I need to remove virus/injections from hindered of files from my web server, infected due to virus/injection.
i am working on simple idea.
1. script ask pattern as input from user OR pattern as input file.
2. script ask the specific path as input OR or list of infected file to be provided to remove pattern from path/list files.
3. find awk sed to remove pattern.
is there any better way ?
I can write bash script.
Our client-accounts were recently injected with the following script and since there are too many files that were injected (only index.php and index.html) how this script can be traced with a search command and removed in all files found.
[Code].....
I have a dual boot computer. The WindowsXP "side" has been infected with a rootkit virus. So far UBUNTU has not been affected to my knowledge. I have not yet removed the virus from the WindowsXP "side". I am thinking of deleting the NTFS partition and have the computer fully dedicated to UBUNTU. Now for my question. Is there a possibility that the virus resides in the MBR and that I need to "rebuild" the MBR to actually remove the virus?
Even more extreme, should I totally re-install UBUNTU in the name of safety and precaution.
I have Windows 7 partitions and Ubuntu 10.04 installed on a single hard drive with dual boot. The Windows has been infected by a fake MS Malicious Software Removal Tool (so much for the free internet security suite). Does this virus endanger the Ubuntu partition and can Ubuntu be used to remove it?
View 4 Replies View Relatedmy pendrive has virus. So i copied folder name "untitled folder" and pasted in desktop in suse linux. the folder (untitled) contains another folder name "file system". this file system folder contains two files (1)desktop.ini (2)pagefile.exe Then i delete the "untitled" to trash. the folder vanishes in desktop and landed in trash. When i try to empty the trash, the "untitled" refuses to get deleted. How to get rid of this virus in trash. I logged in another user not in root. even I am not able to change the permission to root.
View 3 Replies View RelatedI would like to install Windows as 2. O, but when I insert the original WindowsXP SP1, it loads up the files on the disc, and after that, a blue screen shows up, telling me, i have to remove viruses and the setup breaks down. I also tried it with Windows XP Pro, but the same problem.
Here is a Pic showing the exact Problem, except the upper part: PAGE-FAULT .... isnt there:
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
View 5 Replies View RelatedI have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
View 1 Replies View RelatedI'm planning to setup an FTP folder which will be public facing, this will mostly be Windows document (e.g .doc files, .exe files etc) I do not want my folder to have any Windows based viruses (or linux ones for that matter), thus I need a way to prevent infected files being distributed via my FTP. Can anyone recommend a linux virus scanner which will remove windows viruses.
View 1 Replies View Relatedcan't seem to get my Linux AntiVirus Live update to download virus defs from my Windows Symantec Update Server?Windows workstations can update and download without a problem?When I run LiveUpdate from the side it errors out with "an error has occurred (code=-2,001)" Also, I'm not sure where the Linux defs are to be placed on my windows side for download from my linux workstations? I've found a couple good articles but everything I've tried hasn't fixed my problem? If I download the virus defs locally to each linux box I can update the virus defs without a problem, not a good option when I have several Linux boxes.
View 1 Replies View Related1> i have centos5.4 fileserver.
i synchronize my document of windows xp with fileserver through samba server.
while synchronzing ,virus effected file are also get sync in fileserver .
i scheduled copying in crontab also.meanwhile by synchronizing the fresh file get replaced by virus file.this result lost of my data.
is there is any solution to restrict virus file from copying through rsync....
2> is there is any program to compare size of files on samba server
Installed Ubuntu 9.1 karmic koala in a dualboot with Windows XP to remove a virus from the windows drive. I think the virus was found but somehow I have done something to cause a invalid drive error message at startup. I read that gparted may by a way to fix this, but I don't want to do anymore damage.
This is what is displayed when I start Gparted /home/ubuntu/Desktop/Screenshot--dev-sda - GParted.png [IMG]file:///tmp/moz-screenshot.png[/IMG][IMG]file:///tmp/moz-screenshot-1.png[/IMG]
if there is any free software there used to protect Fedora from spyware and virus?
View 8 Replies View RelatedHow can I enable wireless injection?
[code]....
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
[Code]....
enable packet injection on ubuntu. My card was perfectly running fine(though monitor mode and packet injection not working).I had got bcm-sta wireless drivers installed.
When i run lspci --nn command, i found out my driver to be as below::
Code:
Network controller [0280]: Broadcom Corporation Device [14e4:4727] (rev 01)
when i run " airmon-ng "
it displays
[Code].....
I need to get packet injection working desperately. Also , do i need to patch my drivers or something like that?
how to patch it. but the problem is, I can't find a working download link.
