Virus in SuSE linux
Hi All,
My SuSE system got affected with Funny UST Scandal.avi.exe How can i remove Funny UST Scandal.avi.exe virus from my pc???? Please Help me |
I have never seen a linux pc get affected with virus. And this virus seems to have extension .exe that should not affect linux. Still you can try clamAV for this purpose.
|
Searching on Google, I found this information.
It is a virus infecting Win32. If you don't use wine, then your system isn't infected. Just delete any file with these names if you managed to download them. Quote:
|
Hi
Thanks for quick reply, I too got astonished by seeing virus in my linux pc. There is a continuous file transfer between my linux pc and another system which is Windows. May be through that way it would've got afftected. I tried to delete the "Funny UST" file, but it came back again. Actually three files are there which are getting generated automatically howmuch ever i'm trying to delete them Funny UST scandal.avi.exe xmss.exe autorun.inf Please reply |
Show us the file perms etc eg:
ls -lt and show us how you tried to remove them. Either that didn't work or the MS side is still infected. Have you cleaned it? |
All these files have extensions that are windows specific and should not harm linux. But as jschiwal suggested, if you run wine then may be you will have to take care. Have you tried ClamAV just to take precaution ?
|
The output of the ls -lt before deleting 'Funny UST... ' and after deleting is as given below:
sysop@SUSECOMP:~/Events> ls -ltr total 652 -r-xr--r-- 1 root root 229489 2007-11-16 14:45 xmss.exe -rwxr--r-- 1 root root 229489 2007-11-16 14:45 Funny UST Scandal.avi.exe drwxr-xr-x 4 sysop users 4096 2008-01-17 04:14 2007 -rw-r--r-- 1 root root 1064 2008-04-10 10:25 Seiscomp3_ftp_570.sh -rw-r--r-- 1 sysop users 1057 2008-05-12 06:15 Seiscomp3_ftp.sh -rwxr--r-- 1 sysop users 1490 2008-07-25 05:21 history -r-xr--r-- 1 root root 144 2008-08-04 07:29 autorun.inf -rw-r--r-- 1 sysop users 40977 2008-08-05 01:08 ev080805005145.history -rw-r--r-- 1 sysop users 3904 2008-08-05 01:08 ev080805005145 -rw-r--r-- 1 sysop users 30363 2008-08-05 01:20 ev080805010110.history -rw-r--r-- 1 sysop users 3368 2008-08-05 01:20 ev080805010110 -rw-r--r-- 1 sysop users 3745 2008-08-05 02:33 ev080805020101 -rw-r--r-- 1 sysop users 35808 2008-08-05 02:33 ev080805020101.history drwxr-xr-x 10 sysop users 4096 2008-08-05 07:00 2008 sysop@SUSECOMP:~/Events> rm -f Funny\ UST\ Scandal.avi.exe autorun.inf xmss.exe sysop@SUSECOMP:~/Events> ls -ltr total 184 drwxr-xr-x 4 sysop users 4096 2008-01-17 04:14 2007 -rw-r--r-- 1 root root 1064 2008-04-10 10:25 Seiscomp3_ftp_570.sh -rw-r--r-- 1 sysop users 1057 2008-05-12 06:15 Seiscomp3_ftp.sh -rwxr--r-- 1 sysop users 1490 2008-07-25 05:21 history -rw-r--r-- 1 sysop users 40977 2008-08-05 01:08 ev080805005145.history -rw-r--r-- 1 sysop users 3904 2008-08-05 01:08 ev080805005145 -rw-r--r-- 1 sysop users 30363 2008-08-05 01:20 ev080805010110.history -rw-r--r-- 1 sysop users 3368 2008-08-05 01:20 ev080805010110 -rw-r--r-- 1 sysop users 3745 2008-08-05 02:33 ev080805020101 -rw-r--r-- 1 sysop users 35808 2008-08-05 02:33 ev080805020101.history drwxr-xr-x 10 sysop users 4096 2008-08-05 07:00 2008 sysop@SUSECOMP:~/Events> ls -ltr total 652 -r-xr--r-- 1 root root 229489 2007-11-16 14:45 xmss.exe -rwxr--r-- 1 root root 229489 2007-11-16 14:45 Funny UST Scandal.avi.exe drwxr-xr-x 4 sysop users 4096 2008-01-17 04:14 2007 -rw-r--r-- 1 root root 1064 2008-04-10 10:25 Seiscomp3_ftp_570.sh -rw-r--r-- 1 sysop users 1057 2008-05-12 06:15 Seiscomp3_ftp.sh -rwxr--r-- 1 sysop users 1490 2008-07-25 05:21 history -r-xr--r-- 1 root root 144 2008-08-04 07:29 autorun.inf -rw-r--r-- 1 sysop users 40977 2008-08-05 01:08 ev080805005145.history -rw-r--r-- 1 sysop users 3904 2008-08-05 01:08 ev080805005145 -rw-r--r-- 1 sysop users 30363 2008-08-05 01:20 ev080805010110.history -rw-r--r-- 1 sysop users 3368 2008-08-05 01:20 ev080805010110 -rw-r--r-- 1 sysop users 3745 2008-08-05 02:33 ev080805020101 -rw-r--r-- 1 sysop users 35808 2008-08-05 02:33 ev080805020101.history drwxr-xr-x 10 sysop users 4096 2008-08-05 07:00 2008 sysop@SUSECOMP:~/Events> |
Yeah, i was going to say you need to cleanup the MS system first, looks like its still installing that virus from somewhere.
The fact that they are owned by root is very bad. You should never allow systems to accept remote logins etc via root acct. |
I second it about root access. If you are offering a share on the Linux machine, then the Windows machine is probably replicating itself in any drive it has write access to on the network. A common and very dangerous mistake some people make is to share the C:\ drive in Windows. Only share services you need to. Never share a system directory.
I would recommend creating a new group to match your username and make that your default group. SuSE's default of "users" being the default will allow any user to read your files. You will probably need to reinstall Windows on that machine and disconnect it from the network until you are done. You can't reliably remove viruses any more. I don't think it is legal in Unix/Linux to have uppercase letters in a hostname. It looks pretty sloppy as well. |
Hi
Thank you very much for your great help. I've installed ClamAV, now the virus has been removed. I've one small doubt, How can i find my outgoing IP address for Linux system |
I've installed ClamAV, but still that virus has not been removed.
How to disinfect the virus "Funny UST .... " using ClamAV? Thanks in advance |
nanda22,
visit this site: http://whatismyip.com your linux box is not 'infected'. You need to disinfect the windows box. So you CANNOT get rid of the problem from linux. (Re)read what jschiwal posted. |
Quote:
thank you I know about this "whatismyop.com" but there is no internet connection to that system |
nanda22,
well you need to give more information about your setup. Do you mean just to that site or to the internet period? You are obviously connected to the internet. you can also try: http://www.checkip.org or just google for "what is my ip" |
Nanda22, please don't post the same thread twice.
http://www.linuxquestions.org/questi...s-help-661053/ Please use this thread for continued conversation. |
All times are GMT -5. The time now is 12:47 PM. |