I have 4 to 5 viruses every day under UBUNTU / FIREFOX says ClamTK
 

NO FIREFOX TABS OPEN
TIME VIRUS CLEAN 2016-07-18 19:56

LATER ONLY TABS OPEN:
Google
Facebook
Gmail

TIME VIRUS CHECK 2016-07-19 2:28
VIRUSES (ClamTK Home Directory 10,095 Files scanned):
PUA.Doc.Tool.LibreOfficeMacro-1

Seems to not come from the sites, but through the ports, like that famous worm in the early 00's

Is new for me: not in the Mozilla subdirectories but in the LibreOffice subdirectory, usually have 4 to 5 viruses per day in Mozilla subdirectories

I've heard about Basic on Linux. Probably kind of a technological progress or something... It's this or the candlestick.

Yes could be a visual basic macro

Can't find anything useful with "candlestick hack" or "candlestick virus" with google, what do you mean?

CLAMTK sometimes scans more files than othertimes, could be that this time he scanned the most, and alleged virus is a false positive

former scan 9,000 files
last scan 10,000 files

I don't know CLAMTK very well, but now the same installation also scans sometimes only 4,000, 5,000 or 6,000 files in home directory, I scan several times a day, so I noticed this in the reports

PUA is not enabled by default. Don't, or

OK

I do CLAMTK GUI most of the time

if there are viruses found by CLAMTK also: clamscan --remove -r /

also funny first scan only SSD any consecutive scan with same command it suddenly does whole computer (SSD, PHOTO CAMERA USB Stick, harddisk) takes forever ( > 4 hours) 1 Tb

You don't need to scan /

clamav doesn't clean anything. Have you noticed?
Remove and quarantine. you really want to trash your system for a false-positive
because clam-tk with PUA enabled, scanning / gave you the --remove "option"?
Do you think there's a reason to consider what I'm saying?

Worry about your stuff is my advice and you have that command.
Don't waste your time scanning anything that is not "your stuff". Linux can take of itself.

IF PUA.Doc.Tool.LibreOfficeMacro-1 showed up in "your stuff", upload the suspect file to virustotal.com
Clear your browser's cache once in awhile.

man clamscan shows -i is for "infected" and -r is for "report".
Nice and tidy short list of how many, and what/where infection of "your stuff".

clam-tk is just lipstick on the pig.
Don't trust your system to a lipstick wearing pig.

Than I would do:
I want recursive scan and get rid of the viruses, I delete in CLAMTK never quarantine, however if I can help the anti virus movement and must therefore quarantine in order to be able to send them by email to virustotal.com or upload or whatever, I would do that

Do you mean I get a list of viruses and locations, with

I must than upload them to virustotal.com, and manually delete the files? A bit laborious but I'm willing to help

What is "laborious" is scanning / unnecessarily.
Uploading to virustotal.com of a suspect file is just good Linux Admin 101.

Any monkey can delete stuph without investigating. Don't trash your system.

1. dont' scan /
2. Don't scan with PUA
3. Verify backup of your $HOME ("your stuff")
4. clamscan -ir $HOME --remove

Do what you want.

OK Thanks

How do I upload to virustotal.com? From quarantine directory or so? Would be nice if I first quarantined and from that uploaded, then I am already rid of the viruses. Moreover I have then a archive of the infections.

Uh, the "Choose File" button at virustotal.com?
Forget virustotal.
Trash your system, I don't care.

All I intended to say is
don't scan /
don't scan with PUA
delete if you want after independent verification at virustotal.com

Am I not making it clear?
Quarantine? You're using the --remove option.
Stop using the gui, it's useless to you.

Good Luck.

CLAMTK up to now only found PUA, with PUA's viruses system slows down to the point screen gets gray scale and freezes, no LINUX UBUNTU menu anymore, only mouse movement, no functionality

reboot, clamtk scan, delete 4 to 5 PUA's, system behaves normally for a couple of hours, then the next day the whole cycle over again

PUA's like:
html.trojan.agent.37075
html.exploit.cve_2015_1692-1
win.trojan.xored-1

Are these harmless HABITUAL?

I think you're falling into the trap of thinking that Linux is Windows and that ClamAV is picking up Linux viruses. What you are seeing are false positives because you're using a virus scanner mainly meant to pick up Windows viruses on a Linux server to prevent it serving those to Windows machines which may become infected.
Take a step back and explain what it is you are trying to do here. I think it's highly unlikely (though not impossible) that you'll have a virus slowing down your Linux system.

