[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: In a Fascist nightmare that used to be the USA. Said Fascist nightmare currently infiltrating the Internet, my other place of residence.
Distribution: Debian 10 (only to run Blender), Devuan Chimaera (for everything else)
Posts: 46
Original Poster
Rep:
Howdy, all.
OK, I'll start a new thread in "General" with a link here. jim18, and unSpawn, I appreciate that this should be salvageable, and that I would learn far more by sussing out the actual problem, but I am also under time pressure here. I need to get a working system up, soon, and going back to the old abuser (Windblows partition) after this much time away would feel stupid. That, and there's all the work I've done in Linux that XP doesn't even know exists. That's the only reason that the immolation option is so far up my list.
That being said, I tried using "fsck -f" from a PCLinuxOS live CD, and got no error messages for either root or home. Root had 1.2% non-contiguous, and home had 2.2%. This for a partition that's been running more than a year. I got help from a buddy over the phone to get from the live CD to the actual system. He thinks that I should investigate the video card next. Another friend has already handed me a back-up video card to try, so I may be doing the hardware swap dance tonight. If I only get one listing for the new card in my POST, and the freezes stop, then I think I can call it a bad video card. If not, I figure that might narrow it down to either X-windows or Gnome itself.
jim18, you also suggested wiping user data and desktop preferences, but I'm running Gnome, not KDE (better help files, IMHO). I have them backed up, so I can't imagine it would hurt anything to lose them. Damn. Alt-F2 just failed to open for the first time. I think I'm going to sign off now, and see if I can get a terminal somehow. Good thing Opera still works. I'll try to get that "General" post up yet tonight. Thanks, everybody. Later.
Generally speaking, "the worst thing that might have happened to you" is that your particular instance of Firefox might be "thoroughly hosed-up." But...
"The best that Firefox can ever hope for" is "to run as 'you.'" Since your privileges and access rights are not "exceptional," neither is Firefox's.
"The Linux system, itself," is off-limits, because you do not have the necessary permissions to affect it. There is no "all-encompassing Registry" in the Linux system.
In the very-worst case imaginable, Firefox (in your case only...) might be trying to run some malicious program. And so guess-what... it has to be looking at settings in the .mozilla directory in your own home-account!
So, if you like, try rm -rf .mozilla
Poof... everything that Firefox might possibly be looking-at, when running on your own account in your own session with your own privileges, is now "gone."
Since you do not have "special privileges," Firefox also does not.
And this, of course, is the major distinction between "the typical status-quo on Linux" and "the typical (up to now...) status-quo on Windows": you do not have 'special privileges.'
If you are running in a Windows environment, simply make sure that you are logged-on as a "limited user." Not an Administrator... not even a "power user." Just an Ordinary Joe.
Linux... ditto.
OS/X... ditto.
Problem solved.
"A program, no matter how 'malicious,' that is confined to you and you alone, is (in the presence of suitable backups...) "toothless."
The "virus vendors" have worked long-and-hard to draw a "biological analogy" with regard to malicious software.
They call them "viruses," and talking about "contracting" them.
Okay, if you-or-me happen to be in the presence of (say) the Ebola virus and we happen to inhale at the wrong instance, we could be In A Heap O' Trouble. Our biological space-suits are unfortunately "built that way."
A computer, on the other hand, is not.
"A program," after all, "is a program." Nothing more; nothing less. It's not smart, it's not clever. It cannot run with any more privilege nor access-rights than we have. (Oh, it might find some operating-system hole, but "not bloody likely.")
Never mind that, historically, millions of uninformed Windows-users went flying with their pants down. Even for the Windows community, "those days are gone."
Location: In a Fascist nightmare that used to be the USA. Said Fascist nightmare currently infiltrating the Internet, my other place of residence.
Distribution: Debian 10 (only to run Blender), Devuan Chimaera (for everything else)
Posts: 46
Original Poster
Rep:
Problem solved!
Howdy! Problem solved!
I know I was going to post to "General" with a link back to this thread, but it seems pointless to do so, now that I've reached the end.
First thing that I did: pulled the ATI Radeon AGP card, and slotted an Nvidia card I got from a friend. Loaded the drivers, set the resolution, re-booted just to make sure, pulled up xterm and checked dmesg. Hooray! -only one copy of video card at boot-up. Pulled up Firefox, ready to open several windows, and -- same problem as before.
NOTE: I should have learned my lesson by now. In the trouble-shooting process, ALWAYS start with possible hardware issues, as they may narrow down your software issues by gobs.
So, not the video card... -which could put it to some sort of x-server problem. Maybe the desktop, but it was displaying everything as usual. Then I thought about unSpawn's advice: "The essence is to not fight perceived symptoms but find the cause."
Right. I perceived a video problem because it was the biggest batch of symptoms, but I hadn't reasoned it out. Opera was running fine, and it was using x-windows, and the same video card as everything else. It was also not an integral part of the Gnome desktop, or the Ubuntu base system. So, I turned back to jim18's advice about wiping the desktop configuration files. I went surfing and found this on one of the Ubuntu forums in a thread about similar, but more extreme, problems such as I had:
"Re: gnome-settings-daemon crashing on login
Quote:Originally Posted by elreteipos
So you're saying that you cannot log in with your admin account because gnome-settings-daemon crashes every time? In that case, try this:
When at the login screen, press CTRL+ALT+F2.
Log in using your admin account.
Type cd ~
Type mv .gconf .gconf.old
Type mv .gconfd .gconfd.old
Type mv .gnome .gnome.old
Type mv .gnome2 .gnome2.old
Type mv .gnome2_private .gnome2_private.old
Type mv .metacity .metacity.old
Type mv .nautilus .nautilus.old
Type mv .gtkrc-1.2-gnome2 .gtkrc-1.2-gnome.old
Switch back to the login screen by pressing CTRL+ALT+F7.
Press CTRL+ALT+BACKSPACE. Don't worry, the login screen will come back in a few seconds.
Log in.
Did that work?
Also worked for me. I had tried the other suggestions about xrandr and xserver, but those didn't do it. This did!"
My local linux guru suggested that I perform all this from a live CD, running as root, and so I booted from the PCLinuxOS live CD that he gave me, and just did the "mv" part of the above procedure from my installation's /home directory.
Re-booted, Gnome re-generated the files, and there I was, with a working system, that unfortunately was missing all my customization. I hadn't realized, how much customization.
Found another thread suggesting to move the files renamed ".whatever.old" back onto their originals, and tried that, only to end up with, for instance, ".gconf.old" in the new, regenerated ".gconf" directory, and a return of the problem with program and window hangs. Probably, I should have read "man mv" before using the mv command on my own, eh?
So, if you're a still a CLI noob, like me, the solution is:
1) Boot from a live CD, and open a terminal window, and change to root user, if you aren't already.
2) Navigate to your installation's /home directory (-not the live CD's /home!). On mine, this was found at /mnt/hdb1/home from the live CD.
3) Rename the desktop configuration files, as above, using the mv (move/rename) command, exit the live CD, and restart, so Gnome makes fresh new configuration files. Check that you have a working generic desktop, if you wish.
4) Restart again, using the live CD. Then, again from your installation's /home directory, mv the ".whatever.old" files back onto the regenerated ones using the -u (update) option. This will copy anything in the "whatever.old" files into the regenerated directories, unless it's already there. That way, you keep the fresh new desktop files, and only write the things that you customized on your desktop back into those directories. I also used the -v (verbose) option, since I like it when the program tells me what it's doing.
To do this, while you are in your installation's /home directory:
Type mv -uv .gconf.old .gconf
Type mv -uv .gconfd.old .gconfd
Type mv -uv .gnome.old .gnome
Type mv -uv .gnome2.old .gnome2
Type mv -uv .gnome2_private.old .gnome2_private
Type mv -uv .metacity.old .metacity
Type mv -uv .nautilus.old .nautilus
Type mv -uv .gtkrc-1.2-gnome2.old .gtkrc-1.2-gnome
Done.
5) Re-boot into your installation one more time, and you should have pretty much all of your previous, customized desktop back, together with programs and windows that actually open and do their job.
Since I've done this, I've tried downloading a Linux .iso image, and this time, the md5 sums check out. Firefox and Thunderbird are back to normal, and I have no problems opening or using other programs.
Thank you to everyone who has offered advice and help on this problem! I've recently used this experience to help with 3 successful "Linux evangelisms". I pointed out that people here are genuinely friendly and helpful, (since nobody's paying them to be), and, that unlike the Windows-style support experience, you tend to actually learn something. CHEERS!
Last edited by drachenchen; 06-26-2008 at 10:11 AM.
Reason: more typos
Location: In a Fascist nightmare that used to be the USA. Said Fascist nightmare currently infiltrating the Internet, my other place of residence.
Distribution: Debian 10 (only to run Blender), Devuan Chimaera (for everything else)
Posts: 46
Original Poster
Rep:
P.S. -I know not to run as root on the Net.
-But on that other issue, you're right, sundialsvcs, many of us tend to use far too many biological analogies, even when we should know better. Obviously, security companies do it to key into basic lizard hind-brain fear, so they can sell their product. Still, I anthropomorphize these damned machines all the time, unless I stop myself. Even when I know it's only strings of code, I've referred to Internet Exploder as being a "virus-laden, malware-infected stake to the heart of the Windows OS". The fact is, that this is a result of incomplete knowledge on my part, but so it goes. If I knew enough about it to converse with security specialists, and software writers, then I, too, could make average people's eyes roll up into their heads whilst accurately describing what's going on. I have non-computer skills that are very in-depth, and I've put plenty of people, including computer "gods", to sleep by trying to explain MY specialized areas of knowledge accurately and in detail. Our technological society long ago became complex, and specialized, to the point where analogies became the only way to communicate between specialties.
I concur, however, with your point that biological analogies are not only inaccurate, (-as they must be!), but misleading. I'll try to work on that in my own communication, and find a more useful set of analogies. Thank you.
Start yourself a file called something like "MY HowTos". Copy and paste the description of how to solve this problem into that file, and just save it in your home directory.
Every time you figure something out, make an entry in your "MY HowTos" file.
The reason is obvious; a year from now if the problem occurs again you might not remember how you fixed it, though you might remember that you DID fix it. Check your "MY HowTos" file to get the answer and save yourself a lot of effort.
My file, called Jims_HowTos, has been in existence since 2001, and contains all kinds of little things that make my life easier, but things that I don't do often enough to remember how to do them.
Came to this thread late in the piece. It does sound like a video card problem and lots of luck with those ATI drivers.
But if it will give you any peace of mind you should run programs like chkrootkit and rkhunter's latest versions. These are the real worry in linux not viruses.
Cheers
PS I have heard rumours that Firefox itself is having problems with freezing, which is why I got on this thread. You could try other browsers like Konqueror, Opera, Epiphany, Nautilus(?).
People in this forum, and, perhaps, others in the GNOME project, might find a comparison of your "working" .gnome (etc.) files with the corresponding .old files.
Since those are all simple text files, if you still have the .old ones around, you could do a diff on them and either post that output here or make a bug report to the GNOME project. (I think that the GNOMEs would be really interested in settings which can cause the problems you described.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.