Hi All,

I had an opportunity to learn (read problem) the other day. For the present, I'm forced by my financial situation to run a "Free" Dell 2400 series, with "XPee" on it.

I'm a ham radio operator (KA5LQJ) and a Severe Weather Spotter for NOAA. I only use the computer to go to the different ham radio and wx sites.

The other day, I got interested in some military gear and went to some recommended GOOGLE websites, but did not find what I was looking for. I had a doctor's appointment that afternoon, so I left the computer "open" to the Start page. When I got back, however, there was a screen FULL of "Warnings" that my computer had been infested with Trojans, viri, worms, malware and dangerous programs. It also said some of my data had been compromised or 'lost'. The main screen said it was from MICROSOFT, but the graphics weren't that of MICROSOFT. Although it had an M S in the left corner in a circle. It said to click on a button and remove the bad software. So, I did.

The next page comes up and says it can't delete the Trojans, viri, Worms, etc and I need to sent "Microsoft", either a electronics 'check' or give them a credit card number and they will download the software to take the junk out. No matter how hard I tried, I could not get away from this MICROSOFT. Yes, I have AVAST, but it was 'turned off'(for real) and I have 'HiJack This', as well, but it didn't catch this.

Finally, I was able to re-start the computer and went to the Control Panel. I got to the Restore Point and went back to Monday, a week ago.....Fixed!

"Microsoft" gave no physical, box number or identifying information. So, I must have been a scammer. The dirty, rotten, bass-turd (fish poop) should be hung by the heels and beaten with a baseball bat, LOL!

Soon I will have a multiple computer system. My wife has an Sony Viao laptop with WINDOWS 7 on it. She likes it, I don't, LOL!

I'll have this WIN machine to make into a jukebox, as it only has 512 megs of DELL (HELL) memory. Too expensive to add RAM. Or I may just junk the thing.

We have some money coming in from a truck sale, so I'll have either the Asus P5 mobo inserted into a new case with 700 watt power supply, OR I just may buy a Linux laptop (used) for my radio stuff.

NOW, the "Question" is: Should I decide to take this computer, the Dell and build a Linux firewall box ONLY out of it, will it keep the "junk" and "garbage" out of the other computers. In other words, no Spam, no viri, no Worms, no Trojans, no script kiddies, nothing bad from entering into either the Linux OR Micro$haft boxes. If possible, when I was sent SPAM it would return it to the spam site saying no such computer exist, especially these VIAGRA sites or Russian brides, LOL!

Thanks for looking,
GOD BLESS,
Warmest Regard,

"Buck"/KA5LQJ

Strong suggestion -

Even though it sounds like you're squared away, please get a copy of Malwarebytes Anti-Malware, and run it.

http://www.malwarebytes.org/

PS:
The moral of the story?

If you get another "click me":

1. Pull the network plug 1st
2. Shut off the PC 2nd
3. Run another Malwarebytes scan (and a full scan of whatever other A/V progra you have)

1 members found this post helpful.

Honestly, it sounds like your expectations of what a firewall (be it a GNU/Linux one or any else) can do are way, way too high. Hopefully, you're only considering the firewall as part of a broader defense in depth approach, yet even so, the idea that nothing bad will get through is quite fantastical, IMHO. Surely there are several LQ members here who would be more than happy to help you set up a dedicated firewall (and/or an enforced proxy server), but the fundamental need to keep it real remains.

Regarding the Windows PC itself: I'd like to ask you to open a separate thread in General for that. Given the account of events you've provided, it's evident that you would benefit greatly from LQ member input (specifically, from those who are familiar with Windows security issues). Needless to say, I would recommend that you abstain from using this PC for anything important until you've got it properly cleaned (which may or may not require a complete re-install) and hardened. In fact, I'd recommend you don't use it or even grant it network access, period.

Getting back on topic now, I must ask: Since you only use the computer for visiting a limited number of websites, wouldn't whitelisting those sites be the most efficient use of your time, energy, and hardware? It can be done in a jiffy with Squid.

the OP's post sounds a lot like the cross site script add for the av software ( WindowsAv or AntivirusXP or whatever it calls it's self )

i get them even on a fedora or SUSE box

-- kind of fun watching "it" run the FAKE scan of "MY" C:\\ drive ( i did not know that fedora had a "My ProgramFiles or a System32 folder) using XP default theme on my linux box

this mall ware has you PAY $$$$$ to install a virus
-- side note --
a few months back McAfee's web site was serving this thing up


as to using that machine as a firewall ? probably not
i am guessing that it's hardware can ONLY use ipv4

Indeed sounds like an ad to me.


Huh? Why would you say that? Since when are network protocols a property of NIC cards instead of the kernel or more specifically the IP stack?

I think a small Linux kernel would run fine on it with 512 Mb for a dedicated firewall and gateway. It would certainly provide a learning opportunity and you could customize it to your desires. On the other hand, you will want at least 2 NIC cards. A basic PCI based NIC costs about $15 USD in a store. For not a lot more than that, you could simply by a firewall / router that would take up a lot less space, less power, and give you wireless capability for a laptop. Some routers can even be re-flashed with software like ddWRT (linux based) that let you configure iptables directly for refined control.

The windows virus you picked up is called antivir, and there are a lot of variants of it. This forum (link) is an excellent tech site with a heavy Windows focus (I think of it as the Windows equivalent of LQ). The link is to the virus and spyware forum. There are a few threads dedicated to how to remove this particular nasty.