LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 02-07-2005, 02:39 PM   #1
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Rep: Reputation: 30
I found a virus on the bit torrents for 10.1


I am wondering what I should do. The virus is from the NutCracker family. I use avast antivirus.

I am on windows right now so I dunno if I should leave it or delete it.

the name of the file is

Code:
slackware-10.1-iso\slackware-10.1-install-d2.iso\slackware\kdei\kde-i18n-pa-3.3.2-noarch-1.tgz\kde-i18n-pa-3.3.2-noarch-1.tar\opt\kde\share\locale\pa\LC_MESSAGES\kio_fish.mo\PartNo_0


Can anybody help?

Last edited by XavierP; 02-07-2005 at 03:33 PM.
 
Old 02-07-2005, 02:50 PM   #2
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Man the m5d sum in the folder I downloaded was

9a0e09366da25e55fdba3fe1bed76a23

the accuall iso md5 is

a2107b27fe8b427e934ef99623851c95
 
Old 02-07-2005, 02:55 PM   #3
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Report it to whoever you report these things to.
 
Old 02-07-2005, 02:58 PM   #4
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Well I just emailed somebody at slackware since they are hosting the torrents and it's kinda impossible to play with a torrent and put a virus in it.
 
Old 02-07-2005, 03:17 PM   #5
Phathead
Member
 
Registered: Sep 2003
Distribution: Slackware 10.1, Slamd64 10.1, IpCop 1.4
Posts: 125

Rep: Reputation: 15
According to

ftp://ftp.slackware.com/pub/slackwar...all-d2.iso.md5

the md5sum is: 9a0e09366da25e55fdba3fe1bed76a23 slackware-10.1-install-d2.iso

That's the same as the file I downloaded via Bittorrent.

Either both are compromised or you have a bad md5 file. No way for me to know which is the case. I don't have anti-virus on my Slack box (for obvious reasons). There is a high probability that you have a false positive from your AV program. I'm sure a lot of code that KDE uses might look like a Windows virus according to heuristics.
 
Old 02-07-2005, 03:55 PM   #6
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Well I am just going to go ahead and burn them since I won't be running them just burning onto cd and then using with linux which as we all know, windows virus's do nothing to linux.

I also finished the first cd and the md5 sum is also wrong.

weird stuff.
 
Old 02-07-2005, 04:04 PM   #7
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,617

Rep: Reputation: 136Reputation: 136
Just don't install kde-i18n-pa-3.3.2-noarch-1.tgz if your antivirus reports only it
(Punjabi language support for KDE)
 
Old 02-07-2005, 04:51 PM   #8
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
I won't but a windows antivurs caught this virus, not a linux one. Windows virus's don't do anything to linux.

lol
 
Old 02-07-2005, 10:28 PM   #9
element-x
LQ Newbie
 
Registered: Feb 2005
Distribution: slackware
Posts: 2

Rep: Reputation: 0
A couple of things (from being an unofficial mirror of slackware):

Where did you download the .torrent files from?
Did you use the format `md5sum -c slackware-10.1-install-d1.iso.md5` (et. al for the other iso's)?, if not, please do, and make sure you get an "OK" output. Just to double check, you may want to download the .md5 files from a trusted source. slackware.com/osuosl/tds/vtu (myself, although I'm rather low on the bandwidth meter).
And Lastly,
Who did you "email at slackware"?

Silly rumors start from posts like this, so please be wary of what you say, people may actually believe it without any proof.

If you can post your answers to the questions above that would be great, hopefully you don't feel offended that I might be asking silly questions, but it would be good to know where the source of the problems are.

Thanks,
ex

p.s.

pub/mirrors/slackware/slackware-10.1-iso$ find -name "*.iso" -exec md5sum {} \;
d4f98d815fbd94488abf33f7db0df820 ./slackware-10.1-install-d1.iso
9a0e09366da25e55fdba3fe1bed76a23 ./slackware-10.1-install-d2.iso
f8dd411e7f2d7ec7d0fc878487b8007b ./slackware-10.1-source-d3.iso
f1715933c42f9e21be59ff9ec293af1a ./slackware-10.1-source-d4.iso

pub/mirrors/slackware/slackware-10.1-iso$ cat *.md5
d4f98d815fbd94488abf33f7db0df820 slackware-10.1-install-d1.iso
9a0e09366da25e55fdba3fe1bed76a23 slackware-10.1-install-d2.iso
f8dd411e7f2d7ec7d0fc878487b8007b slackware-10.1-source-d3.iso
f1715933c42f9e21be59ff9ec293af1a slackware-10.1-source-d4.iso

If need be, run `gpg --verify foo.asc` on each of the iso's, to re-check them.

