"Virus" on a fresh install!

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

"Virus" on a fresh install!

Postby junior-s on Thu Jan 17, 2013 11:00 pm

I scanned my PC with Clamtk tonight and it reported a vitrus at /usr/lib/linuxmint/mintWifi/drivers/i386/WUSB54Gv4/rt2500usb.sys PUA.Win32.Packer.NspackDotnetNor-1

More details: http://img443.imageshack.us/img443/5438/seleo007.png

So what should I do?

PS: avast doesn't detect anything
junior-s
Level 1
Level 1
 
Posts: 40
Joined: Mon Jan 14, 2013 8:57 pm

Linux Mint is funded by ads and donations.
 

Re: "Virus" on a fresh install!

Postby jungle_boy on Thu Jan 17, 2013 11:06 pm

Nothing. Relax and enjoy your linux mint. The virus (if it is one) is for windows, not Linux.
LM17 Cinnamon (PC and Notebook) with AMD Catalyst
HP Pavilion g4-1316br, AMD Quad Core, 1,5 GHz, Radeon 6520G/7450M,
Image
Linuxcounter Registered User #506065 (2008)
User avatar
jungle_boy
Level 6
Level 6
 
Posts: 1216
Joined: Thu Aug 19, 2010 2:51 pm
Location: Amazon Rain Forest, Brazil

Re: "Virus" on a fresh install!

Postby junior-s on Thu Jan 17, 2013 11:13 pm

There's no relaxing, I can't even remove it with clamtk. I'll be installing Wine in a couple of hours and I don't want any malicious files in my computer.

The question is: How did I get it?
junior-s
Level 1
Level 1
 
Posts: 40
Joined: Mon Jan 14, 2013 8:57 pm

Re: "Virus" on a fresh install!

Postby junior-s on Thu Jan 17, 2013 11:25 pm

Removed it from Terminal. Rebooted and the file was really gone.
Question is how did it get permission to be there?
junior-s
Level 1
Level 1
 
Posts: 40
Joined: Mon Jan 14, 2013 8:57 pm

Re: "Virus" on a fresh install!

Postby TheDynamicHamza21 on Thu Jan 17, 2013 11:25 pm

Linux Registered User: # 573034

www.domeshotsandfatlaces.com
User avatar
TheDynamicHamza21
Level 5
Level 5
 
Posts: 780
Joined: Thu Oct 04, 2012 7:24 pm
Location: California

Re: "Virus" on a fresh install!

Postby junior-s on Thu Jan 17, 2013 11:35 pm

Thanks. SInce I don't use WIFI I removed it. If anything the updated should re-download it, IF this file is legit.
junior-s
Level 1
Level 1
 
Posts: 40
Joined: Mon Jan 14, 2013 8:57 pm

Re: "Virus" on a fresh install!

Postby sammiev on Fri Jan 18, 2013 12:57 am

Clamtk gives a lot of false positives. :(
User avatar
sammiev
Level 3
Level 3
 
Posts: 143
Joined: Sat May 19, 2012 12:16 pm

Re: "Virus" on a fresh install!

Postby TheDynamicHamza21 on Fri Jan 18, 2013 1:46 am

junior-s wrote:Thanks. SInce I don't use WIFI I removed it. If anything the updated should re-download it, IF this file is legit.



Just checked my system I have installed as well. It's a legit file it's for a Linksys Wireless-G USB Network Adapter.
Linux Registered User: # 573034

www.domeshotsandfatlaces.com
User avatar
TheDynamicHamza21
Level 5
Level 5
 
Posts: 780
Joined: Thu Oct 04, 2012 7:24 pm
Location: California

Re: "Virus" on a fresh install!

Postby Orbmiser on Fri Jan 18, 2013 1:57 am

sammiev wrote:Clamtk gives a lot of false positives. :(


Yep and all anti-virus programs on any platform give false positives.
As Clamtk isn't really a die-hard desktop antivirus so much as for gateway,network Mail server protection?
And seems to say so in their description. Or I am reading it wrong?

Don't know about all the paranoia lately about Linux as there are no real world in the wild viruses for Linux?
Don't use it myself on dual boot with windows7 and it has it's own protection.
And no way for a windows virus to get from my linux partition to infect my windows side. Unless I manually transfer an infected .exe to the windows partition which would be pretty careless of me.

If I was networked with windows machines I might install it to scan email files. And of course I was running a server.
But can any linux guru give some valid reasons for single desktop user has a need too?

I would think setting up a proper firewall and protecting your ports and such would pretty much bullet proof your system?
Than some infrequent and rare occurrence of a linux virus or a windows virus being transfered to a windows partition?
User avatar
Orbmiser
Level 7
Level 7
 
Posts: 1514
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon

Re: "Virus" on a fresh install!

Postby junior-s on Fri Jan 18, 2013 5:58 am

I scanned with avast as well and it gave not infection results.

Which one is better, avast or clamtk?
junior-s
Level 1
Level 1
 
Posts: 40
Joined: Mon Jan 14, 2013 8:57 pm

Re: "Virus" on a fresh install!

Postby eanfrid on Fri Jan 18, 2013 7:40 am

It is (was) written in the documentation that enabling detection of PUA (Possibly Unwanted Applications) is rather unreliable - i.e. many in-depth admin and network tools are wrongly identified as "virusses". It leads to many false positives and then is (was) discouraged unless you know what you are doing with this option.

Edit: From clamav FAQ
What is PUA? I get a lot of false positives named PUA.*

With the release of ClamAV 0.91.2 we introduce the option to scan for Potentially Unwanted Applications. The PUA database contains detection for applications that are not malicious by itself but can be used in a malicious or unwanted context. As an example: A tool to retrieve passwords from a system can be useful as long as the person who uses it, is authorized to do so. However, the same tool can be used to steal passwords from a system. To make use of the PUA database you can use the --detect-pua switch for clamscan or enable it in the config file for clamd (add: DetectPUA yes). At this point we DON'T recommend using it in production environments, because the detection may be too agressive and lead to false positives. In one of the next releases we will provide additional features for fine-tuning allowing better adjustments to different setups. NOTE: A detection as PUA does NOT tell if a application is good or bad. All it says is, that a file MAYBE unwanted or MAYBE could compromise your system security and it MAYBE a good idea to check it twice.
Main desktop: Debian GNU/Linux Wheezy 64bit - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1871
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Linux Mint is funded by ads and donations.
 

Return to Newbie Questions

Who is online

Users browsing this forum: Bing [Bot], Dyfi and 12 guests