LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-24-2009, 06:50 AM   #16
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 14.04
Posts: 1,384

Original Poster
Rep: Reputation: 42

Did that, zeroed it, then formatted using gparted. Now it doesn't appear: fdisk -l shows only the harddrive, no sdb1 Oh dear!
 
Old 04-24-2009, 07:21 AM   #17
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
You probably didn't do it right, so here's what I do to clear the whole USB stick of anything:

Code:
bash-3.1# blkid
/dev/sda1: UUID="d43621ad-2877-4c1c-90bf-461c12067d8d" TYPE="jfs" 
/dev/sda2: TYPE="swap" UUID="b5b58ff7-cb54-4a27-9b24-e01d50af61f9" 
/dev/sdb: UUID="4870-A1C6" TYPE="vfat" 
bash-3.1# dd if=/dev/zero of=/dev/sdb 
dd: writing to `/dev/sdb': No space left on device
2080769+0 records in
2080768+0 records out
1065353216 bytes (1.1 GB) copied, 230.817 s, 4.6 MB/s
bash-3.1# mkdosfs -I -F 32 /dev/sdb
mkdosfs 2.11 (12 Mar 2005)
That's it, then I mount /dev/sdb as usual and it works fine.
 
Old 04-25-2009, 10:15 AM   #18
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 14.04
Posts: 1,384

Original Poster
Rep: Reputation: 42
Maybe a loose wire in the usb, or it is just a cheap stick. Wobble it a bit, and try it in different ports, and it works.

BUT: stuck it in the library comp today, and the anti virus promptly said: same virus. And it had written an auto forget what .bat or inf to the stick.

Is it so: I insert the stick, the virus copies itself onto the stick. The anti virus then tells me there is a virus? In that case, how come the anti virus doesn't see it on the library comp?

Anyway, I'll follow your advice to the letter, kill the bugger again. As I said: undead viruses! I have a Zombie!

PS: should the stick be free of everything after treatment, or does the partition table use space? Bcause after zeroing then formatting, there was about 50Kb used. Or was that my friend the virus?
 
Old 04-25-2009, 10:27 AM   #19
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 14.04
Posts: 1,384

Original Poster
Rep: Reputation: 42
dd won't talk to me!
Doesn't it have an -v option to make it output something. It is taking forever! Think it has gone wrong!
 
Old 04-25-2009, 10:31 AM   #20
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 14.04
Posts: 1,384

Original Poster
Rep: Reputation: 42
kill -s INFO $5321; wait $5321

This didn't make it output anything either.
 
Old 04-25-2009, 10:51 AM   #21
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by Pedroski View Post
Is it so: I insert the stick, the virus copies itself onto the stick. The anti virus then tells me there is a virus? In that case, how come the anti virus doesn't see it on the library comp?

Anyway, I'll follow your advice to the letter, kill the bugger again. As I said: undead viruses! I have a Zombie!

PS: should the stick be free of everything after treatment, or does the partition table use space? Bcause after zeroing then formatting, there was about 50Kb used. Or was that my friend the virus?
It's possible for the virus to do that and the antivirus could only be able to detect it on the USB stick.

How big is the USB stick ? It may take a while to zero the drive, you're basically writing zeroes to the whole drive. Technically you shouldn't do this too often as it will wear down the drive, but AFAIK there is nothing that can escape this zeroing. The virus would be wiped. If dd is slow, try using a different often larger 'bs=' option for dd. Like 'dd bs=1M if=whatever of=drive'.
 
Old 04-26-2009, 12:43 AM   #22
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 14.04
Posts: 1,384

Original Poster
Rep: Reputation: 42
It's a 2GB stick, cheap one, Kingston.

Did what you said last night. Worked apart from dd won't talk to me, and was taking so long, I thought it had hanged itself, so I killed the process. After this I re formatted as per your instructions. On remounting, there were 14Kb of the stick in use. Is that the partition table? Or leftover from dd being killed?

And: today, in the library, got it again. Must remember to use gmail!
 
Old 04-27-2009, 04:25 AM   #23
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Blog Entries: 14

Rep: Reputation: 35
You really should notify the library of the infection. The Conficker worm is a really bad thing, you only have to google a bit for the name to find a lot of info about it. And they are spreading it like Typhoid Mary. Normally the worm comes in through an unpatched security leak in Windows (unpatched by the administration, that is: MS issued a patch last October). It will keep Windows from patching, will keep the system from accessing antivirus vendors' sites and getting updates etc. It will also spread scareware. This worm already shut down the communication systems of the British Navy, the French Airforce, 3000 computer in Austrian hospitals and lots more, cleaning up after it often took weeks.

Once it is on a system it infects removable media like your stick by writing auto-executing information on it, which will then go on to infect any Windows computers the stick gets connected to. This infects even systems which already have the MS patch.

Robin
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
undead distribution kudzu Linux - Distributions 1 10-14-2004 01:16 PM
When it comes to Viruses......??? unixfreak Linux - Security 3 08-27-2004 04:51 AM
viruses need help citizen_x Linux - Security 6 04-30-2004 12:57 AM
Viruses teyesahr Linux - Newbie 2 09-09-2003 12:55 PM
undead linux salparadise Linux - Newbie 8 03-28-2003 10:47 AM


All times are GMT -5. The time now is 05:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration