Ubuntu Security :: Malware + MBR - How To Discover/remove
Feb 28, 2010
Can a virus survive a reformat, running bootrec /fixmbr (both from the install CD), and then installing Ubuntu? Reformat meaning from the windows disk recovery console, using the format command for all partitions. Likewise, would a virus be capable of surviving just the first two steps alone without installing Ubuntu, just re-installing windows?
If one were to have an MBR virus on Windows or Linux, how abouts would you find or remove it without doing an entire disk wipe? And before someone goes "Linux is immune" take into consideration vulnerabilities on the user end.
A friend of mine was complaining about his Windows computer being slow here lately.
I told him he is probably full of malware that slipped past his anti-virus program.
I've heard that one can use a live Linux cd to remove malware from a windows computer. How would I go about doing this?
Is it as simple as booting the cd, then using zypper to install an anti-virus program to the ram file system and mounting/scanning the hard drive. If so what program is the best to use for this purpose?
I was on funnyjunk.com yesterday, looking at funny pictures. I clicked the next button, and a page popped up displaying that the website had malware hosted by hit.d1.net, however when I had Windows XP the MacAffee Siteadvisor Displayed that there was no malware. Is this Real or Fake? Just wondering if it is one of those fake spyware alerts, like from windows.
I realize that FF 3.6 was referred to near the end of this thread? Most Ubuntu based distros (Mint, Gosalia, Ubuntu, Xubuntu) are shipped with FF 3.5.8, are there any reported problems with this version of FF? Mint does offer Opera, I really don't care about installing Wine to gain access to IE6, you open the browser, there are two critical updates that shows, but on three occasions, I left the desktop for an hour, and the two updates still never applied. I have installed Clam AV, is there a malware scanner for Mint, too? I do want to be secure, but don't wish to run two AV's, have four separate malware scanners, and scan every piece of everything the way you must do in Windows. With Windows, you spend more time scanning than browsing. I don't want to have to do this with Mint, too.
is it possible for malware to survive a full reformat (ie... dd /dev/zero,urandom,zero?I'm for some reason worried that my android based phone, PS3, XBox 360, Routers, and/or TV can somehow be infected with malware as they were hooked up to my network..Is this possible? And does Factory Resetting or Hard Resetting clear all data on the device and reset it entirely? If so, how does that work? Is there a specific storage chip on the device that cannot be written to and only read for when a hard reset is requested?
I'm aware that this sounds outlandish but I've got a severe paranoia for some reason and would like peer advice on how to resolve this and get some peace of mind.
So I downloaded a movie from megaupload and a pop up came up with [URL]....that bounced me to[URL]..but that webpage did not display. Normally, on Windows, I would have an anti-virus that would likely give me some sense of good or bad websites. On Ubuntu, I am not quite sure. Do I need a malware scanner for the firefox browser? I have the standard package from the 10.04 distro with the latest updates...
today is my second week using ubuntu , my question is how can i insert malware block list on ubuntu? as my regular win user i always put the list in dirrectory x: winblows system32 drivers etc hosts[URL]
In Ubuntu 10.04 LTS, I have downloaded and installed texlive (2011). They have issued the following warnings:
1. "To the best of our knowledge, the core TEX programs themselves are (and always have been) extremely robust. However, the contributed programs in TEX Live may not reach the same level, despite everyone�s best efforts. As always, you should be careful when running programs on untrusted input; for maximum safety, use a new subdirectory."
What does this exactly mean? The installed program has already created own directories and subdirectories (e.g. /usr/local/texlive/2011/bin/i386-linux). Am I supposed to create a new subdirectory in home to write files and run latex program? Exactly how do I know that the downloaded and installed program is not malicious?
2. "Finally, TEX (and its companion programs) are able to write files when processing documents, a feature that can also be abused in a wide variety of ways. Again, processing unknown documents in a new subdirectory is the safest bet."
what is implied by "a feature that can also be abused in a wide variety of ways".
I have been using the new ocr app 'cuneiform' that has appeared in the Lucid repo.It is command line and works very well.However, the rest of the household would like to use it and desire a gui front-end.Mepis has this and it is called YAGF. Works well.We are told to install only from trusted sources.how can I check the integrity of this .deb and freedom from malware before installing it?
Alright running a ubuntu based webserver. The app will be accepting user uploaded files from my client's clients. My client will then need to download an access the files. I'm looking for a solution to scan for windows malware at the time of upload so I never expose her machine directly to her client's uploads.
I browse with Firefox and I had been running a pretty vanilla install of Ubuntu 10.4 (with a few things like tomcat and mysql) I supposed the repos kept everything (like java) up to date.
Some time ago I replaced OpenJDK with SunJDK. java -version is "1.6.0_24" which java is /usr/bin/java
Yesterday, for the first time, I downloaded and ran an Avast! scan. It complains of "Malware-gen" in several class files in what I think is the java cache. Does anyone know how this could be?
A forum that I visit with Firefox has a message that says the following: Quote: I've detected a bestlifeusa.ru script that tries to run of this server, I've reported this, but I'm pretty sure most of you get this one too, I was just protected so I'm fine - you may not be so lucky, so I'm asking you guys to get your system checked immediately.
