Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a dual boot computer. The WindowsXP "side" has been infected with a rootkit virus. So far UBUNTU has not been affected to my knowledge. I have not yet been able to remove the virus from the WindowsXP "side". I am thinking of deleting the NTFS partition and have the computer fully dedicated to UBUNTU.
Now for my question. Is there a possibility that the virus resides in the MBR and that I need to "rebuild" the MBR to actually remove the virus?
Even more extreme, should I totally re-install UBUNTU in the name of safety and precaution.
Viruses written for windows won't work on Linux and AFAIK, the reverse is also true. So, do you boot both systems with the xp bootloader or with Ubuntu Grub? If the latter, I would not expect it to be a problem. It is a simple process though, to re-install Grub which would overwrite your mbr.
Reinstalling Ubuntu I beleive, would be unnecessary and total overkill.
Viruses written for windows won't work on Linux and AFAIK, the reverse is also true. So, do you boot both systems with the xp bootloader or with Ubuntu Grub? If the latter, I would not expect it to be a problem. It is a simple process though, to re-install Grub which would overwrite your mbr.
Reinstalling Ubuntu I beleive, would be unnecessary and total overkill.
Thanks for the response. I do not know all the steps of the boot process. Looks like GRUB is used to boot either system based on the screens presented. To get into Windows, I have to scroll down to that option otherwise it just goes directly into Ubuntu.
My fear, even though it is a windows virus, is that if it is left on a LINUX based system that it could still be spread to windows based systems. This concern could be unfounded, but in real life some people who carry a virus don't get sick, but can still spread the disease.
Re-installing GRUB sounds like the appropriate solution. Now to read-up on that.
You did not indicate which version of Ubuntu you are using. If you are using 9.10 or newer, you have Grub2. This site has instructions on updating Grub2. If you are using an older version of Ubuntu with Grub Legacy, the instructions won't work.
You did not indicate which version of Ubuntu you are using. If you are using 9.10 or newer, you have Grub2. This site has instructions on updating Grub2. If you are using an older version of Ubuntu with Grub Legacy, the instructions won't work.
A MS Windows needs to load a driver before it can read a Ext2/3 partition so there is no chance a virus on its own from a unbooted MS Windows can affect a Linux.
Also Ubuntu does not have a root user account and a user does not own the system files. Therefore as long as you are not in root your Ubuntu is safe.
Grub2 is the default Ubuntu 10.04 boot loader supplied in binary form. Virus cannot get inside to change the binary code. If a damage were inflicted it could possibly cause Grub2 unable to boot.
A MS Windows needs to load a driver before it can read a Ext2/3 partition so there is no chance a virus on its own from a unbooted MS Windows can affect a Linux.
Thanks. A sigh of relief. I have WindowsXP running again, but I am still going through some steps to verify whether the virus is still there.
Slow and tedious.
The MBR is only 512 bytes large. Out of that the partition table took up 64 bytes. Whatever is left generally can do very little.
MS Windows' MBR does only one thing in life and that is to check the 4 primaries and boot whatever one having the booting flag switched on (marked "active" in Windows or "bootable" in Linux).
When Grub is used to dual boot. The MBR is from Grub. Windows MBR would have been overwritten. Grub's MBR has only one task to perform and that is to load the second stage of Grub. The second stage of Grub is the real intelligence.
In Grub1 stage1 is 512 bytes and stage2 is about 125k. The second stage of Grub is always inside the system partition in the /boot/grub subdirectory.
Grub2 has the equivalent of boot.img in 512 bytes and core.img is only 24k large.
An infected Windows NTFS partition should have little effect to change Grub which is a system-own and cannot be changed by any user other than root.
Reinstalling Grub1 or Grub2 only rewrite the first 512 bytes.
Really good information. So far the WindowsXP mode for this computer now seems virus free thanks to the help at the Elder Geek. I seldom use WindowsXP on this computer. It is meant as a "backup" or "second" computer. But then it took only one bad something to catch a virus, even though there was an anti-virus program in operation.
Using Linux (Ubuntu) as the primary operating system.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
