Page 2 of 2

Re: Firefox Virus

Posted: Wed Jan 30, 2019 9:14 am
by Pepi
Image

Re: Firefox Virus

Posted: Wed Jan 30, 2019 11:11 am
by mediclaser
I would go with the nuclear option --> reinstall Linux Mint! :twisted:

Re: Firefox Virus

Posted: Wed Jan 30, 2019 11:38 am
by stormryder
M8WHRR wrote:
Tue Jan 29, 2019 4:48 pm
I tried downloading a couple games the other day
Are they open-source? Did you get them directly from the developers or through a third party dl site? How did you install them? Were you prompted for a password when you did install them?

I'd format the drive and reinstall. No guarantee the infection is limited to your .mozilla folder in my opinion. Even if you didn't install to the system basically anything in your home folder could be compromised.

Is there any reason to take the risk, even if there is only a shadow of doubt, when restoring from your back-ups should be trivial? Follow ptor's good advice until you've got time for it,
Pjotr wrote:
Tue Jan 29, 2019 6:16 pm
I advise to run your Firefox in a sandbox
Lol firejail can't protect the user from their own mistake, but if you do need to get questionable programs from outside the repository better to run the downloaded software in firejail as well.

I run some independent software, although most of it has been in the repo at one time or another, but I always research the software extensively first.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 1:20 pm
by MrGrimm
Pjotr wrote:
Wed Jan 30, 2019 8:26 am
MrGrimm wrote:
Wed Jan 30, 2019 8:19 am
first it's not debunked advice, second it's not bad advice and you know it. you damn well know you only use the nuclear option if there is no other choice.
Deleting the current .mozilla profile isn't the nuclear option. The nuclear option, which would indeed be exaggerated, would be to delete all the contents of the personal user folder. The rest of your message is just, again, repetition of your debunked bad advice....

Peace!
https://www.youtube.com/watch?v=qfTdCYl-c70
again you are completely clueless

Re: Firefox Virus

Posted: Wed Jan 30, 2019 2:37 pm
by Schultz
You think creating a new profile is the nuclear option? Are you serious? :? Reinstalling the OS, that's the nuclear option. 8)

Re: Firefox Virus

Posted: Wed Jan 30, 2019 3:16 pm
by patday8472
M8WHRR wrote:
Tue Jan 29, 2019 4:48 pm
Evening. Been using mint for a few years now, great so far. I tried downloading a couple games the other day and ever since I've had q_search jumping in on my Firefox. I search through the address bar, which is set for yahoo and it jumps to an address which is oll3.xyz

I've installed ClamAv and ClamTk, but I have no idea where to start. I've searched usr/bin and usr/bin/Firefox. Any help would be much appreciated.
I am curious which version of Linux Mint are you using? 18.1 18.2 18.3 19.0 19.1 or another version?

I have a theory but I maybe wrong. Yes, the safest way is to re-install or reinstall from a backup not timeshift if you are using that version.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 4:07 pm
by MrEen
Hi M8WHRR.

Aren't you glad you asked for help? :wink:

Only you know what you've done up to this point. Firefox obviously has redirect malware installed but is that ALL there is?

Did you use sudo when installing the games you downloaded. If you did, there's no telling what has been installed and where. The Firefox issue might be just the tip of the iceberg.

If you want to absolutely certain your system is clean, then format your drive and reinstall your OS.

Are those saying you don't need the nuclear option going to reimburse you if you wake up one day and your bank account has been wiped clean?

Again, you're in the best position to judge the amount of damage that may have occurred. The risk assessment is yours to make.

I'm truly sorry this happened to you.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 4:12 pm
by philotux
MrEen wrote:
Wed Jan 30, 2019 4:07 pm
If you want to absolutely certain your system is clean, then format your drive and reinstall your OS.
Plus one!