From my experience it helps to remove these PUA viruses, system becomes responsive for a couple of hours again, maybe your right, all I know is that something or someone is messing with my UBUNTU system, could coincidently correlate with the amount of "Windows" viruses, could be intended too to make me think that the cause is these PUA viruses, the fog of war

They're not viruses though.
It's typical when Windows runs slow to think "Oh, no, I must have a virus!" and do a virus scan because that can often be the case in Windows (sometimes it's not the case there either) but under Linux viruses are extremely rare. I could go on about a virus that slows down a system is pointless as it won't make money and a load of other things but the bottom line is that a slow system does not automatically mean that you have a virus (even under Windows).
Take a step back and look at what's happening when your system becomes unresponsive and in what way it is unresponsive. I suspect something like badly-scripted web pages full of rubbish are filling RAM and taking far too many processor cycles.

what is the "candlestick" Uplawski is talking about?

As far as I can tell it is just a phrase, though not one I am familiar with. Doesn't seem to be anything technical to me.

PUA's like:
html.trojan.agent.37075
html.exploit.cve_2015_1692-1
win.trojan.xored-1

can it be that html pua's are active in LINUX too, and win pua's are these windows active only pua's, html is platform independent, could be active and messing with mozilla firefox browser I use, they are in the mozilla software subdirectories

Moreover system crashed again today and I found after reboot and disconnect from internet, clamscan, CLAMTK scan, win.trojan.xored-1 in mozilla subdirectory

I give up. If you want to think that your computer is being filled with viruses and that running Windows anti-virus will help then go ahead.

as 273 said ...

plz STOP being necio !

btw: some mod close this

http://www.whylinuxisbetter.net/item...ndex.php?lang=

:idea:

I think you best focus on the state of the system first: get a grip on performance bottlenecks first and then draw conclusions. If you don't know how then create a new thread, link to it here and at least post full 'top' output together with 'free -h' and '\ps axf -o pcpu,ppid,pid,uid,args' and check /var/log/messages or equivalent for any errors there.

that went --- whoosh over your head ?

i got a great laugh from it

well the non funny break down of the JOKE
#1

technological progress or something
-- hi tech things like COMPUTERS and LED's

#2
candlestick
-- LOW tech and NOT a led or computer

#3
It's this or the candlestick
-- the choice between HIGH and LOW tech

candle / led
books / hand held computers
and so on

its an system practically as you get out-of-the-box, a new installation, I only use it for Internet by FireFox browser, so I thought it must be the PUA's CLAMTK is constantly finding and deleting, these same viruses are refreshed every day, through sites like google, facebook and gmail? I think a pan global conglomerate consisting of NSA, CIA, KGB, BND etc. is messing with my system, they have the technology to get viruses through the ports (I mean here simply because your internet connected, not through sites, not through the browser)

...I'm gonna get Medieval on you... :-D

https://duckduckgo.com/?q=Candlestic...ax=1&ia=images

Like in “Opposing Basic on Linux is like being a left wing extremist terrorist who lives in a cave in the forest, scratches clay tablets under the light of a ~ and eats nothing but root vegetables.“

Gallienus, I am not from the gens Michael, since after we had conquered your empire, we used to put the Christian name in front.

...I don't get what I deserve, but I get what I need... I always admitted that, wanna leave a better world behind, than how I got it, though

But Please stay on topic: why do I get the same viruses every day, I constantly delete them with CLAMTK, but they are refreshed every day, must come through the ports and not through Facebook, Google and Gmail

Don't think: give us the data we need to assess the situation.


If that is what you believe then you seem to be facing problems the kind of which no hardware or software can ever hope to solve. Please leave your Tin Foil Hat at the door...

You are being targeted by the government and soon they will use UltraSonics on you until they turn up one day and take you to an off-shore prison to waterboard you for the rest of your life.

Or, this may be nothing to do with viruses but, since you're insisting it is, I would tell your family you love them while you still have chance.

@galien8: OK, so, your next post will determine if this thread has some blood left after OT-vampires got hold of the carcass. You're strongly suggested to to review what I wrote in post #21, else there'll be no salvation (for this thread that is ;-p).

Everyone who hurts me or my family or my beloved is EXODUS 20:5 doomed, because I'm liaison of The Architect of our Universe Emulation, I get my instructions from dream theme anagrams, I can crack anagrams mentally not necessarily need internet or computer

-----
...I operate from the outside...

Surely, "I have 4 to 5 viruses every day" is a little alarmist for such officiates and the scholarly?

@galien8: I basically asked you to choose wisely how to respond next. Your choice for all things irrelevant for solving your problem means there's no future for this thread. Closing.