LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-16-2016, 09:44 PM   #1
apples45
Member
 
Registered: Mar 2016
Posts: 43

Rep: Reputation: Disabled
Virus on Ubuntu 14.04


I have a virus or someone has hacked my computer with a USB device and is swapping and deleting my files. There are at least 4 unknown guests in my computer. I am missing files. It says I don't have the authority to remove the programs, as I have been trying for weeks. Please help. I am not the real computer savy, a friend put this on my system to prevent a security breach. This is a home pc. This would be done by someone personal looking to watch my account, or find things to use against me in court.

I appreciate any help. It may be cryptovirus and someone said it was from attaching an android phone and manipulating the files, which I haven't done. I had a "friend" tell me to download some anti-malware software and it said there were 19 files I have labeled as "quarantine". However, the majority of the problem is still here.

Thank you.

Last edited by unSpawn; 03-19-2016 at 05:44 AM. Reason: //Email address removed. No need to post it.
 
Old 03-17-2016, 02:09 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by apples45 View Post
a friend put this on my system to prevent a security breach.
Put what on the system exactly?
 
1 members found this post helpful.
Old 03-18-2016, 05:44 PM   #3
offgridguy
Senior Member
 
Registered: Nov 2015
Location: Alberta Canada
Distribution: Windows10, Debian
Posts: 1,109

Rep: Reputation: 147Reputation: 147
Welcome to the forum. This sounds like you have a problem with someone who has personal access to your computer?
 
1 members found this post helpful.
Old 03-18-2016, 07:59 PM   #4
timl
Member
 
Registered: Jan 2009
Location: Sydney, Australia
Distribution: Fedora,CentOS
Posts: 683

Rep: Reputation: 151Reputation: 151
First of all can you pull out your ethernet cable? This stops other users getting in.
Next backup your personal data

You can then choose to reinstall Ubuntu (you will get plenty of help here) or whether to address the unknown problem. Let us know
 
Old 03-18-2016, 08:46 PM   #5
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: Oregon, USA
Distribution: Lubuntu 14.04, Windows Vista
Posts: 6,277
Blog Entries: 3

Rep: Reputation: 839Reputation: 839Reputation: 839Reputation: 839Reputation: 839Reputation: 839Reputation: 839
Hi apples45...

Welcome to the forum

Just as a suggestion, you might want to remove your e-mail address, lest your email inbox ends up with a boatload of SPAM in the very near future.

Regards...
 
Old 03-19-2016, 06:18 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by apples45 View Post
I am not the real computer savy (..) I have been trying for weeks
...then take a deep breath and be prepared to answer some questions first. You may find there's no breach of security and the problem can be fixed given enough knowledge and time. (And maybe a backup?)


Quote:
Originally Posted by apples45 View Post
This would be done by someone personal looking to watch my account, or find things to use against me in court.
...also do not unduly interpret things: focus on getting the technical details to us first.


Quote:
Originally Posted by apples45 View Post
I have a virus or someone has hacked my computer with a USB device and is swapping and deleting my files. There are at least 4 unknown guests in my computer. I am missing files. It says I don't have the authority to remove the programs, as I have been trying for weeks.
- What makes you think the cause was "an USB device"?
- What software installs or updates, system or service reconfiguration happened weeks ago?
- What symptoms showed up when you first noticed problems weeks ago?
- What files are missing? List them?


Quote:
Originally Posted by apples45 View Post
I had a "friend" tell me to download some anti-malware software and it said there were 19 files I have labeled as "quarantine".
- List the product used and the file names?

Also check your log files in /var/log for errors and post anything else you think is relevant: the more (detailed!) technical information the better.
 
1 members found this post helpful.
Old 03-19-2016, 06:30 AM   #7
przemo
Member
 
Registered: Feb 2016
Location: cork.ie
Distribution: Slackware-current
Posts: 118

Rep: Reputation: Disabled
Code:
ls -al /home
http://www.thegeekstuff.com/2009/03/...-linux-system/

Last edited by przemo; 03-19-2016 at 06:34 AM.
 
