virus threat found by clam tk

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help

virus threat found by clam tk

Postby toledomint on Tue Dec 04, 2012 7:30 pm

Thanks in anticipation :- I have carried out a virus scan using ClamTK and it found a threat, which I quarantined I have searched the forums etc and google to try and find out what to do next which I am sad to say have not found the answer yet. I am a complete novice with Linux and windows come to that and I apologise for my ignorance, but I have tried to go into the quarantine bit of ClamTK to try and find out what the threat is but all I get is B522BD01. I am getting worried that someone may be able to get access to my email, banking etc. I have not downloaded anything that I am aware of & since seeing the threat by ClamTK have not done anything connected with my email etc. I am desperate to learn how to use linux safely and understand what the hell I am doing but as I say I am a complete novice at this so if anyone can tell me what to do would be a great help. I am using Linux Mint Maya, if you want any more info etc will tell you if you tell me how to get the info. Secondly can any advice be given re - the best book to learn linux etc I read reviews of Linux for dummies is not very good and can't make sense of the gobbledy gook tech talk regarding other books, ie systems etc, yep I am the dummy that doesn't have a clue about this stuff or would you advise that I just go back to windows as Linux is for experienced users?.
toledomint
Level 1
Level 1
 
Posts: 13
Joined: Thu Jun 07, 2012 12:36 pm

Linux Mint is funded by ads and donations.
 

Re: virus threat found by clam tk

Postby cwsnyder on Tue Dec 04, 2012 8:09 pm

First, the infected file is not likely to affect your Mint installation, at all. ClamAV is primarily looking for viruses which will affect Windows clients which are connected to your Linux machine or infected files which may be transferred to a vulnerable Windows computer by email or other media. Viruses which can affect your Linux installation are very rare, less than 1 a year found in the wild to watch for.
LMDE Mate 64-bit, LM17 Mate 64-bit
Debian Xfce 64-bit, Xubuntu 14.10 64-bit, Xubuntu 14.04 64-bit, Antergos Xfce 64-bit, PCLinuxOS LXDE 64-bit
cwsnyder
Level 6
Level 6
 
Posts: 1064
Joined: Wed Oct 20, 2010 6:49 am
Location: Nappanee, IN, USA

Re: virus threat found by clam tk

Postby toledomint on Tue Dec 04, 2012 8:16 pm

Thanks for that appreciate it. It said it was in Firefox when it was scanning. So should I just delete it and not worry or should I just leave it in the quarantine area of ClamTK?
toledomint
Level 1
Level 1
 
Posts: 13
Joined: Thu Jun 07, 2012 12:36 pm

Re: virus threat found by clam tk

Postby DrHu on Tue Dec 04, 2012 8:26 pm

You can check the quarantine area to get the virus name and then search the internet for any information on that virus type..
--I wouldn't automatically delete files: it is best to check even if it only satisfies your curiosity about the virus detected
    Once you are comfortable with ClamAV operations, you can decide if you then want to delete instead of quarantine the file..

On any browser, you can turn off javascript and saving passwords for sites, as well as using any extensions that can block adware and so on; that will help protect your system from getting a file installed
--also since you will already (usually for your own connection) be behind an ISP firewall and spam filters (you don't have to pay for it, since they most likely have to do that in any case to defend their own network: the reason they block port 25 for local email transmission)
    And of course, Linux/Ubuntu already comes with UFW (uncollimated FireWall): a software firewall
    --your local addition to any ISP or other connection type's security..

If I got that, I would probably run clamav directly again without being connected to the internet and see if it detects a virus name??
https://en.wikipedia.org/wiki/Clam_AntiVirus
--there are possibly some GUI for the desktop, you could use, if you don't want to learn the command line (terminal: shell (bash) commands..)

It is also true, that the likely virus, if it is real not a false positive would be a windows file type, such as an outlook email or a windows browser (Firefox or IE)
--if you were only in Linux and not using windows, then I don't know: Linux and Apple OSX tend to get very much fewer real viruses or worms than Windows OS
    Microsoft says this is because windows OS is more ubiquitous: another opinion is that windows OS is a patch job with many elements that is less integrated (as a system) than it appears to be
    --that is my view as well, since i am aware of some there development of the OS

To calm your mind
https://en.wikipedia.org/wiki/Linux_mal ... ic_threats
    Threats
    The following is a partial list of known Linux malware. However, few if any are in the wild, and most have been rendered obsolete by Linux updates or were never a threat. Known malware is not the only or even the most important threat: new malware or attacks directed to specific sites can use vulnerabilities previously unknown to the community or unused by malware
In the wild mind ubiquitous running on the internet for any targets available

You may wish to install chkrootkit
http://www.linuxforu.com/2011/10/chkroo ... my-within/
--a rootkit scanner for Linux

Also unless the virus or worm etc is a remote exploit, there is little if anything to worry about
--local exploits are managed by using a proper password/passphrase and possibly encrypting your /home directory (folder) space
    Truecrypt is well known windows application which is also available for Linux, you may be familiar with it..
User avatar
DrHu
Level 17
Level 17
 
Posts: 7110
Joined: Wed Jun 17, 2009 8:20 pm

Re: virus threat found by clam tk

Postby toledomint on Tue Dec 04, 2012 9:32 pm

Excellent that has put my mind at rest. Thank you so much really, really appreciate that. I did another scan and found 3 threats in total, which I quarantined and since deleted. The names of the threats were as follows.

1) Home/Mike/MozillaFirefox/mwadohks.default cache/D/34/F548Dd01-PUA.Js.xored

2) as above cache_001_ - PUA.Phishing Bank

3)as (1) Cache/4/D0/B522Bd01- PUA.HTML Infected.webpage

Am I right in thinking that this could be down to a webpage that I may have visited. I have NoScript running and have since stopped everything and only allow temp if I am on a page that says can't run without java script.
toledomint
Level 1
Level 1
 
Posts: 13
Joined: Thu Jun 07, 2012 12:36 pm

Re: virus threat found by clam tk

Postby Orbmiser on Tue Dec 04, 2012 10:26 pm

toledomint wrote:Excellent that has put my mind at rest. Thank you so much really, really appreciate that. I did another scan and found 3 threats in total, which I quarantined and since deleted. The names of the threats were as follows.

1) Home/Mike/MozillaFirefox/mwadohks.default cache/D/34/F548Dd01-PUA.Js.xored

2) as above cache_001_ - PUA.Phishing Bank

3)as (1) Cache/4/D0/B522Bd01- PUA.HTML Infected.webpage

Am I right in thinking that this could be down to a webpage that I may have visited. I have NoScript running and have since stopped everything and only allow temp if I am on a page that says can't run without java script.


Yes quite possible to visit an infected page and pick up malware,etc... I come across sites occasionally but my windows side firefox alerts and my Avast antivirus program intercedes.

Linux side the big thing to worry about is Not about the safety of your Linux system. It takes care of itself. What it can't do is protect the user from doing unsafe actions by being duped into giving out that sensitive data like bank accounts and passwords info know as phishing sites that dress up as your email provider or your Credit Card company or Bank. And trick you into entering the info they want the most.

Be more concerned about practicing safe browsing and staying alert when browsing the internet more about that then worrying about your linux system. Since it is a different beast that can protect itself that doesn't have to wear armour all the time like Windows.
.
User avatar
Orbmiser
Level 7
Level 7
 
Posts: 1514
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon


Return to Newbie Questions

Who is online

Users browsing this forum: Google [Bot], sameerp and 20 guests