PartedMagic live linux can load to memory and run clamav on a windows drive to check for and remove viruses. However, I need to also find and remove trojans and worms on a windows drive which clamav can not find. Is there any worm and trojan removers for linux or do you need to install WINE and run the windows trojan and worm removers.
View 3 Repliesafter compressing one of my sites and downloading it to my Windows PC my Antivirus picked up a trojan horse called "PHP/Rst.AK Trojan" Im still very new to all this and was wondering how i go about removing malware etc from my fedora 8 server. IS there a free virus scaning software i should be using ?
View 3 Replies View RelatedI started an upgrade from Ubuntu 8.04 to 10.04 and it stopped with the message: Ubuntu desktop is listed to be removed but is on the removal blacklist. Then it restored back to 8.04. I don't know how to resolve this - it would be alright to remove the old Ubuntu desktop.
View 1 Replies View RelatedI downloaded a mail archive (text file, almost 150000 lines).When it was scanned by clamscan,
Code:
>cat suspicious_File | clamscan -
stdin: Worm.Bagle.AT FOUND
Worm.Bagle.AT shows up.Web search says that Worm.Bagle comes as mail attachment.So, I tried to identify where worm is.
Step 1. spilt into small files.
Code:
split -l 10000 suspicious_file
Step 2. which part worm resides.
Code:
clamscan xa*
xaa:OK
[code]....
T thought that worm was cut by split command, so I used different size fraction, then result is same.
I have snipped part of my log i captured on the my honey pot need recommendation on what is going o? The infected computers is located at address ${ADDRESS}. A quick check of my low interaction Honeypot (based on nepenthes) gives the following data: i know its a worm but what is going on thanks in advance
linux-sqos:/opt/nepenthes/var/log # cat nepenthes.log
<snip>
[18032007 02:26:03 info module] 76 4
[18032007 02:26:03 info module] SMB Session Request 76
H CKFDENECFDEFFCFGEFFCCACACACACACA
code....
One of my friends website has the following code in almost 1500 files
Code:
<script type="text/javascript" src="http://kollinsoy.skyefenton.com:8080/Data_Type.js"></script>
<!--db99f6effefc0ff79b57c785dc1a107c-->
How can I remove it? I tried clamscan but it did not find anything. I was thinking if I can use grep/sed to remove the above from the files.
I want to log the user name and password passed through the default telnet client on Fedora (7 to 11) system.I have thought of something like this:(Download Telent client src)->(modify src)->(compile and install)but i am not sure...
View 11 Replies View RelatedI have couple of USB modules. They are full of unwanted Windows files.I want to remove everything and format it.The message is it is write protected. The command fdisk -l gives the following:
Disk /dev/sdc: 2008 MB, 2008416256 bytes
57 heads, 56 sectors/track, 1228 cylinders
Units = cylinders of 3192 * 512 = 1634304 bytes
[code]...
I now run 9.10 but I used to run 9.04. Accidentally made my 9.10 pretty small, and I was basically being lazy and leaving it, but I now want to free up the 80 GB I left on 9.04. Is there any way to just delete the partition, I have all I need from it.
The path from what I can tell for it is /dev/sda1
So I am a relatively inexperienced user of Linux. I have some experience and have dabbled in linux mint on several occasions, I get what linux is I suppose.
I was running windows XP before, it caught a virus and I rigged up a usb drive to install another copy of XP over that because my disk drive is broken.
I decided yesterday to make a switch to linux, I was fed up with windows and I can do anything windows can do with linux if I actually immerse myself in it with a little work and a little learning.
So I downloaded a copy of Ubuntu 10.10. I tried to make a bootable USB stick install of it and I was successful, booted from it, but it kind of just lingered at a black screen with credits and never began installing, there was no terminal or anything and it wasn't starting on its own.
I chose the next best thing, installing it inside of windows from that wubi.exe thing included in the iso image of ubuntu 10.10. I installed it over that, wired it and got my always problematic (with linux at least) b43 broadcom drivers.
So now when I start my computer there are the two windows xp installations and ubuntu.
Is there any way to, from my ubuntu from the install method stated (installed from inside of windows using wubi.exe), remove both instances of windows XP and make linux the only operating system on my computer WITHOUT having to reinstall linux.
I say again my disk drive is broken and the USB stick method didn't work for me, there is no way I can legitimately install linux and format my hard disk / delete partitions.
I just pulled the MS Removal Tool executable off a Windows 7 machine. Is there a way I can view the code on my Ubuntu machine? I am curious how they block the "real" av software from running. I did get rid of it, pretty simple.
View 5 Replies View RelatedWe have several HP Thin-Clients of type t5545 in use. We redirect USB-Media to the terminalserver. Because the t5545 runs a debian customized by hp, we can treat it like a debian in some way.First, I'll explain how usb-redirection is configured: automatically mount it to /tmp/tmpfs/media /tmp/tmpfs/media is redirected as disk "Z" via rdesktop-parameter -r disk:sharename=path in case of removed usb-media udev will run a script to umount -l the device and delete the mountpointThe environment:
Thin-Clients run linux: root@mac-addr:/tmp/tmpfs/media# uname -a
Linux mac-addr 2.6.26-2-686 1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux
Terminalserver runs Windows Server 2008 R2
[code]....
removal icon has gone from my toolbar, how do I get it back.I have an acer aspire one notebook.It used to appear in the bottom of my screen and in the window sidebar...but now has gone totally.
View 3 Replies View RelatedI'm working on an app that will authenticate user with a smartcard when the user inserts it in the card reader (this is on Red Hat 5.5). How do I detect a card has been inserted? Is there a daemon service I need to listen to and associated api to get notified etc? .
View 3 Replies View RelatedI used my printer without any problems using ubuntu os. As the day went surfing got slower. I lost ability to print. Went into windows os, which I haven't used for a few day, and scanned with superantispyware. A Trojan virus was found. Went back to ubuntu os and found that all printer programs had been removed.
View 9 Replies View RelatedAfter some time i always see a trojan virus in my ubuntu machines shared folder. It is an exe detected by ClamAv as Trojan.Autokit-77 I thought i was getting it from some windows machine on the network but that isn't the case. I deleted the virus and removed my computer from the network and still the virus comes back. My computer however, is still connected to the internet through an independent mobile broadband usb stick.
So where is the virus coming from and why is it going to my shared folder. I thought ubuntu would not allow the virus to do something like this without me giving it permission. I am running 10.4.
I have an application that creates temp files and quickly deletes them. But I'd like to keep those files, is there a way to do that in Linux?
View 2 Replies View Relatedsome info on the drive - it's a USB 2.0 portable hard drive (PQI H560), one partition spanning all 640GB, NTFS. Used almost exclusively on Linux (arch and ubuntu), but initially formatted on Windows 7.The hard drive has quite a lot of hard links on it, as it was a timemachine-like backup system.And now the issue itself:Today I made the mistake of taking out my portable hard drive from my Linux system and plugging it in a Windows 7 box. Everything worked nice, I took a movie from the drive, and it lay dormant for an hour or so. After that I took the drive out (forgot to unmount :/) and put it back in my Linux.
Any idea why did it break so bad? I thought NTFS was kind of durable.Best if there would be something nondestructive (be able to get the data while preserving every bit of the drive in it's current state - just to be sure it doesn't break anything)
if i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?
View 9 Replies View RelatedIn debian/ubuntu I want to:
a) Create a list of all the files in one directory tree
b) Do the same for a second directory tree
c) Compare the two lists such that, only the file NAMES are compared (i.e. just comparing the "file.txt" part so that "/home/folder/file.txt" == "/home/secondfolder/folder/file.txt)
d) Output a list of all the duplicates
How to do this using scripting languages or regex or something?
Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.
Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.
Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?
I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
View 8 Replies View RelatedI just downloaded OpenSuse 11.1 64 bit live cd from it's official site.I have live usb creater in my xp box , with the help of which I successfully created live USB for fedora 11 earlier. Now the problem is whenever I try to create live usb using Opensuse live ISO image after extracting all files to usb , it gets failed.The same thing is happening with OpenSolaris 11 live cd iso image. Does this mean that live usb creater I have, was only foe Fedora distros?
View 4 Replies View RelatedI stupidly clicked on a spam link on my roommate's computer (I must have forgotten that I wasn't using Ubuntu and had to be much more careful) and the computer is now infected by a nasty Trojan. (I unfortunately cannot remember the name right now, but it is a Trojan.) Now, her computer will barely start up under the normal Windows 7 without a blue screen of death appearing, with the IRQL_NOT_LESS_OR_EQUAL error message.I stumbled upon this: http://maketecheasier.com/remove-win...ux/2010/02/02/ and I thought I would give it a shot.I don't have a flash-drive, and I'm rather tight on cash at the moment, so instead of creating a USB stick with the OS they recommended, I used my live CD of Ubuntu 10.4. I installed Clam, and ran the update as it says, and it seemed to work alright. When I started the scan, however, (excluding .doc files), the first message that came up was that the software was out of date, but the scan proceeded, and so I figured all was alright. The scan took about an hour 45, and when it was done, it reported that 0 files were infected, and that there were 4 errors. I crossed my fingers and hoped that these errors were the problem and Clam fixed it, but alas, this was not the case. The computer is still just as screwed up.
Does anyone have any suggestions? Maybe the updates couldn't be saved because I was using a live CD instead of a USB? Hopefully this isn't the case, because I really don't want to have to go and buy a flashdrive, but I will if I must. Can a portion of an external harddrive be used as a boot drive?
i am wondering if i should get a fedora live cd or live dvd. space isn't a problem for me
View 1 Replies View RelatedSo tonight I bought a WD "My Passport" portable HD.Plug it in and KDE says there are two devices...One is the "My Passport" drive, the other one is a CD-ROM called "WD SmartWare" ... WTF?A bit of Googling led me to a Windows/Mac downloads page for a tool which hides, but doesn't remove this unwanted feature.Anyone had any experience with this? want to remove it. It has to go. I've no need for it, and it's taking up half a gig. What a joke.Edit: Some specifics:The virtual CD-ROM is showing up as /dev/sr2, while the main partition shows up as /dev/sdc1.I've tried mounting sr2 with the 'rw' option, but mount reports that this can't be done. fdisk tells me that there are no spare sectors on sdc, and that there are no partitions at all on sr2. What's going on? How do I fix this? In case you can't tell, this is p___ing me off.
View 16 Replies View RelatedI did a d-u today, all went well. Then tried to install dkms, and apt came back with a list of programs it says were automatically installed by no longer required, including several libqt4 packages. I'd like to know what programs would be affected by removing each one.
View 9 Replies View RelatedWith Synaptic I can not "Mark for Removal". In terminal I tried "sudo synaptic", "gksudo synaptic", it doesn't work. What is wrong?
View 1 Replies View RelatedI just installed ubuntu 10.04 on my spare computer.Everytime I try to install or remove something (through the ubuntu software center) I get to 90% and I get an errormessage. The software seems to be installed, so I'm not sure what the deal is.The programs I tried to install:- chromium- skype- thunderbird- ubuntu restricted extrasThe programs I tried to uninstall:- evolution
View 8 Replies View RelatedI have installed the newest version of Peppermint Ice (Ubuntu derivative) on my Eee PC 701's internal HD and would like to get some more space on the drive (2GB total) by removeing packages like hunspell-en-ca, but synaptic warns me that language-support-writing-en will be removed. How can I force removal of this and similar packages like myspell-en-au, without uninstalling English language support?
View 2 Replies View Related