Trojan Sasfis
 

HI

I'm relatively new to Linux. I am using CLAM on Linux mint 10 and a recent scan stated it detected the Trojan Sasfis.
The interent appears to state this is a "Windows only" virus. I'm guessing this will do no harm but Id still like to get rid of it. CLAM does not seem to have this capability.

Does anyone have any suggestions on how I can remove it?
Thanks

Moved: as it is not a question about Linux Security this thread is more suitable in the General forum. Your thread has been moved accordingly to help your thread/question get the exposure it deserves.

The best way would be to delete the infected file and download it again from a trusted source, with a new scan after that of course. Since Windows-only viruses can't spread on a Linux platform it obviously has to be in the original file it came in. If it still is there after re-downloading I would refuse to use that software at all.

IIGC this trojan spreads via email and installers. If you find this attached to emails on your Linux file system you could (make a backup and) open the mailbox if it is a plain text file in an editor and edit out the MIME part. If it's installers or executables you just delete them. If you conveniently forgot to mention you scanned your Wintendo partitions instead and it is installed there already check for removal tools from reputable AV firms. Else contemplate nuking your Wintendo installation and re-install from scratch.

Thanks for the responses. The computer infected is a Linux only computer with nothing relating to windows on it. It probably came in via email. The scan keeps saying its in my inbox, although I dont see any unusual files.

Unspawn, your comment made me think to uninstall and then reinstall Thunderbird(email client). Maybe this will erase the Trajan if it indeeed is still within the email directory.

Just make sure that all of your Windows logins are non-Administrator accounts, and that your Windows installations on those computers are up-to-date.

Malware for Windows always assumes what is too-often true: that the users in question are password-free Administrators. In other words, sitting ducks.

But otherwise, the popular term "virus" is entirely a misnomer -- chosen, of course, for marketing reasons. There's nothing biological about a computer program. Computer software installations can be modified without your knowledge i-f you foolishly give yourself the power to make such modifications, but if you "simply don't do that," the program is powerless.

I have 3 email accounts on Thunderbird. Deleting only the infected email account (as well as its inbox) rather than Thunderbird removed the Trojan. I then reinstalled the email account and rescanned. Everything is fine.