Ubuntu Security :: Safe To Transfer Files From Infected Windows Partition?
Sep 2, 2010
My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing),
- Kaspersky Rescue CD 10 (removed infections, now detects nothing),
- Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot.
2) Copy over files from Windows XP partition using Xubuntu.
3) Back up files to an external drive using Xubuntu.
4) Reinstall XP Pro and format hard drive.
5) Reinstall Xubuntu with dual boot.
6) Use Xubuntu for daily use.
7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
Long story short, my Windows had a fatal crash the other day and since I couldn't find the installation disk, I burned the Ubuntu 9.10 disk image to a CD at a friend's place and installed it on one partition of the hard drive. The other partition contained tons of Windows programs and documents in an NTFS system. Ubuntu is cool and all, but when I finally found the Windows disk, I wanted to reinstall it for dual-booting, to use some programs that don't run well in Wine.
To keep some documents safe and not waste any CDs, I moved them over to the Ubuntu partition before installing Windows. As experienced ubuntuists know, the slightly clumsy Windows installer erases GRUB in the process, and it's recommended to install Windows first. So, now I ended up with a working Windows partition and an Ubuntu partition with all of the stored data, which I can access via guest status with the burned CD.
Here's the catch though - as a guest and without Linux properly installed I can't move anything I moved to the Linux partition from the Windows partition back anymore. All the folders have a little X on their top corner. I'd be glad to reinstall Ubuntu now, but I must know how to keep all that tranferred data safe. Can I keep it there during the reinstallation? Should I install Wubi on Windows and access the stuff through it?
Now however its not letting me resize the Windows partition, mounted or unmounted. It currently occupies the whole disk. I would rather not reinstall the whole thing over again, but I will if I have to. Isnt there an easy way to shrink a Windows partition? I swear Ive done this before and it wasnt this hard. Could it be a problem with the Mint installer that now asks me if I want to unmount my disks before it goes into install mode? On this PC I would like to have
Windows XP Mint Ubuntu-Studio Edubuntu One of the E17 OSs Puppy Linux (to create a remix)
I am probably going to put most of the linux partitions on the second laptop drive but I want to install files on a non WIndows NTFS partition.
I got tired of dual booting on my old computer so on the new computer I am planning to run XP on VMware Player. The problem is that on the new computer neither Ubuntu or XP can "see" the FAT32 partition. I intend to use the FAT32 partition for photo images and old Windows files and need access from both Ubintu and XP.
For a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.
I know that Linux has no viruses out in cyberland that affect it but would it be possible for a Micrcrap virus to wiggle through an Ubuntu partition and find its way into the Windows portion of the same hard drive on a dual boot system when the windows portion is not being used?
I need to re-install windows on the windows side of my pc (my HDD is partitioned), and was wondering if there's any way to back up my pics and iTunes library by placing them on the Ubuntu side of my PC?
I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
I'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
After several times install & reinstall,i got a stable dual boot vista / ubuntu 10.10.,but i can't access or even see my windows partition from ubuntu,i installed my dual boot with wubu this time,in previous installation when i didn't use wubi , i didn't have such a problem & windows partition with all my files in it (windows files,media ,etc,) was easily accessible from "places" on ubuntu . I already disabled windows firewall & other security options but nothing changed
I have not installed Linux yet on my PC, andit has been years since I installed and used it.How will I transfer files between the two systems ondifferent drives the same computer? I suppose one still does not install Linux on an NTFS (windows) formatted disk so access would be natural?
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms 64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
I am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).
Naturally a Windows user, because all of my computers were with pre-installed Windows and I was young.. and I get used to it..In the time of.. growing up I became programmer and learnt how bad is actually Windows coded. Not only that.. Linux has better support for developers.So.. I was Windows user till yesterday. I finally decided to work on Installing Linux or more specifically - Debian.I love everything part of the GNU - GIMP, GTK+, Gedit, GCC...