If you use firefox - install the No Script extention after you have cleaned your system for all worms, viruses and spyware. And make sure that the bestlifeusa.ru script can't execute on your system from this site. If you don't have any "anti script" "no script" "script stopping" system installed with your browser, you will likely not notice this script, I suspect it's a spy-script that spies on you - and you most certainly have it! I think the measures recommended might be Windows oriented.
I was thinking of physically removing the hard drive and use the computer only with a liveCD for security. But is disabling the hard drive in the cmos just as secure, or does software exist that can still access the hard drive?
second time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?
Originally Posted by smokerSuch things can happen on linux. But try googling for actual occurrences.Greetings SmokerWith no prejudice sir: I've got a personal list of at least 75 such occurrences, just this year alone in Linux-OS's... If the Blacks wants to mess-up your OS, they do it as easy as microstuf could nuke any target Windows-98 OS today... Linux is web-page secure, only... You may think Linux is impervious to hack-attack, but it's definitely Not!.. It's just that you haven't been extremely noisy on the internet about how humanity should change its bad-attitudes towards Life and Love, before it's too late... In and from your "safe little box" you are 99.99% safe from the Blacks, IF your are silent and compliant to "North American peasant control policy".. but start doing a little "Al Gore and Greenpeace style bitching noise", and very quickly you'll discover just how unprotected your Linux powered PC really is... Ask Greenpeace and Al Gore about the max-attacks to their computer systems... I had to reinstall the OS about a hundred times this year.. Seems the big money world didn't like that I published, that "to save humanity from its impending early extinction, Money needs be extincted and replaced with something conducive to life and living and love".. They Freaked!, and slammed my PC's repeatedly, hard... Sure, Linux is reasonably secure, but it ain't perfect.
Malware Potentially Implicated in 2008 Fatal Plane Crash in SpainQuote:Investigators looking into the crash of Spanair Flight 5022 at Madrid International Airport on August 20, 2008, killing 154, found that the airline's central computer system used to monitor technical problems in its fleet was infected with malware, according to this news report. The central computer system should have warned the airline that Flight 5022, an MD-82 aircraft, was having repeat mechanical problems.[URL]
If I leave the computer running for a few minutes without doing anything on it, this screen appears demanding that I enter my password, otherwise I can't get back to Fedora. I understand the necessity for this security feature in a work environment, but I'm just a home user and this security screen is just a nagging problem I don't know how to get rid of.
I installed Ubuntu 11.04 Desktop and can access the internet through a linksys router with WPA2. I then installed Ubuntu server in the free space left on the disk, but the installation network autoconfiguration failed. I can boot either OS, but the server's DHCP client cannot discover any networks (there are several in the area).
i need to discover all network nodes and their ips is their a way to do it, then if i need to discover certain nodes which runs certain program. I'm using Fedora14 and FreeBSD
Some times ago I used multimedia.org. Now, I don't use them anymore. But some packages were installed from theirs source, for example yesterday I discovered old flashplayer-mozilla... Now I want to know, which of my packages are from multimedia.org repository. How to check this one? Any dpkg or apt magical command?
It's been a while, I haven't used Linux since version 6 or 7, and at that time, Anaconda gave you a choice of which level of SELinux to install - as I remember, I chose the "relaxed" version... but this time, with Version 11, I was not given any choice of which level of SELinux to use. I was automatically forced into a USER (drone) account with no administrative or limited administrative capabilities. I have my administrative name and password I assigned during the Anaconda install...but I don't know how to get into the superuser or root account and execute it so that I have full, unvarnished permission to do as I please on MY machine.
First of all, let me explain - This is MY computer and I can do with it exactly as I want. I am the Aministrator and I am the one and only OWNER of this machine. Therefore, I should have automatic access to SuperUser, and if I corrupt something, that is my fault...and its my machine. Cutting through the bull, I would like someone on here to just plain tell me, without cryptic remarks, to give me a step-by-step - The is a HOW TO to access the superuser account, name and password. And - this is HOW TO create a ROOT account with superuser permissions. What I need is a one-two-three this-is-how-to-do-it.
If I mess things up, I merely reinstall Fedora again and start from scratch. I don't care if I screw things up accidentally. What does irritate me is being forced to have a "drone" account on my machine that I own, without even asking me, what I wanted..
if I'm connected to one of VOIP Providers using a VPN connection to this provider, how the government will know that I'm doing such this issue ? how can I mis-track that activity ?
Because, I use a Thinkpad R61, I decided to see who did it as well and I got some results right away: Using Slackware 13 64 bit [URL] Followed into these links and followed them to my best ability:
I'm so used to Windows having to run multiple malware scans with multiple tools. Running registry cleaners and running CCleaner to remove all of the old temp files, cookies etc.. Derfagging. Ok with Ubuntu no more malware scans. No more registry scans. It appears that there isn't a defrag tool? And what about the other things that tend to clog up the works, Temp files , cookies etc. Is that what the disc janitor is all about?