That's why I asked:
Pjotr wrote:
Wed Jan 30, 2019 7:32 am
philotux wrote:
Wed Jan 30, 2019 7:31 am
Pjotr wrote:
Wed Jan 30, 2019 6:09 am
There's no way of knowing for sure, that a clearly infected .mozilla profile didn't also
... infects other parts of the home directory. Is it safe to assume that the malware stays contained within the .mozilla folder?
No, but that's why I advise to run your web browser in a sandbox:
https://easylinuxtipsproject.blogspot.c ... ndbox.html

Re: Firefox Virus

Posted: Wed Jan 30, 2019 4:42 pm
by Pjotr
This thread is going from one extreme (doing far too little) to the other extreme (doing far too much). Whereas the latter is not so bad as the former, it's still exaggerated.... :wink:

Re: Firefox Virus

Posted: Wed Jan 30, 2019 4:48 pm
by philotux
Pjotr wrote:
Wed Jan 30, 2019 4:42 pm
This thread is going from one extreme (doing far too little) to the other extreme (doing far too much). Whereas the latter is not so bad as the former, it's still exaggerated.... :wink:
It's in the nature of "Malwareophobia" to get pandemic.
:lol:

Re: Firefox Virus

Posted: Wed Jan 30, 2019 5:24 pm
by MrEen
Pjotr wrote:
Wed Jan 30, 2019 4:42 pm
This thread is going from one extreme (doing far too little) to the other extreme (doing far too much). Whereas the latter is not so bad as the former, it's still exaggerated.... :wink:
Again, we don't know what the OP did. If sudo installthisgreatgame.sh or similar was involved, it may not be too much.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 5:43 pm
by patday8472
Not to nick pick, see when does a game cause malware if is from Ubuntu or Linux Mint PPA or even other there suppose to be checked out. That what linux was designed for to help people not get malware or viruses. Yes, I know it technically possible to get a virus in Linux.

This is just theory so don't jump down on it.

I did a 19.1 Linux mint clean installed without installing gksu. I got a malware virus in Opera. Wikipedia links were changing. It started to re-direct to bad sites. So, I reinstalled from a backup that didn't have 19.1 . So far no issues. Is it possible that 19.1 left a port open that shouldn't be. If the OP doesn't have 19.x then it could be from an update. Just for the record before that happened. I didn't visit bad sites. On the backup, I do it a little more than just formating. That would be to hard to explain in writing. Yes, the 19.1 iso past the sum256 check.


The other posters are correct. Either restore from a backup (not timeshift) or do clean reinstall of Linux Mint.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 5:46 pm
by Pjotr
patday8472 wrote:
Wed Jan 30, 2019 5:43 pm
I got a malware virus in Opera. Wikipedia links were changing. It started to re-direct to bad sites. So, I reinstalled from a backup that didn't have 19.1 .
It would almost certainly have been enough to simply delete the Opera profile in your user account.

Re: Firefox Virus

Posted: Thu Jan 31, 2019 9:48 am
by Pepi
Pjotr wrote:
Wed Jan 30, 2019 4:42 pm
This thread is going from one extreme (doing far too little) to the other extreme (doing far too much). Whereas the latter is not so bad as the former, it's still exaggerated.... :wink:
Non-productive :mrgreen:

Re: Firefox Virus

Posted: Thu Jan 31, 2019 11:29 am
by all41
The over-the-top, extreme, exaggerated, nuclear, alternative.
destroy hd.jpg
destroy hd.jpg (9.41 KiB) Viewed 416 times
:wink:

Re: Firefox Virus

Posted: Thu Jan 31, 2019 1:58 pm
by patday8472
Pjotr wrote:
Wed Jan 30, 2019 5:46 pm
patday8472 wrote:
Wed Jan 30, 2019 5:43 pm
I got a malware virus in Opera. Wikipedia links were changing. It started to re-direct to bad sites. So, I reinstalled from a backup that didn't have 19.1 .
It would almost certainly have been enough to simply delete the Opera profile in your user account.
This is just my opinion,

Not necessarily. Can you explain why I never got a malware virus until Linux mint 19.1? I have use both Linux Mint and Ubuntu varieties for the last 10 years. I have even use Puppy Linux (Old versions) at one time. Like I said, I didn't visit bad sites. I have used Opera for long time as well. I am posting this post from Opera in Linux Mint Xfce 18.3

I think I found the bug that caused it but I am not sure. This is going to sound strange. I believe the grub files provided with 19.1 and possibly 19.0 caused this issue. I am not going to recreate it, it was a mess getting out of it. I believe the bad kernel is a separate issue. Thanks to ironically Linux mint install usb boot disk, gparted and MiniTool Partition wizard. I was able to get out of this mess and restore my computer to a time that didn't have 19.1 If it is a different software update, 18.3 will be affected. So far it hasn't happened.