Well I can't use my PC, both of my operation systems are non-functional.Windows get stuck (which is something completely typical for Microsoft stuff) on Windows logo screen, or safe mode loading files..Debian installation is messy.Firstly I installed Debian 6.0 on a Virtual DVD Disc mounted. I followed the installation process strictly and move forward to Debian startup.It asked me for account. root as "username" and the password as "password" didn't work so I logged in as "localhost" normal user.
However.. I started to realize that I actually also had to install the Graphical Environment in order to have Debian with the desired GNOME Desktop.. I went to aptitude to install the Graphic Environment Package but it said that I have no root rights.. I tried to log-in again, using the correct details but failed.I tried to get in, using the sudo command, but the sudo command also didn't work. Of course.. since I can't install packages, I can't either install sudo."su -" or "su" also prompt me to select a password which I apparently have no clue of.
Then I went to Debian Recovery, because there I was logged as root. It also pointed out that "Root Account is locked". I went to install packages finally.. But when the installation started to proceed It asked me for disk insertion in a specific folder?There I got lost completely.
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
I would like to transfer my music library and movie collection from my Desktop computer running Windows Vista and my laptop running Debian Squeeze. I have the laptop connected via wireless but it's possible to connect the two either directly with a CAT5e cable or through the router. I'm just wondering what the best way to do this would be.
So since i have installed linux, I have been ready about how virus are not nearly as likely to infect linux system as windows, i am running a dual-boot though and import my profile and have a lot of my files from windows system on linux, can they potentially be infected in the windows sense?
does it effective using ClamAV as Privoxy antivirus? I have actually configure it but it does not seem to come into any effect.Why?I test it with Eicar(test virus) online and it does not even prompt there is a problem unless i have scanned.Beside that,i have installed ClamAV daemon along with it. [URL]
Issue :How come the Clam Antivirus does not prompt there is a virus when i opened the file or problem link?Does it work difference as Window OS antivirus which prompt when there is a virus detected?
Last month I installed (not upgrade) squeeze in place of lenny on my dual boot laptop where the other OS is windows 7 Home basic (both C and D drives). I just noticed it today that while I can get any file from the windows to my squeeze I am not permitted to put any file to windows. As far as I remember I was not asked during squeeze installation whether the windows drives would be read-only drives. This difficulty was not faced when I had lenny. Can this problem be remedied now without going through a re-installation?
I am runnig WinXP and OpenSUSE 11.4 on dual boot.Generaly i am using SUSE, XP only for UpNP Media Center(server) to watch movies stored on my computer on TV via STB.For this i am using TVersity for wich i not found yet Linux alternative - or better say - i found it but is too heavy for my PC(P4 1.6 Mhz, 768 MB RAM, an dinosaur from Nvidia Vanta with 64 MB RAM)But this is not a part of my question.My question is how to transfer(copy, move...?) files from SUSE to WinXP?A large files like avi, mkv, mostly movies.I solved this to copy them on USB and then from USB to Win.This is a very slow proces because my PC have only USB 1.0And before asked me - all files are legaly downloaded from paysites.From SUSE, partitions(disks), folders and files under WinXP are visible but is not possible to copy files on them - acces is denied.Is there any way to do this?Suse is insatlled on LVM - /root/home/swapI am interesting ONLY to copy files from SUSE to Win, not at al from Win to SUSE.Code:
Directory: /home/janez Sun Aug 14 07:53:26 CEST 2011 janez@linux-cia6:~> su - root
I want to connect a laptop running ubuntu 10.04 to a laptop running windows 7 via direct connection in order to transfer files like music, documents, pictures, etc. I have an ethernet cable that I thought I would need in order to do it. Is that even possible?? If so, how would I go about doing that?
Now, I have tried to share the files wirelessly but for some reason when I pick up the workgroup on the ubuntu laptop and enter the password in order to connect to the windows laptop it says my password is wrong, when I know for a fact that it is not. I know I can transfer files with a flash drive and what not but I want to try to get this working.
I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
I have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.