I believe it is a keylogger because my Facebook account has been hacked, I believe my email has as well. I heard that even if you reformat a harddrive, the virus could still sit there and apparently that is what happened to me. how to be rid of it and keep my security. I installed RKhunter and Chkrootkit. Rkhunter reports warning files while checking my filesystem. I can post a log if need be.
View 9 RepliesMy machine that is running Windows XP got a virus a few months ago. Keep in mind I have NEVER used Internet Explorer.
Symptoms when CONNECTED to the internet: My volume is turned down on start-up. When the volume is on the internet explorer "clicking" noise plays frequently. In task manager there are two "iexplore.exe" processes running. As soon as I kill them they will start up again. They aren't taking up copious amounts of memory, but they are still very present. If left on for long enough pop-ups will start appearing.
Symptoms when NOT CONNECTED to the internet: None.
What I've done: I've ran a handful of the free Anti-Virus programs, e.g., AVG, ComboFix, avast!, and Malwarebytes' Anti-Malware.
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
View 3 Replies View RelatedSince Wine recognize the .exe filetype and associates itself with it, is it possible to get a virus that starts up automatically in wine or is it limited to me manually running the program?
View 6 Replies View RelatedI believe the name of the virus is "PC Defender 2010". This has self-installed, causing popups attempting to convince the user that there is a security flaw, and that they should upgrade to the advanced version. I have looked this up, and it is definitely a virus. The virus creates a shortcut with a target in the AppData folder named defender.exe. When I went to search for this file, after having set it to show hidden files and folder, I looked in the folder, and found nothing by the name of defender.exe. Does anyone have any ideas as to how to find this file, if it even exists, and then remove the virus all together from the computer. Ideally these solutions will be executable from Windows, as the user is rather afraid of linux.
View 1 Replies View RelatedI know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
View 5 Replies View RelatedLately, I've found 2-3 times an .exe file with a random name in my /home, and another data file with a random name as well. I'm a user of wine, but none of the programs that I use seems to be the cause. Last time it happened I sent it to virustotal.com, and this is the result: [URL].. So, this is clearly a virus. The two files show "nobody" in the proprietary field and "none" as group. What can I do to track down the cause? Also, telepathy-butterfly likes to hog 100% of CPU lately, and all I can do is killing it: is someone exploiting a vulnerability? if so, why the hell would he drop a win32 virus?
View 9 Replies View RelatedLet's say I have an avi file that contains a virus for ntfs windows xp sp3. I put that file on a linux ext3 partition. Then on a windows xp sp3 nfts computer, I connect to the partition over a network share via smb. I run the file within the share so the file is never physically on the windows xp sp3 computer. In this situation will the virus infect the windows xp ntfs partition?
View 5 Replies View RelatedI tried to ask this question in the other thread but the admin was saying to me that my other thread here [URL]..( it was not very much the subject of the thread ) People that use Unix,Mac OSX or any Linux OS all none windows do you need anti-virus program like Norton or Kaspersky? And same with firewall like ZoneAlarm and Comodo ?
Some people say you do not need a anti-virus program like Norton or Kaspersky or any firewall.Other people say you do and some say that Unix and Mac OSX have built in firewall.
And if on uses windows use ZoneAlarm or Comodo has it does alot more than windows firewall and router firewall. Note the admin saying the other thread was why windows get more malware and not very much the subject of the thread to post there.
I have been told that some virus scanners for linux (including but not limited to AVG, Antivira, clamAV, others) are available to ubuntu. My question is which of these still CURRENTLY support detection of WINDOWS viruses in addition to linux viruses. I would like to boot the Ubuntu live jump drive I have to scan windows machines and at least detect viruses, dont really need to repair. who knows which virus scanners compatible with ubuntu that will detect windows viruses as well
View 3 Replies View RelatedI know that Linux has no viruses out in cyberland that affect it but would it be possible for a Micrcrap virus to wiggle through an Ubuntu partition and find its way into the Windows portion of the same hard drive on a dual boot system when the windows portion is not being used?
View 6 Replies View RelatedWould a Windows virus executed in Wine compromise the whole Linux system?
View 3 Replies View Relatedfor reset Facebook password,facebook send a code to e-mail,this code can be sniffed by sniff software?
View 2 Replies View RelatedI have a dual boot computer. The WindowsXP "side" has been infected with a rootkit virus. So far UBUNTU has not been affected to my knowledge. I have not yet removed the virus from the WindowsXP "side". I am thinking of deleting the NTFS partition and have the computer fully dedicated to UBUNTU. Now for my question. Is there a possibility that the virus resides in the MBR and that I need to "rebuild" the MBR to actually remove the virus?
Even more extreme, should I totally re-install UBUNTU in the name of safety and precaution.
if there is any free software there used to protect Fedora from spyware and virus?
View 8 Replies View RelatedI want to know if any one hacked or getting into my computer. I am using lucidlynx right now, My computer directly connected to modem, not using any wireless router. How can i check if some one hacked? How to prevent it?
View 6 Replies View RelatedI have a 6yo laptop...z60m. Solid little thing that I knocked around so much the hinge broke. My dad jerryrigged it so it can stay open.
So now I use it as a glorified DVD player. Then, around February the hard drive died. I put it in fresh, loaded a couple of regular games and the DVD modifications to play DVD's. So, besides the basic upgrade to 9.1 not much as been done.
Well, last week my panel disappeared. I procrastinated and last night I got on the computer. I did F2 and "xfce-panel" and my panel reappeared exactly how I'd last tweaked it.
With on exception. This blue globe, "Akonadi" had mysteriously appeared.
Thing is that I haven't installed or updated anything for 8 months...why? becuase I haven't had this thing connected to the Internet. The wireless tower has been on. (my bad) but all of the signigals in my neck of the wood are encripted so I just let it be.
I don't know where this program came from. Is it loaded in xubuntu? Why would it show up? And furthermore if there was someone with malicious intent (unfortunatly I do have to take that into consideration) have put this on for data collection?
I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies View Relatedmy computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.
Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.
When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!
Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...
If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.
Awoke to millions of failed SSH attempts into my public server. Behind a firewall which forwards only SSH and HTTP. Local iptables deny everything except SSH and HTTP. Exact same symptoms and results as Chris over at his site: here.I just want to know how they managed to execute a script, or make changes etc? Here's some info:According to cat /var/log/secure | grep "Accepted" no one besides myself gained entry via SSH.The FTP account (500:48 (Purposely in apache group)) is chrooted to a 775 directory and vsftpd does not accept anonymous entry. vsftpd and xferlog's are empty?
Code:
You have new mail in /var/spool/mail/root
[root@dev etc]# tail /var/spool/mail/root
[code]....
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies View RelatedI always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
I need to know whether Ubuntu can be hacked when it is installed as a dual boot with W7 by hacking windows and getting access to the Ubuntu partition?
What I would also like to know if this way can be used to put a key logger or screen capture in Ubuntu which installs next time Ubuntu is started?
My server (Ubuntu 10.04 desktop) was hacked. I had my ethernet plugged in to an Intel 82557 Ethernet Pro card (Pulse) when my server was first attacked. After it was attacked I reinstalled the system but my ethernet card still would not work. Ubuntu recognized it, but it is continually disconnected and the little status lights on the card do not light up anymore.
So then I plugged the ethernet to the mother board itself. Well, my server was hacked again and now the ethernet on the motherboard does not work. Again, Ubuntu (after a reinstall) recognizes the hardware but nothing happens when I plug the etherent in. The motherboard is a BioStar P4M900 VIA chipset. I have a few of the system logs here [URL] which I saved right after the first attack.
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
[Code]...
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies View RelatedI've discovered that after restoring my site's backup this has happened to me again. How to delete the hacked /home/crocbits directory so that I can restore the backup under the same username. When I try to delete /home/crocbits I get this message when logged in as root:
[Code]...
How to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?
View 7 Replies View RelatedI just got an email from google saying my site contained malware. It has a line in it: "<script src='http://whitepix.info/3'></script>". I've noticed its recursively in all my .html and .txt files in my website. Can I make a linux script to run that will go through all my .html and txt files recursively and delete that line from them? I don't know how it got in all of them.
View 6 Replies View Related