View 1 Replies View RelatedTrying to delete injected code (one line) into multiple .php and .html files of a server with sed command but it seems there is a problem with sed when " and / are included in the string to be deleted.The string that needs to be deleted is <img heigth="1" width="1" border="0" src="http://imgddd.net/t.php?id=16382836"> However the last part of the string (id=########) is not constant (the number is variable) so I used the following:find /home -type f -iname index.html* -o -iname index.php* -o -iname index.html* -o -iname index**| while read FILE; do sed -i "s|<img heigth="1" width="1" border="0" rc="http:\imgddd.net*">||g" "${FILE}"; doneFor some reason it successfuly deleted the injection on .html files but NOT in .php files
View 8 Replies View RelatedI am facing problem on my Linux server, those runing php sites, most of the time hacker upload file in my website and take the control, and hack the sites, shoot the thousands of mail etc
View 7 Replies View RelatedI was playing around with Aircrack the other night, and trying to utilise the patches that would allow packet injection, but it wasn't working for me, so I rebooted. After that, though, my wireless card seems to have gone completely haywire. It doesn't show up at all in iwconfig. Before, I had 4 entries: lo, eth0, irda0, and eth1, which was the wireless. Now, only the first three show up. This is what it comes up as under lspci:
Code: 04:00.0 Network controller: Broadcom Corporation BCM4311 802.11b/g WLAN (rev 01) I've tried a number of solutions I've found online, including doing a cold boot, reinstalling the driver (Broadcom STA) and starting up from a cold boot, and am now trying this approach. Nothing has worked, so far. I'm getting really desperate. I need my wireless working for university, which starts shortly, and I might even switch back to Windoze if there's no feasible solution.
i would really like to know how to patch a wireless card driver so that i can start injection in aircrack for example let's say we have an "Atheros AR5007EG" do you know where to find the driver patch for ubuntu and how to patch it ?
View 1 Replies View RelatedI am playing around with aircrack.
And was trying to see whether my wireless card on my laptop can pass the injection test
And I end up seeing the following... does it mean my wireless card is not able to run aircrack?
root@myubuntu:/home/myubuntu# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
eth1 IEEE 802.11bg ESSID:"" Nickname:""
[Code].....
I am trying to implement a new project on Artificial Neural Network based Web Application Firewall for SQL Injection.which language is better for this ??i think to implement it as free and opensource linux based or cross platform project??i need some links to get a good source code of firewall for this.also give some links to this topic??anybody interested with this topic pls contact me to deepakbabu123@gmail.com
View 1 Replies View Relatedi have installed ubuntu 10.10the wireless adapter is BCM4312when i write "ifconfig" it gives me eth1 instead of wlan0 or wlbut the wirless is working fine with me still have the problem that when i try to load airodump-ng eth1 it gives me the follwoing message:ioctl(SIOCSIWMODE) failed: Invalid argumentARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Makesure RFMON is enabled: run 'airmon-ng start eth1 <#>'Sysfs injection support was not found either
View 4 Replies View RelatedI want to do some pen-testing using aircrack-ng on my local network and currently the only wireless adapter I have is the WNA 1100 netgear adapter. I am using the ath9k_htc driver.
View 7 Replies View RelatedI have the latest version of aircrack, and the latest compat-wireless package installed. When I try to inject I get this:
linux08:/usr/local/sbin # ./aireplay-ng -9 wlan0
16:46:33 Trying broadcast probe requests...
16:46:35 No Answer...
16:46:35 Found 0 APs
I know for a fact that there are 2 AP's. This worked perfectly with my old laptop with a D-link PCMCIA card.
[Code]...
currently I'm fiddling around with mod_security for apache2 configurations on CentOS boxes, right now in a test environment first (i.e. separate non production box).CentOS includes the mod_security "Core Rule Set" by Breach Security Inc, the devs behind that module.So far all's running mostly, logs/auditlogs etc.For simple testing, I made a small php form as following:
Code:
<?php
$link = mysql_connect("localhost",$user,$pass); //un/pw obfuscated for forum post
[code]...
i recently had a problem with the Ubuntu 10.10 installation, so what I did was that I reinstalled 10.04 on another side of the hard disk partition.
Now i want to remove all the files on the Ubuntu 10.10 and also remove the boot screen that comes up asking me to choose.
Recently one of the worm is spread in our network & so many unwated files are getting copied on our ubuntu file server like comment.htt, desktop.ini, winfile.exe Now we have clean that worm from our network but few files are remained on ubuntu server as well as in backup folders and i want to search those files and delete it.
View 1 Replies View RelatedI am still a novice with Ubuntu and I am trying to write a shell script which will clean redundant files. I am stuck with one line where I would need a command which will remove all files from directory except some of them. Can anyone please advice how to add such an exception to the rm command? I have searched some bash shell tutorials, however, no joy. Guess I have overlooked something.
View 9 Replies View Related