Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I run my laptop on Ubuntu. Here in the college library, I use my pen drive to store things I download on their comp (Win XP). Must have picked up a virus.
jwgkvsq.vmx
I'm not very worried, as I presume it can't touch Linux.
The virus checker on this machine tells me every time I plug the pen drive in, that it has a virus. When I go home, I plug it into my computer and delete the whole directory recycled, put there by the virus checker.
But when I come back the library comp tells me I have it again on the pen drive.
I delete it as root, and presume it is gone. How does it survive? Can there be more copies of it on the pen drive, somehow unseen? I generally have show hidden files ticked, so I know what is on my comp.
The fact that I'm in China, and the anti virus is in Chinese is not very helpful---- I can't read what it says!
You can try taking a backup of the useful data from the pen drive, format the pen drive and restore the data from the backup., though running a good antivirus would have been a better option.
I run my laptop on Ubuntu. Here in the college library, I use my pen drive to store things I download on their comp (Win XP). Must have picked up a virus.
jwgkvsq.vmx
I'm not very worried, as I presume it can't touch Linux.
The virus checker on this machine tells me every time I plug the pen drive in, that it has a virus. When I go home, I plug it into my computer and delete the whole directory recycled, put there by the virus checker.
But when I come back the library comp tells me I have it again on the pen drive.
I delete it as root, and presume it is gone. How does it survive? Can there be more copies of it on the pen drive, somehow unseen? I generally have show hidden files ticked, so I know what is on my comp.
The fact that I'm in China, and the anti virus is in Chinese is not very helpful---- I can't read what it says!
Any suggs?
Heuristic Piece Wise. It's infected with subsequent code other inert files. A triggering event re-assembles.
Pen drive uses FAT so the virus could have marked itself as a system file, in which case no (Windows-based) AV software will be able to remove it (as the OS will prevent the delete operation). Use the attrib command to remove any attributes, or just (re)format the thing if there's no data that needs to be salvaged.
Now that I think about it, you can boot off a pen drive too, so you should really repartition before reformatting, just in case the MBR has also been corrupted.
I once encountered a boot sector virus that encrypted the FAT table itself. Remove the virus and the whole disk became unreadable. Leave it there and your system ran really slowly but it ran, as did the botnet software, anywho...
According to this page this file is probably connected to the Conficker (Kido, Downadup) worm. In essence, your stick may be able to infect Windows systems with that malware, which is currently the most successful and dangerous piece of malware extant. You should really delete all partitions on that stick and then rebuild it.
You might also want to inform the library that their computers are infected. It probably is no surprise to them, but they really should do something about it. Like not run Windows, but they probably wouldn't like that suggestion.
I don't like what you said about the chinese language removal tool. Did you fall for scare-ware which may itself contain malware? Linux isn't immune from people who run trojan'ed download installers. Rely on your package manager and only use vetted code.
If you have an older pendrive, reformat it using a live distro, and insert it in the computer in the library. If it gets the malware on it, then it is the library computer that is the cause.
where 'of=' points to the USB drive. Be careful not to zero your HDD, it's very easy to put in sda instead of sdb and the like. This is a dangerous command, so be careful.
Then you can use fdisk or cfdisk to re-partition the USB drive. As for the library, I usually upload to gmail from the library, no need for the primitive USB stick method.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.