LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 06-11-2008, 08:55 PM   #1
drachenchen
Member
 
Registered: Feb 2006
Location: Kalamazoo, Michigan, in what used to be the USA
Distribution: (Ex-Ubuntu due to Unity), Debian Squeeze, Bodhi w/ E-17 "Stable", MacPup525, Legacy (TeenPup) Live
Posts: 43

Rep: Reputation: 34
May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix


Howdy.

Me:

Barely post-newbie, came to linux from Mac and then Windows, have been using Ubuntu almost exclusively for just over a year. Good brain for problem-solving, still on the steep side of the Linux learning curve, and a mostly cook-book level of CLI use.

System:

Asus mobo, 1.6GHz, 1.5GB, Intel 32, running Ubuntu Fiesty (7.10), and Firefox w/Adblock, Fasterfox, NoScript, and Ubufox extensions (I think it's version 2.0.0.3, but I'm not sure, and I don't dare open it to check the version, as it will probably mean shutting down the box for ANOTHER hard boot. I have recently had a very occasional BIOS beep code for "video ram or video card problem", but it's an older box, and I've been living with it. I don't think this is related to the current problem.

Problem:

I was tired, chasing down info about HTML, and allowed NoScript temporary permission to run a script on a site that seemed harmless enough, and wasn't loading the content promised. Got an immediate freeze on the page, had to push the big button on the box-front. Cursing ensued. Since then, standard Ubuntu programs I try to use gradually grind to a halt, with the error message that the "(program) is not responding". Waiting doesn't help. I have to "force quit". Firefox is the hardest hit, but I can't even get a Gnome terminal. I have to hit alt-F2, and type in "xterm" to get any terminal at all. At boot, the login system sound repeats, and the screen flashes twice, as though it were loading an extra desktop. Overall performance would also suggest this. The Firefox logo on the application bar above the desktop comes and goes, sometimes replaced by the Opera logo, which is not the default browser. At the last boot attempt, the desktop did not load either of the taskbars. Opera is able (-so far!) to stay up and function normally. Bless Norway.
Also, I haven't backed up the last few days work coding web pages off-site, or even off the computer.

What I've done so far:

Typing in terminal, "ps -AT", and "top", I learned that there was a zombie process running. Found a zombie-hunting code string on the web, posted by someone gobs more knowledgeable than me, and used it. Found a process ID, and typed "kill -9 (process#)". This does not seem to have fixed the problem AT ALL.

I've been all day trying to fix this. I'm not much good at the command line. My web searches just turned up gobs of Windows apps, Windows articles with some passing reference to Linux, and two-year-old happy talk about how Linux is bomb-proof, and you'll never have to worry about malware. The few articles I found that seemed like they might touch on the problem swiftly descended into opaque (-to me!) technical jargon.

This may not be about malware. I'm barely ignorance-deficient enough to realize that I may be reading this entirely wrong. However... It sure as Hel reminds me of when my old Windows partitions would pick up something nasty, before I learned about Spybot S&D, Avast, etc. The behavior of this box is very similar, if you'll pardon the anthropomorphizing. It's not the slowness that I notice so much as the unpredictability. That, and the fact that Opera continues to run fine, leads me to think of malware, targeting the ever-more-popular Firefox.

What I'm really after is some sort of comprehensive approach to detecting and cleaning up whatever the problem is. I've already spent much of the day cursing myself for getting sloppy with NoScript, but if anyone really feels the need to give me more grief on that score, be happy.

Most of my box is backed up, and could be re-loaded. The main thing I want to salvage are the web pages I've been working on for the last week, and my bookmarks. If I could do that, I'd be fine if the fix involves burning down the HDD, re-installing, and then listening to stern admonishments to "Never, EVER do that again!" Any help on this would be greatly appreciated. In particular, if anybody could recommend good Linux malware-killing tools?

One thing just occurred to me. In Ubuntu, is the default password / user setup essentially "running as root"? If so, I may have to fix that somehow. Anyway, thanks in advance! Later.

-drachenchen
 
Old 06-12-2008, 06:10 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
This thread is a duplicate, so I'm closing it.

Last edited by win32sux; 06-12-2008 at 06:11 AM.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic javascript injection - Malware kentsbest Linux - Security 4 08-04-2007 11:53 PM
LXer: Can the malware industry be trusted? LXer Syndicated Linux News 0 06-08-2006 12:54 AM
Spyware / Malware Threats? carlosinfl Linux - Security 5 11-24-2005 09:57 AM
Spyware/Malware Content filtering? Kaashar Linux - Security 16 03-31-2005 11:06 PM
Linux malware on the go TigerOC Linux - Networking 3 11-07-2004 03:31 AM


All times are GMT -5. The time now is 01:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration