LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-28-2005, 08:02 PM   #1
webwolf70
Member
 
Registered: Feb 2004
Distribution: Windows XP. I gave up with Linux & I left LQ.
Posts: 502

Rep: Reputation: 30
Ran a virus scan, please look at..


I ran F-Prot and this is what I got. All of it is in Windows XP except for one. Could I get peoples thoughts on this? Not sure what to do. Also is there anyway to get F-Prot to delete the infected files when it is scanning? And if I run F-Prot in run level 3 or 1 will it scan the files that it couldn't with this one?

Here are the results....


Search: /
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER

/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest
roy/Recovery/AdRoarPlugin1.zip->wast2.exe could be a suspicious file (encrypted
program in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest
roy/Recovery/BTV1.zip->breg.exe could be a suspicious file (encrypted program i
n archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest
roy/Recovery/BTV2.zip->btvclean.exe could be a suspicious file (encrypted progr
am in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest
roy/Recovery/BTV3.zip->btv.exe could be a suspicious file (encrypted program in
archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest
roy/Recovery/BTV4.zip->breg_inst.exe could be a suspicious file (encrypted prog ram in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest roy/Recovery/CleverIEHookerJeired.zip->Tvm.exe could be a suspicious file (encr ypted program in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest roy/Recovery/CleverIEHookerJeired1.zip->Tvm.exe could be a suspicious file (enc rypted program in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest roy/Recovery/CleverIEHookerJeired6.zip->Tvm.exe could be a suspicious file (enc rypted program in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest roy/Recovery/VMSServer1.zip->vmss.exe could be a suspicious file (encrypted pro gram in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest roy/Recovery/WebRebatesTopRebates1.zip->jkill.exe could be a suspicious file (e ncrypted program in archive)
/mnt/xp/Documents and Settings/All Users/Application Data/Spybot - Search & Dest roy/Recovery/WebRebatesTopRebates2.zip->djtopr1150.exe could be a suspicious fi le (encrypted program in archive)
/mnt/xp/Program Files/Common Files/Java/breg.cfg is a security risk named W32/D ownloader.FE
/mnt/xp/System Volume Information/_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}/RP5/A0000546.exe is a security risk or a "backdoor" program
/mnt/xp/System Volume Information/_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}/RP5/A0000548.exe is a security risk named W32/Downloader.FE
/mnt/xp/System Volume Information/_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}/RP5/A0000549.exe is a security risk or a "backdoor" program
/mnt/xp/WINDOWS/bdonlinescan/libfn.dll.gz could be an archive bomb
/backup/Documents/thunderbird/pk9m1ezp.default/Mail/pop.hotpop.com/Inbox->id04009.zip->document.txt Infection: W32/Netsky.P@mm
/backup/All/Window One/Wolfenstein 4D.exe->(Aspack) is a joke program
/var/lib/urpmi/hdlist.club.cz could be an archive bomb
/var/lib/urpmi/hdlist.Installation CD 2 (x86) (cdrom2).cz could be an archive bomb
/var/lib/urpmi/hdlist.Installation CD 3 (x86) (cdrom3).cz could be an archive bomb
/var/lib/urpmi/hdlist.Installation CD 4 (x86) (cdrom4).cz could be an archive bomb
/var/lib/urpmi/hdlist.main.cz could be an archive bomb
/var/lib/urpmi/hdlist.contrib.cz could be an archive bomb
/var/lib/urpmi/hdlist.jpackage.cz could be an archive bomb
/var/lib/urpmi/hdlist.updates.cz could be an archive bomb
/var/lib/urpmi/hdlist.plf.cz could be an archive bomb
/var/lib/urpmi/hdlist.Installation CD 1 (x86) (cdrom1).cz could be an archive bomb
/home/webwolf/Desktop/Save/other/filelib/Wolfenstein 4D.exe->(Aspack) is a joke program
/home/webwolf/.mozilla/firefox/ph3ww8ly.default/Cache/CC53126Ed01 could be an archive bomb
/boot/initrd-2.6.3-7mdk.img could be an archive bomb
/sys/bus/pci/drivers/parport_pc/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/nvidia/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/EMU10K1_Audigy/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/via-rhine/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/ohci1394/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/agpgart-via/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/ehci_hcd/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/uhci_hcd/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/sata_via/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/pci_eisa/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/PCI IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/VIA IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/SIS IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/SiI IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/Serverworks IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/PIIX IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/Promise IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/Promise Old IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/HPT366 IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/HPT34x IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/CMD64x IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/ATIIXP IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/AMD IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/ALI15x3 IDE/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/serial/new_id Not scanned (in use by another application)
/sys/bus/pci/drivers/imsttfb/new_id Not scanned (in use by another application)

Results of virus scanning:

Files: 242223
MBRs: 0
Boot sectors: 0
Objects scanned: 361043
Infected: 1
Suspicious: 30
Disinfected: 0
Deleted: 0
Renamed: 0


Thanks,
Webwolf
 
Old 01-28-2005, 08:18 PM   #2
ironwalker
Member
 
Registered: Feb 2003
Location: Jersey shore,north
Distribution: Siduction the only way to do Debian Sid!
Posts: 500

Rep: Reputation: 30
So i guess there is no way to run regular antivirus from your windows xp boxen?
There are also online virus scans that will auto scan and detect as well as clean...panda,norton,bitdefender trend etc etc.
the spybot S&D ones are false positives.
I never scanned windows for viri from a nix* box.
If the anti virus is on the nix server and handleing all clients...windows as well....it should do a better job at false positives,self cleaning,and all around detection.
Panda makes an excellent version for nix servers handleing windows clients.

Ok,enough of what I think....problem at hand will be better dealt with over at a great security forum I belong too;

http://www.dslreports.com/forum/security

We have quite a few developers from just about all the big anti viri and anti trojan software that are regulars.
Im sure if you paste this thread there you will get detailed report and what each is.
You can post anonymously or register....better response if ya register
 
Old 01-29-2005, 06:00 PM   #3
webwolf70
Member
 
Registered: Feb 2004
Distribution: Windows XP. I gave up with Linux & I left LQ.
Posts: 502

Original Poster
Rep: Reputation: 30
Thanks for the url. Also I do have an anti-virus with XP. I have Road Runner and they have one that comes with it. I really don't think I will be using it. I used AVG before and it seems to work much better.



Webwolf
 
Old 01-29-2005, 11:54 PM   #4
ironwalker
Member
 
Registered: Feb 2003
Location: Jersey shore,north
Distribution: Siduction the only way to do Debian Sid!
Posts: 500

Rep: Reputation: 30
Im a fan of AVG and I also Use Ewidio anti trojan.....it has a resident real time scanner as well and sometimes catches things that avg doesnt.
Im a fan of the "layered approach" to security.I also use spybot s&d's tea timer....real time spyware catcher and also spywareblaster......another realtime monitor to prevent spyware from ever entering my system.
The reason I go with anti trojan and antivirus on all my pc's is that some do not update signatures of virus and/or trojans....so what one misses the other grabs.Today,anti viri software and anti trojan developers are catching on and adding viri,trojan,and spyware signatures to help make a noobs life easier

Kudos to you for even careing about secureing your pc.....in doing so,you save other people headaches.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Good Linux Virus Scan !!! chuck77 Linux - General 4 09-02-2008 02:54 AM
McAfee Virus scan v4.7 installation problem fredred Linux - Security 1 03-08-2005 10:38 PM
Is there a virus scan software in linux? Itachi Mandriva 12 02-08-2005 07:59 PM
F-prot Anti-virus scan log, suspicous file question. webwolf70 Linux - Security 5 11-16-2004 09:15 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration