Ubuntu Security :: PC Defender 2010 Windows Virus?
Feb 28, 2011
I believe the name of the virus is "PC Defender 2010". This has self-installed, causing popups attempting to convince the user that there is a security flaw, and that they should upgrade to the advanced version. I have looked this up, and it is definitely a virus. The virus creates a shortcut with a target in the AppData folder named defender.exe. When I went to search for this file, after having set it to show hidden files and folder, I looked in the folder, and found nothing by the name of defender.exe. Does anyone have any ideas as to how to find this file, if it even exists, and then remove the virus all together from the computer. Ideally these solutions will be executable from Windows, as the user is rather afraid of linux.
My machine that is running Windows XP got a virus a few months ago. Keep in mind I have NEVER used Internet Explorer.
Symptoms when CONNECTED to the internet: My volume is turned down on start-up. When the volume is on the internet explorer "clicking" noise plays frequently. In task manager there are two "iexplore.exe" processes running. As soon as I kill them they will start up again. They aren't taking up copious amounts of memory, but they are still very present. If left on for long enough pop-ups will start appearing.
Symptoms when NOT CONNECTED to the internet: None.
What I've done: I've ran a handful of the free Anti-Virus programs, e.g., AVG, ComboFix, avast!, and Malwarebytes' Anti-Malware.
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
Since Wine recognize the .exe filetype and associates itself with it, is it possible to get a virus that starts up automatically in wine or is it limited to me manually running the program?
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
I believe it is a keylogger because my Facebook account has been hacked, I believe my email has as well. I heard that even if you reformat a harddrive, the virus could still sit there and apparently that is what happened to me. how to be rid of it and keep my security. I installed RKhunter and Chkrootkit. Rkhunter reports warning files while checking my filesystem. I can post a log if need be.
Lately, I've found 2-3 times an .exe file with a random name in my /home, and another data file with a random name as well. I'm a user of wine, but none of the programs that I use seems to be the cause. Last time it happened I sent it to virustotal.com, and this is the result: [URL].. So, this is clearly a virus. The two files show "nobody" in the proprietary field and "none" as group. What can I do to track down the cause? Also, telepathy-butterfly likes to hog 100% of CPU lately, and all I can do is killing it: is someone exploiting a vulnerability? if so, why the hell would he drop a win32 virus?
Let's say I have an avi file that contains a virus for ntfs windows xp sp3. I put that file on a linux ext3 partition. Then on a windows xp sp3 nfts computer, I connect to the partition over a network share via smb. I run the file within the share so the file is never physically on the windows xp sp3 computer. In this situation will the virus infect the windows xp ntfs partition?
I tried to ask this question in the other thread but the admin was saying to me that my other thread here [URL]..( it was not very much the subject of the thread ) People that use Unix,Mac OSX or any Linux OS all none windows do you need anti-virus program like Norton or Kaspersky? And same with firewall like ZoneAlarm and Comodo ?
Some people say you do not need a anti-virus program like Norton or Kaspersky or any firewall.Other people say you do and some say that Unix and Mac OSX have built in firewall.
And if on uses windows use ZoneAlarm or Comodo has it does alot more than windows firewall and router firewall. Note the admin saying the other thread was why windows get more malware and not very much the subject of the thread to post there.
I have been told that some virus scanners for linux (including but not limited to AVG, Antivira, clamAV, others) are available to ubuntu. My question is which of these still CURRENTLY support detection of WINDOWS viruses in addition to linux viruses. I would like to boot the Ubuntu live jump drive I have to scan windows machines and at least detect viruses, dont really need to repair. who knows which virus scanners compatible with ubuntu that will detect windows viruses as well
I know that Linux has no viruses out in cyberland that affect it but would it be possible for a Micrcrap virus to wiggle through an Ubuntu partition and find its way into the Windows portion of the same hard drive on a dual boot system when the windows portion is not being used?
I have a dual boot computer. The WindowsXP "side" has been infected with a rootkit virus. So far UBUNTU has not been affected to my knowledge. I have not yet removed the virus from the WindowsXP "side". I am thinking of deleting the NTFS partition and have the computer fully dedicated to UBUNTU. Now for my question. Is there a possibility that the virus resides in the MBR and that I need to "rebuild" the MBR to actually remove the virus?
Even more extreme, should I totally re-install UBUNTU in the name of safety and precaution.
i send this anti virus scanner for linux on the ubuntu geek site. bit defender for linux i downloaded the ubuntu version any1 know how to install it? i am a newbite i am still learning. heres the link to it on bit defenders site [URL]..
I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .
Name of File /usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4 Name of Problem Heuristics.Broken.Executable Status Loose
A while back I had been using ubuntu on a live cd after my windows partition had been taken over by a virus, which at the time I thought had been removed by my anti virus (and then took out winlogon) and I did a system repair instead of a complete reformat because I didn't want to lose all of my files. After repairing, I noticed some things like what looked like fake "this page has been blocked based on your security preferences" on major sites like ....., myspace and facebook. I ran another virus scan with a different AV and strangely it detected a behavioural software keylogger, which after looking it up seemed to be something that could only be installed with physical access to the system, which confused me. Anyway, this is when I started to use the live CD to copy some of my music, videos, pictures etc. onto my flash drive. From what I can remember, I used this USB on my main computer without problems, but the last time I used it (few months ago) I ran a virus scan afterwards, just to feel safe and it came up with a couple java exploit trojans. This was probably just coincidence and I hadn't ran a scan in a day or two, possibly even a false positive as I noticed no decrease to system performance or any odd happenings.
So, my questions are: Is it even possible for a virus from a windows partition to copy itself to a USB flash drive on an ubuntu live cd; and is it possible (if the virus was even capable of this) if I insert the flash drive into my ubuntu computer, it could do anything like transfer across my WLAN to my windows computer, or even copy its files onto ubuntu but be unable to do anything? Which brings me to another question: if I visit a website that may contain drive-by malware or a virus of any type, is it capable of acting at all, such as even trying to transfer itself into my home folder, or does it not even recognize ubuntu at all and do nothing?
Unable to send mail thus adjust protocol port and it worked. Things moving slow on computer. Thus ran clamtk virus scanner. It found a virus. Tried to quarantine it but not successful. Have GUI version 4.15 Antivirus engine .95.3. Virus is located at /home/kim/.mozilla-thunderbird/zrlm4cOj.default/Mail/LocalFolders/Inbox Phishing.Heristics.Email.SpoofedDomain What do I do to get rid of it?
I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.
The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.
I know Ubuntu doesn't really become the receiving end of Virus and melware but IM one of those users that proves that there are virus out there for mac and Linux.Like a few years ago (back during 8.o5 Ubuntu i think i downloaded a hefty amount of software with out considering the recourse Thus I became the receiving end of a nasty Ubuntu target virus sucked and at the time it ruined my fun so i went back to the windows virus any ways I'M looking for a virus protector that works on Linux as I tend to be Very.. *ehem...* dumb when it comes to what not to download
so ya other then avg (i had that on windows virus and its awful)also could I get an idea of things NOT to download?
I use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?
I used my printer without any problems using ubuntu os. As the day went surfing got slower. I lost ability to print. Went into windows os, which I haven't used for a few day, and scanned with superantispyware. A Trojan virus was found. Went back to ubuntu os and found that all printer programs had been removed.
After some time i always see a trojan virus in my ubuntu machines shared folder. It is an exe detected by ClamAv as Trojan.Autokit-77 I thought i was getting it from some windows machine on the network but that isn't the case. I deleted the virus and removed my computer from the network and still the virus comes back. My computer however, is still connected to the internet through an independent mobile broadband usb stick.
So where is the virus coming from and why is it going to my shared folder. I thought ubuntu would not allow the virus to do something like this without me giving it permission. I am running 10.4.
I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
