Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
You probably didn't do it right, so here's what I do to clear the whole USB stick of anything:
/dev/sda1: UUID="d43621ad-2877-4c1c-90bf-461c12067d8d" TYPE="jfs"
/dev/sda2: TYPE="swap" UUID="b5b58ff7-cb54-4a27-9b24-e01d50af61f9"
/dev/sdb: UUID="4870-A1C6" TYPE="vfat"
bash-3.1# dd if=/dev/zero of=/dev/sdb
dd: writing to `/dev/sdb': No space left on device
2080769+0 records in
2080768+0 records out
1065353216 bytes (1.1 GB) copied, 230.817 s, 4.6 MB/s
bash-3.1# mkdosfs -I -F 32 /dev/sdb
mkdosfs 2.11 (12 Mar 2005)
That's it, then I mount /dev/sdb as usual and it works fine.
Is it so: I insert the stick, the virus copies itself onto the stick. The anti virus then tells me there is a virus? In that case, how come the anti virus doesn't see it on the library comp?
Anyway, I'll follow your advice to the letter, kill the bugger again. As I said: undead viruses! I have a Zombie!
PS: should the stick be free of everything after treatment, or does the partition table use space? Bcause after zeroing then formatting, there was about 50Kb used. Or was that my friend the virus?
It's possible for the virus to do that and the antivirus could only be able to detect it on the USB stick.
How big is the USB stick ? It may take a while to zero the drive, you're basically writing zeroes to the whole drive. Technically you shouldn't do this too often as it will wear down the drive, but AFAIK there is nothing that can escape this zeroing. The virus would be wiped. If dd is slow, try using a different often larger 'bs=' option for dd. Like 'dd bs=1M if=whatever of=drive'.
Did what you said last night. Worked apart from dd won't talk to me, and was taking so long, I thought it had hanged itself, so I killed the process. After this I re formatted as per your instructions. On remounting, there were 14Kb of the stick in use. Is that the partition table? Or leftover from dd being killed?
And: today, in the library, got it again. Must remember to use gmail!
You really should notify the library of the infection. The Conficker worm is a really bad thing, you only have to google a bit for the name to find a lot of info about it. And they are spreading it like Typhoid Mary. Normally the worm comes in through an unpatched security leak in Windows (unpatched by the administration, that is: MS issued a patch last October). It will keep Windows from patching, will keep the system from accessing antivirus vendors' sites and getting updates etc. It will also spread scareware. This worm already shut down the communication systems of the British Navy, the French Airforce, 3000 computer in Austrian hospitals and lots more, cleaning up after it often took weeks.
Once it is on a system it infects removable media like your stick by writing auto-executing information on it, which will then go on to infect any Windows computers the stick gets connected to. This infects even systems which already have the MS patch.