Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RPM Distros,Mostly Mandrake Forks;Drake Tools/Utilities all the way!GO MAGEIA!!!
Posts: 986
Rep:
system windows /malware question
Hi, I have/had malware that was opening a system window and asking to "active" a link to "live Science" when I used the Network Manager to connect to the internet. I don't have it set to automatic. It would pop up after the Network Managers window of 'network is up' appeared.
I ran clamav and it did not find anything. Intuitively I wanted to remove and reinstall Firefox and there was a new version so I did this. The windows do not appear now.
My question is what program opens up System Windows (dialog boxes) so I can better track down the malware if clam misses it?
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by theKbStockpiler
Hi, I have/had malware that was opening a system window and asking to "active" a link to "live Science" when I used the Network Manager to connect to the internet. I don't have it set to automatic. It would pop up after the Network Managers window of 'network is up' appeared.
I ran clamav and it did not find anything. Intuitively I wanted to remove and reinstall Firefox and there was a new version so I did this. The windows do not appear now.
My question is what program opens up System Windows (dialog boxes) so I can better track down the malware if clam misses it?
...
It sounds like it might have been a Firefox add-on or similar that caused the dialog to pop up.
To my understanding it's either your desktop environment/window manager or X itself, that can bring up dialog boxes. And of course, applications themselves may have different dialog boxes they bring up depending on what's going on with it.
You could look at using a different antivirus program - but I would not recommend using more than one though. You can also use https://www.virustotal.com/#/home/upload to scan any suspect files.
Sorry, I took "windows" in subject literally.
Version?
Code:
Mageia 6 will be supported until January 16th, 2019.
Mageia 5 was supported until December 31st, 2017. More details and advice are available on our wiki page and from our blog.
Mageia 4 was supported until September 19th, 2015.
Mageia 3 was supported until November 26th, 2014.
Mageia 2 was supported until November 22nd, 2013.
Mageia 1 was supported until December 1st, 2012.
Distribution: RPM Distros,Mostly Mandrake Forks;Drake Tools/Utilities all the way!GO MAGEIA!!!
Posts: 986
Original Poster
Rep:
Quote:
was the browser running when the popups came?
Opera and Firefox were open.
I opened one of these links after Firefox warned that it was infecting computers and did the "I know the risks" routine. I really wanted to look at the material and I'm using linux so what the hell. http://www.mytreelessons.com/Drawing...20Thoughts.htm
It could also be consequential and not have anything to do with MyTreeLessons.
I'm quite sure it was a system window and asked if I wanted to 'activate the link' after giving the headline of the webpage and it was always "live Science". It's a nice website by the way.
I'm actually running Mageia 4. I intalled 6 on a laptop and it was the worst mandrake fork I had ever used so updating got put on the back burner for my usual desktop computer. I thought I had a 32 bit system etcetera, but I'm going to try to see if Mageia 6 64bit is okay on this desktop before I bite the bullet and switch over to Fedora or Centos again.
I know I need to get more involved with computer security but I have some other pressing needs to take care of first. Right now I can only react and not be proactive like I should be. I have clam ,wireshark and a few others on this install but I really don't know enough about them to be of intentional use. I would be relying on mostly luck in other words.
yes, the spammers/mal/spywarehackers do their best to make it look "genuine".
from your description, i think it's safe to assume it's a bad browser addon or some such.
just create a new profile, and dlete the old one, and be more careful in the future.
don't allow javascript by default, clean out local files after closing the browser, and of course don't install fishy addons.
Hi, I have/had malware that was opening a system window and asking to "active" a link to "live Science" when I used the Network Manager to connect to the internet. I don't have it set to automatic. It would pop up after the Network Managers window of 'network is up' appeared.
I ran clamav and it did not find anything. Intuitively I wanted to remove and reinstall Firefox and there was a new version so I did this. The windows do not appear now.
My question is what program opens up System Windows (dialog boxes) so I can better track down the malware if clam misses it?
Thanks for your expertise!
The browser "let this happen" so clearing/cleaning the cache and/or profile now and then is pretty common.
Tested backups are suggested as recovery methodology
The "malware" is whatever you were doing at the time, plus Internet.
If you believe the system infected, here's a basic diagnostic technique:
Create a new (unprivilged first...) user on the system.
Log in as the new user. Passive monitoring of the new user... meaning, just use it for a few...no scan, no diagnostics, just use it. Waiting for confirmation via a (dialog boxes)?
Do NOT go back to the site or sites that instigated this.
and tell us how you "ran clamav" exactly.
ClamTK. c-line....?
Change any options before you scanned? PUA? Scan / ?
Yeah, don't as the new user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.