All else fails, rsync your 10.1-iso's with one of the mirrors, official or unofficial(those listed on alphageek's web site) and you should be set afterwards.

Last edited by element-x; 02-07-2005 at 10:48 PM.
 
Old 02-08-2005, 02:43 PM   #10
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Ok. I am on windows do I didn't use any of those commands for checking the md5. I used a program called winMd5Sum

I got the torrents from slackware.com

I emailed the tech support at slackware to let them know, which was support@slackware.com

I checked the md5 sums of all the cd's and they were all wrong.

I burnt the images to cd and installed 10.1 with no problems.

I scanned the ISO files with housecall from trendmicro and they showed it didn't have a virus.

Also 1 more thing. I was on WINDOWS when my virus scanner said it was a virus. I wasn't on linux. If you are on linux, you don't have to worry since windows virus do nothing to linux.

Just to clear up a few things. I wasn't trying to scare anybody. I was just asking what to do.

btw I never got a reply from slackware yet

edit: I am not offended that you asked me those questions. I am happy to give you a reply.

Last edited by cereal83; 02-08-2005 at 02:45 PM.
 
Old 02-08-2005, 04:21 PM   #11
Okie
Member
 
Registered: Mar 2002
Location: Oklahoma
Posts: 964

Rep: Reputation: 34
i think either your antivirus is showing a false positive, or your windows os is infected and somehow infecting your ISO as it is downloaded to your computer...

i downloaded the same ISOs thru bittorrent from Slackware.com yesterday and my MD5s match...

P.S. i do not have windows as i consider it too vulnerable to be allowed on my computers...

MS-Windows = Bad Karma
 
Old 02-08-2005, 04:48 PM   #12
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Well I emailed the antivurs yesterday about it and they said it's common and it is a false positive and it happens because some of the coding in kde sets off the antivurs and there is nothing really they can do about it because if they take that virus definition out, some virus's will be able to pass the antivirus.
 
Old 02-08-2005, 07:06 PM   #13
element-x
LQ Newbie
 
Registered: Feb 2005
Distribution: slackware
Posts: 2

Rep: Reputation: 0
Glad to have it all resolved
 
Old 02-08-2005, 08:14 PM   #14
ruidh
LQ Newbie
 
Registered: Jan 2005
Posts: 24

Rep: Reputation: 15
Quote:
Originally posted by cereal83
Well I emailed the antivurs yesterday about it and they said it's common and it is a false positive and it happens because some of the coding in kde sets off the antivurs and there is nothing really they can do about it because if they take that virus definition out, some virus's will be able to pass the antivirus.
A lkikely excuse.
 
Old 02-08-2005, 08:33 PM   #15
killerbob
Member
 
Registered: Oct 2004
Location: Ottawa, ON
Distribution: Slackware
Posts: 662

Rep: Reputation: 30
Quote:
Originally posted by cereal83
I won't but a windows antivurs caught this virus, not a linux one. Windows virus's don't do anything to linux.

lol
"Windows" antivirus, as in Microsoft? I'm surprised it didn't say the whole ISO was one big virus.



Glad everything is working alright. Me, I just updated the image on my NFS server and did a reinstall (from scratch) on my laptop. Didn't like the drive configuration anyway, and figured it was as good a time as any to fix it. The only weird thing I'm getting is on first boot, insmod complaining about a whole bunch of files with improper configuration. probably not something I really need to worry about, and I'm not in front of the laptop to fix it anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How use Bit Defender anti virus izquierdista Linux - Security 1 06-02-2005 03:09 AM
Mysql Server ...virus Attack Found ! my-unix-dream Linux - Newbie 9 05-15-2005 12:35 PM
What is the difference between downloading from Mirror and Bit Torrents? anindyanuri Linux - Networking 14 04-12-2005 09:45 PM
Sound Blaster Live 24-bit detected, but device not found gangeskhan Linux - Hardware 14 12-07-2004 05:58 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration