Is my Mint install infected with a virus or malware?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Is my Mint install infected with a virus or malware?

Postby ludude75 on Sat Feb 23, 2013 2:51 pm

I wanted to move to linux again this time more of a gradual trial.

I have a Compaq Presario that came with XP Home. I upgraded the Ram to 2GB DDR2 , From AMD Sempron CPU to a Dual Core 4200+ and a DVD burner, all which was not part of original factory setup. Thursday I tried Linux Mint 14 Cinnamon 32 bit on it and everything works including wifi so I decieded to do an install. I unplugged the 100gb sata xp drive, connected an 80gb sata drive and did a fresh install.
To boot this I just boot up computer, hit escape and choose the 80 gig drive from boot options. This way I can remove the drive and computer will be back without any boot issues.
I did the install on Feb. 21. Everything goes fine so I do a system update. Still fine. I installed some games and programs using the package manager.

Secret Maryo Chronicles
Frozen-Bubble

Bleachbit
XFCE desktop
XScreensaver
gscan2pdf
Bittornado Client
Asunder cd ripper
Docky
Samba GUI
cups-pdf
maybe a couple other things though all using default package manager so I figured i'd be safe.

I also added the firefox persona to customise the browser, changed panel to silver, adjusted menu to open on hover, changed clock to show 12 hr/ AM PM.
Changed background wallpaper to a pic I like, etc. Just minor things.
I am connected to Comcast Internet and this computer and all others are behind a Netgear Router / firewall and connected to WPA2 Personal wireless N.
I have yet to really download anything with torrent yet or anything else for that matter. I have browsed a few sites, checked my yahoo mail, and did a bit of general reading to figure out how to get programs I want on this install. Friday Morning I went to check my yahoo mail and found it odd I had like 5 Mail Delivery Failures. I had not sent any mail just checked and read some. I checked the contacts they were sent to and sure enough they were old ones I never used and had expired. Problem is it sent to everyone on contact list.

I did some searching online and seen suggestion to run rkhunter. I opened package manager, installed it and went to root and ran it.

These are the warnings I got:
[10:36:43] /usr/bin/unhide.rb [ Warning ]
[10:36:43] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text

[10:38:25] Info: Starting test name 'passwd_changes'
[10:38:25] Checking for passwd file changes [ Warning ]
[10:38:25] Warning: User 'postfix' has been added to the passwd file.
[10:38:25]
[10:38:25] Info: Starting test name 'group_changes'
[10:38:25] Checking for group file changes [ Warning ]
[10:38:25] Warning: Group 'postfix' has been added to the group file.
[10:38:25] Warning: Group 'postdrop' has been added to the group file.

[10:38:26] Checking /dev for suspicious file types [ Warning ]
[10:38:26] Warning: Suspicious file types found in /dev:
[10:38:26] /dev/.udev/rules.d/root.rules: ASCII text
[10:38:26] Checking for hidden files and directories [ Warning ]
[10:38:27] Warning: Hidden directory found: '/etc/.java'
[10:38:27] Warning: Hidden directory found: '/dev/.udev'
[10:38:27] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

I searched some and I am confused as to whether they are problems or should be ignored?

I also was reading I should try to Check that I don't have any malicious browser extensions installed on your web browser. I looked under extensions and don't see anything suspicious, just Mint Search Enhancer 1.0 , Personas 1.6.2 , and Stylish 1.0.7 I just installed Personas the other two were on here.
So How do I know if I have been infected with something? I don't want to check anymore email address or use any other password protected sites till I know this install is clean?
I was under the assumption that linux was mostly invonerable to these issues or it was rare if it did get malware/spyware/ or virus's.
I have used XP for years, fairly clean user I haven't gotten any spyware buildup using malware programs to check. haven't gotten any virus warnings from antivirus either. It's just odd once I made the switch I start having issues. Also have two other issues I have noticed, Clock time is jumping to random time and when I log into linux the user name and password no longer show up. I can type user name and you can't see it, hit tab or enter password comes up type it and it's blank to, no dots. hit enter and it logs in fine.

Sorry if this is so long but I just wanted to make sure I covered everything I can think of.

If this is an infection, is there any way to prevent it? like a virus protection software or malware scanner/remover?
ludude75
Level 1
Level 1
 
Posts: 18
Joined: Wed Feb 20, 2013 6:58 pm

Linux Mint is funded by ads and donations.
 

Re: Is my Mint install infected with a virus or malware?

Postby DrHu on Sat Feb 23, 2013 4:38 pm

I usually use chrootkit because rkhunter has a tendancy to prioduce false positives, nevertheless mos of the data shown for your rkhunter seems ok: adding groups etc.
http://archive09.linux.com/feature/128450

Remote viruses for Linux aren't so many, and local exploits are preventable by good user management and passwords
--people sometimes suggest using an anti-virus, well because windows and Apple have them available, and for that reason it just seems to make sense (at least to the vendors of anti-virus products)
AVG
Clamav
--usually used to catch windows email viruses and prevent transmission via a Linux OS
  • If you don't use wine (a win emulation..), or don't install windows OS in a VM and bridge the network Linux host's network card
    --you can't get a windows OS virus or worm or anything like that, since it won't run under Linux kernel (OS)
    --you also won't be exposing your Linux (non-windows) system to any risk
  • Additionally by being behind an ISP, and using NAT as the standard connection,you are pretty much safe from remote exploits
    --except perhaps for browser based ones, too much clickity-click actions..
Last edited by DrHu on Sat Feb 23, 2013 4:45 pm, edited 1 time in total.
User avatar
DrHu
Level 16
Level 16
 
Posts: 6921
Joined: Wed Jun 17, 2009 8:20 pm

Re: Is my Mint install infected with a virus or malware?

Postby flyboy1565 on Sat Feb 23, 2013 4:41 pm

This sound like your email got hacked. I would sent all your contact a message notifying them that you're email is compromised. Change your email password to something like A6Bgg2!, also I'd tell your contacts to keep an eye on there accounts!

Sent from my ADR6350 using Tapatalk 2
flyboy1565
Level 3
Level 3
 
Posts: 101
Joined: Sat Feb 16, 2013 2:07 am

Re: Is my Mint install infected with a virus or malware?

Postby ludude75 on Sat Feb 23, 2013 5:48 pm

I also just found chrootkit while reading and installed it via package manager and ran it and it seemed to look ok with no issues.
I also installed calmAV and ran it too. Also came back clean. Hopefully this was all just a crappy coincidence cause I see no reason to keep using windows when I get just as much use out of something that's pretty much free but just requires a bit more thinking and reading.
ludude75
Level 1
Level 1
 
Posts: 18
Joined: Wed Feb 20, 2013 6:58 pm


Return to Newbie Questions

Who is online

Users browsing this forum: clankfu, Google Feedfetcher, JeremyB, RonC and 33 guests