1 members found this post helpful.
Old 03-21-2016, 05:30 PM   #8
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
the problem was noticed when after i was looking at some questionable websites. However, that's when I noticed it. I don't have authority to access my backup cache and there are usually 4 unknown guests logged into my system at a time. I have turned off my wifi unless i am using it to see if that helps. I don't have anything incredibly private, its just annoying that there are so many users and its slowing my system down. and further, i can't access the histories of these other users i dont have authority. someone mentioned this could be from plugging in an android device, in which case, why are they accessing my computer on a regular?

does installing gnome have anything to do with this? something about freedesktop manager, and syncing file systems. i didnt have an android phone until way after this began.
 
Old 03-21-2016, 05:32 PM   #9
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
who am i supposedly "swapping" with? if this is stuff ive never noticed before that is normal, let me know. i get excited about things that may be nothing.
 
Old 03-21-2016, 05:36 PM   #10
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by przemo View Post
tara@Tara-Laptop:~$ ls -al /home
total 16
drwxr-xr-x 4 root root 4096 Jan 20 2015 .
drwxr-xr-x 25 root root 4096 Mar 1 22:04 ..
drwxr-xr-x 23 guest guest 4096 Mar 17 00:29 guest
drwxr-xr-x 37 tara tara 4096 Mar 21 17:35 tara
 
Old 03-21-2016, 06:12 PM   #11
przemo
Member
 
Registered: Feb 2016
Location: cork.ie
Distribution: Slackware-current
Posts: 118

Rep: Reputation: Disabled
did you created guest account???
who is guest????
 
Old 03-21-2016, 10:35 PM   #12
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by przemo View Post
did you created guest account???
who is guest????
i know the guest. he would have had to install something which is unlikely, or its something i got from being online. How do I know if this is serious, or if its just from plugging things in ... i just don't understand who and why people are logging in when im not even home. the only guest should be the one i know about, right?
 
Old 03-22-2016, 01:25 AM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by apples45 View Post
its just annoying that there are so many users and its slowing my system down.
You're likely new to Linux? As in you are interpreting things? Linux uses something called separation of privileges meaning there will always be different process shown to be running by different users. I suggest you run this from a terminal window and post the output
Code:
\ps axf; lastlog; last -wai30; sudo grep -v '^#' -r /etc/sudoers*; getent passwd;
and read some basic documentation about how Linux works.
 
Old 03-22-2016, 04:50 AM   #14
przemo
Member
 
Registered: Feb 2016
Location: cork.ie
Distribution: Slackware-current
Posts: 118

Rep: Reputation: Disabled
basically, if you did not created guest account, that means someone did with root privileges if someone beside you have root access that you did not granted that`s worst case i recommend reinstalling, creating new passwords and setting up iptables.

Last edited by przemo; 03-22-2016 at 04:51 AM.
 
Old 03-22-2016, 06:47 AM   #15
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Unspawn and prezmo...

I am Tara. There should be one guest. There are several that seem to have unlimited access. I have noticed numerous programs show up that I do not remember installing, though I could have. Most unnerving is there seems to be a theme about access to audio or something? Could you please explain the language. I will attempt to find something that legitimately shows my concern.

I could very well be interpreting things. I do take medication. However, the fact that I no longer have authority to access my files makes me wonder. There are several "files systems" I'm concerned about... I ran the command line:

Quote:
\ps axf; lastlog; last -wai30; sudo grep -v '^#' -r /etc/sudoers*; getent passwd;

I attached what it says. Just let me know if there is someone accessing my files please. If so I have more questions. I have been trying to make adjustments over the last month but things haven't changed terribly. If this is in my head, as many things are, then I thank you for your patience.
Attached Files
File Type: txt 1.txt (15.7 KB, 52 views)

Last edited by apples45; 03-22-2016 at 06:53 AM. Reason: too long
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] just had my first virus ubuntu 12.04 phillipe8 Linux - Security 8 10-01-2014 09:39 PM
Do I need Anti-virus for Ubuntu? scottcasey Linux - General 15 09-23-2014 08:25 AM
I think I have a virus in Ubuntu dyess002 Linux - Security 17 09-12-2011 11:21 PM
Using Ubuntu, how likely can I get a virus..... if I try to get one. Chronothread Linux - Security 8 04-08-2009 04:32 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration