I might have an infected Firefox. Often when I click a link to another website I get a placeholder web page "Future Home of a registered domain" and the only identifying mark is a link in the bottom of the page source to
futurehome dotster com/images/transfill.gif
(replace spaces with periods)

I called dotster and they say neither of these two domains are registered to them:
www openngo org
www accessgrid org
I believe them since this has been happening over the past several days on many domains and often the domains will work when I try again after 5-10 minutes. I did not "dotster" listed in a whois search on www openngo org but maybe I missed something? Also I have installed about 40 packages in the past several days in an effort to evaluate some OpenSource software so perhaps one of those was the carrier. No problems with Konqueror so far but only tested briefly.

Please let me know of pointers or if anyone has seen this.
Firefox: 1.5.0.2
[root@www ~]# uname -a
Linux 2.6.9-22.EL #1 Sat Oct 8 17:48:27 CDT 2005 i686 athlon i386 GNU/Linux
Router: old dlink
ISP: nc.rr.com

Thanks,
TimJowers

Is this really true? Is your firefox really infected?

So it seems viruses are getting more and more popular to linux. No wonder why there are so many popping topics about clamav and anti-viruses in the boards these days. Does this has something to do with common distros or with the new compilation techniques of gcc?

I ran rkhunter and clamav but the only issues were on my ro ntfs disk.

//mnt/doze_d/WNTS2/MEMORY.DMP: BDS.VirtualRoot FOUND
...1yet57ib.slt/Cache/66B00C66d01: Trojan.Downloader.JS.Linker.C FOUND

I'll post back if the problem recurrs.

goto the folder /home/usrname/.mozilla/firefox and rename the profiles.ini file. (firefox will create a new one upon startup) I had something similar happen where a script on a website removed my titlebar from firefox. Not sure if my idea will fix your problem but its worth a shot.

Note: to perform the above you might have to login as root, or if in KDE run file manager in Super User mode.

Also as far as I know there are NO Linux specific viruses "in the wild" only in lab tests, but that doesn't mean a Windows virus can't propagate across a Linux platform.

Mike

I tried firefox profiles and renaming the *default user folders. Also cleared cache and everything. Also reinstalled FF as well as Mozilla.

Now the problem occurs for Konqueror, Firefox, and Mozilla for this domain:
http://www.eecis-udel.edu/~ntp/

The page returned has advertisements related to network time which is the subject of this webpage. I also have this result from another computer.
"Oops. There may be an issue with the URL Forwarding service in this domain, ...."
I'd like to hear someone else gets this page.

I've run clamav and also a 'grep -R dotster /' to no avail. Now I'm installing ethereal to really see what is being passed on the network. For the sites I've tried, typically the site comes up but sometimes "an issue with the URL Forwarding service" allows dotster to push ads to me instead. Hmmmm.

Thanks for any feedback,
TimJowers

OK, so now I know this is a hack. Probably to sell ads/links. Haven't had time to locate it but is either in Linux kernel or outside of my system in TimeWarner's network or somewhere.

The symptom is a sporadic advertisement page with lots of links. Has happened on links to google and others. E.g a recent search brought up a page with frame source www.your.com. The basic com identifiers are just filler as they are really pushing ads. These are dynamic so I should be able to trace where they are from and pursue that.
E.g.
http://www.web-cyradm.org/pipermail/...er/015130.html
brought up their ad page. A minute later the link worked.

Another thing to troubleshoot I guess!
TimJowers