Linux Mint Forums

[toledomint]

Thanks in anticipation :- I have carried out a virus scan using ClamTK and it found a threat, which I quarantined I have searched the forums etc and google to try and find out what to do next which I am sad to say have not found the answer yet. I am a complete novice with Linux and windows come to that and I apologise for my ignorance, but I have tried to go into the quarantine bit of ClamTK to try and find out what the threat is but all I get is B522BD01. I am getting worried that someone may be able to get access to my email, banking etc. I have not downloaded anything that I am aware of & since seeing the threat by ClamTK have not done anything connected with my email etc. I am desperate to learn how to use linux safely and understand what the hell I am doing but as I say I am a complete novice at this so if anyone can tell me what to do would be a great help. I am using Linux Mint Maya, if you want any more info etc will tell you if you tell me how to get the info. Secondly can any advice be given re - the best book to learn linux etc I read reviews of Linux for dummies is not very good and can't make sense of the gobbledy gook tech talk regarding other books, ie systems etc, yep I am the dummy that doesn't have a clue about this stuff or would you advise that I just go back to windows as Linux is for experienced users?.

[cwsnyder]

First, the infected file is not likely to affect your Mint installation, at all. ClamAV is primarily looking for viruses which will affect Windows clients which are connected to your Linux machine or infected files which may be transferred to a vulnerable Windows computer by email or other media. Viruses which can affect your Linux installation are very rare, less than 1 a year found in the wild to watch for.

[toledomint]

Thanks for that appreciate it. It said it was in Firefox when it was scanning. So should I just delete it and not worry or should I just leave it in the quarantine area of ClamTK?

[DrHu]

You can check the quarantine area to get the virus name and then search the internet for any information on that virus type..
--I wouldn't automatically delete files: it is best to check even if it only satisfies your curiosity about the virus detected

Once you are comfortable with ClamAV operations, you can decide if you then want to delete instead of quarantine the file..

On any browser, you can turn off javascript and saving passwords for sites, as well as using any extensions that can block adware and so on; that will help protect your system from getting a file installed
--also since you will already (usually for your own connection) be behind an ISP firewall and spam filters (you don't have to pay for it, since they most likely have to do that in any case to defend their own network: the reason they block port 25 for local email transmission)

And of course, Linux/Ubuntu already comes with UFW (uncollimated FireWall): a software firewall
--your local addition to any ISP or other connection type's security..

If I got that, I would probably run clamav directly again without being connected to the internet and see if it detects a virus name??
https://en.wikipedia.org/wiki/Clam_AntiVirus
--there are possibly some GUI for the desktop, you could use, if you don't want to learn the command line (terminal: shell (bash) commands..)

It is also true, that the likely virus, if it is real not a false positive would be a windows file type, such as an outlook email or a windows browser (Firefox or IE)
--if you were only in Linux and not using windows, then I don't know: Linux and Apple OSX tend to get very much fewer real viruses or worms than Windows OS

Microsoft says this is because windows OS is more ubiquitous: another opinion is that windows OS is a patch job with many elements that is less integrated (as a system) than it appears to be
--that is my view as well, since i am aware of some there development of the OS

To calm your mind
https://en.wikipedia.org/wiki/Linux_mal ... ic_threats

Threats
The following is a partial list of known Linux malware. However, few if any are in the wild, and most have been rendered obsolete by Linux updates or were never a threat. Known malware is not the only or even the most important threat: new malware or attacks directed to specific sites can use vulnerabilities previously unknown to the community or unused by malware

In the wild mind ubiquitous running on the internet for any targets available

You may wish to install chkrootkit
http://www.linuxforu.com/2011/10/chkroo ... my-within/
--a rootkit scanner for Linux

Also unless the virus or worm etc is a remote exploit, there is little if anything to worry about
--local exploits are managed by using a proper password/passphrase and possibly encrypting your /home directory (folder) space

Truecrypt is well known windows application which is also available for Linux, you may be familiar with it..

[toledomint]

Excellent that has put my mind at rest. Thank you so much really, really appreciate that. I did another scan and found 3 threats in total, which I quarantined and since deleted. The names of the threats were as follows.

1) Home/Mike/MozillaFirefox/mwadohks.default cache/D/34/F548Dd01-PUA.Js.xored

2) as above cache_001_ - PUA.Phishing Bank

3)as (1) Cache/4/D0/B522Bd01- PUA.HTML Infected.webpage

Am I right in thinking that this could be down to a webpage that I may have visited. I have NoScript running and have since stopped everything and only allow temp if I am on a page that says can't run without java script.

[Orbmiser]

Excellent that has put my mind at rest. Thank you so much really, really appreciate that. I did another scan and found 3 threats in total, which I quarantined and since deleted. The names of the threats were as follows.

1) Home/Mike/MozillaFirefox/mwadohks.default cache/D/34/F548Dd01-PUA.Js.xored

2) as above cache_001_ - PUA.Phishing Bank

3)as (1) Cache/4/D0/B522Bd01- PUA.HTML Infected.webpage

Am I right in thinking that this could be down to a webpage that I may have visited. I have NoScript running and have since stopped everything and only allow temp if I am on a page that says can't run without java script.

Yes quite possible to visit an infected page and pick up malware,etc... I come across sites occasionally but my windows side firefox alerts and my Avast antivirus program intercedes.

Linux side the big thing to worry about is Not about the safety of your Linux system. It takes care of itself. What it can't do is protect the user from doing unsafe actions by being duped into giving out that sensitive data like bank accounts and passwords info know as phishing sites that dress up as your email provider or your Credit Card company or Bank. And trick you into entering the info they want the most.

Be more concerned about practicing safe browsing and staying alert when browsing the internet more about that then worrying about your linux system. Since it is a different beast that can protect itself that doesn't have to wear armour all the time like Windows.
.