Ubuntu Security :: ISP Keeps Complaining About Infected Computer
Feb 27, 2011
For a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.
View 4 Replies
ADVERTISEMENT
Apr 11, 2010
I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
View 3 Replies
View Related
Jan 7, 2010
I'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.
View 14 Replies
View Related
Nov 10, 2010
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
View 8 Replies
View Related
Nov 5, 2009
I get spammed with this message by the troubleshooter, is the audit-libs package related to this ? there was an update today.
View 2 Replies
View Related
Jul 3, 2009
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies
View Related
Mar 29, 2011
I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
View 1 Replies
View Related
Jul 17, 2009
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
View 5 Replies
View Related
Dec 4, 2010
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
View 4 Replies
View Related
Jul 31, 2010
I am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).
View 4 Replies
View Related
May 2, 2010
if i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?
View 9 Replies
View Related
Sep 2, 2010
My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing),
- Kaspersky Rescue CD 10 (removed infections, now detects nothing),
- Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot.
2) Copy over files from Windows XP partition using Xubuntu.
3) Back up files to an external drive using Xubuntu.
4) Reinstall XP Pro and format hard drive.
5) Reinstall Xubuntu with dual boot.
6) Use Xubuntu for daily use.
7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
View 8 Replies
View Related
Sep 2, 2010
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies
View Related
Aug 5, 2010
does it effective using ClamAV as Privoxy antivirus? I have actually configure it but it does not seem to come into any effect.Why?I test it with Eicar(test virus) online and it does not even prompt there is a problem unless i have scanned.Beside that,i have installed ClamAV daemon along with it. [URL]
[Code]....
Issue :How come the Clam Antivirus does not prompt there is a virus when i opened the file or problem link?Does it work difference as Window OS antivirus which prompt when there is a virus detected?
View 9 Replies
View Related
Aug 28, 2010
Any time I start k3b, it complains about 'The file or folder /media/disk/.... does not exist' (which indeed does not exist). Where is this path stored? How can I remove it? grep -r /media/disk ~/.kde/* does not give any hit.
View 2 Replies
View Related
Jan 20, 2010
I've been trying to run a simple `yum update` for the last couple weeks, but it barfs before it finishes every time. For every single package it will say something similar to "('installing package libdrm-2.4.17-1.fc12.i686 needs 208KB on the /boot filesystem', (9, '/boot', 212992L))"
Here's an example of the output:
Code:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
[Code]...
This is a machine that I recently put through several upgrades: Fedora 9-> Fedora 10 -> Fedora 12. The computer has been working well for the most part, with some minor bugs here and there. Yum updates were working just fine until this popped up.
View 2 Replies
View Related
Jul 10, 2010
I have been running f13 ever since it was released. Evidently the kmod-rt2870 rpms are never deleted when older kernels are removed. When I tried to do today's update the Package Manager and yum complained that some of the older kmod-rt2870 packages left over from fedora 12 were missing kernel dependencies. The kernels have been missing for a long time. I don't know why the package manager started complaining today.
I tried
1) yum clean all
2 rpm --rebuilddb
3) removed the /lib/modules directory corresponding to the old kernels
and the problem persisted.
I finally removed all of the kmod-rt2870 rpms what where originally installed in fedora 12 and I was finally able to complete the update. Why did the package manager suddenly start complaining about the missing kernels?
View 1 Replies
View Related
Nov 15, 2010
Trouble with cups - Opensuse 11.3 x86-64
Hplip installed
prrinter = HP photosmart 4280
No way I can set the printer as default printer in cups as in 11.2. Now hp-device-manager. Part of hplip is complaining "set the default printer"
View 2 Replies
View Related
Sep 11, 2010
Debian 504 64bit
Gnome desktop
I can't download file on http://download.walware.de/eclipse-3.6/ Always complaining "404 - FORBIDDEN"
This is only a workstation. Apache is not running. No .htaccess file found for adding; Code: <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
View 2 Replies
View Related
May 16, 2010
I got a new laptop a few days ago, to which I installed Fedora 12, and I am trying to install xmacro on it. I downloaded.I looked at this thread and one of the posts says there are instructions here but the link does not work for me.I installed xmacro on my old laptop (Debian) with no problems. I don't remember how, but I suppose it will be different installing an rpm anyway.
View 3 Replies
View Related
May 24, 2010
I'm trying to get automounting working with Arch on my laptop, and I've installed thunar-volman. The trouble is, whenever I put in a CD or plug in a USB mass storage device (thumb drive, USB hard drive, etc.), it gives me a dialog like the following: Quote:
Failed to mount [CD/DVD/USB device here]. Rejected send message, 1 matched rules; type="method_call", sender=":1.31" (uid=1000 pid=5706 comm="exo-mount) interface="org.freedesktop.Hal.Device.Volume" member="Mount" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=2186 comm="/usr/sbin/hald)).
I'm guessing this means there's some config in HAL or DBus that I need to fix, but I can't even begin to figure out what file it could be in.. I've tried searching LQ and Google to no avail. It seems that either the solution is sitting right in front of me, or hardly anyone even has this problem. I can mount the devices manually (as root), but like I said, if I put in a CD/DVD or plug in a USB storage device, or if I double-click the icon on the desktop, I get the above error. I've tried adding myself to the groups optical, disk, storage, and power, but I still get the same thing.
View 2 Replies
View Related
Feb 16, 2011
We have Ubuntu 8.04 running on our mail server and remote smtp connection does not work.
When trying to send with a client such as Thunderbird it complains about a wrong usernamepassword.
Receiving mail with IMAP and POP3 works fine through Thunderbird. Both receiving and sending mail through a web interface(horde) works.
I can remotely telnet the server at port 25 and this is the output of ehlo:
Code:
250-**server address**
250-PIPELINING
250-SIZE 25000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
code....
View 6 Replies
View Related
Dec 30, 2009
I'm trying to compile Ardour 2.8.4 under openSUSE 11.2 with VST support. I think I've installed all the dependencies, but when I run scons I come up with this:
Code:
[usual ****]
...
[code]....
View 2 Replies
View Related
Feb 1, 2010
I got some documents scanned today and had them put in a USB drive. The shopkeeper informed me that it has a virus, yet he transferred the files onto the USB drive. When I put it into my computer ten minutes later, the drive was not getting mounted. I read up and tried installing usbmount. After installing that, I managed to mount the drive. However, the drive was read-only on Ubuntu. On Windows, I found a virus and tried unsuccessfully to delete it (read-only). I tried again on Ubuntu, but didn't manage to delete the infected file (ReCyCleR/sEtuP.exe). I have now backed up all the files on the disk (except, obviously, the ReCyCleR directory). When I try to format the drive using gParted, I get:
[Code]....
View 6 Replies
View Related
Jun 22, 2011
Recently, I've been contacted through AIM by a showgirl who wants me to watch her webcam. I found it very unusual that I was contacted about this, especially through AIM. Now, I don't actively give out my AIM screen name. The only place I am aware of it being posted up is on Facebook, and even I have my privacy on Friends so no one outside my network could see it... and even then my birthday on Facebook is underaged for this scandalous activity.
So I don't believe my screen name was gathered from Facebook in its use in this.Is it possible that I am infected some data mining spyware? How does Ubuntu deal with tracking cookies? I also consider that my screen name was mined from someone else's AIM account by which I was then contacted.
View 4 Replies
View Related
Feb 18, 2011
So since i have installed linux, I have been ready about how virus are not nearly as likely to infect linux system as windows, i am running a dual-boot though and import my profile and have a lot of my files from windows system on linux, can they potentially be infected in the windows sense?
View 2 Replies
View Related
Mar 4, 2011
ClamAV tells me that three of my OpenOffice.org Calc spreadsheets may be infected (status "MBL_144360.UNOFFICIAL", if that means anything). This seems not entirely implausible, since yesterday I used a USB stick to transfer files from a Windows system. Anyway, I'd really like to keep these spreadsheets. Can I disinfect them somehow?
View 2 Replies
View Related
Apr 13, 2010
I was looking at my firewall(firestarter) logs. It shows that a program named Master's Paradise has been trying to make connections to outside from my computer on port 3129. Why would I have something like this on my machine? Is this something I need to be worried about?? Or is some legitimate program using port 3129 and the firewall log is still showing it as Master's Paradise?
View 9 Replies
View Related
Feb 27, 2011
I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
View 9 Replies
View Related
Oct 29, 2010
I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
Code:
----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2
[Code]....
View 5 Replies
View Related
