winnow.compromised.ts.jsexploit.5.UNOFFICIAL
What does that mean?
Is it serious?
THANKS
 
Old 05-12-2010, 11:34 AM   #6
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,929

Rep: Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670Reputation: 2670
Quote:
Originally Posted by lahqash View Post
Whenever I scan my laptop after having opened Gmail Clamav detect this file in the cache of firefox:
winnow.compromised.ts.jsexploit.5.UNOFFICIAL
What does that mean?
Is it serious?
THANKS
It means that Clamav found a virus/exploit script. Either clean it or delete it.

What version/distro of Linux are you using?
 
Old 05-12-2010, 11:42 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,541
Blog Entries: 54

Rep: Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924
Quote:
Originally Posted by lahqash View Post
this is the second time
Creating two threads for the same topic is not useful or necessary: threads merged.

Last edited by unSpawn; 05-12-2010 at 06:33 PM. Reason: ...
 
Old 05-12-2010, 05:20 PM   #8
lahqash
LQ Newbie
 
Registered: Apr 2010
Posts: 8

Original Poster
Rep: Reputation: 0
OK
Tank you
I use ubuntu 10.04
This problem is persistent, and it is bound to gmail
I delete the virus, but it reappears when I open gmail on firefox or on prism
 
Old 05-12-2010, 05:32 PM   #9
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,733
Blog Entries: 12

Rep: Reputation: 457Reputation: 457Reputation: 457Reputation: 457Reputation: 457
Try clearing the Firefox cache and cookies. Might want to use NoScript to block unneeded scripts as well.

I use Gmail all the time have never seen this.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4
 
Old 05-13-2010, 06:45 AM   #10
lahqash
LQ Newbie
 
Registered: Apr 2010
Posts: 8

Original Poster
Rep: Reputation: 0
with NoScript I can not acces to Gmail in standard view; only basic html view is available
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Prob. with gmail It's that time of day. Gmail aims to help you in many ways..." frenchn00b General 1 04-10-2009 05:27 PM
[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 22 08-17-2008 02:05 PM
May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 1 06-12-2008 06:10 AM


All times are GMT -5. The time now is 04:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration