Windows virus still does SOME damage in Linux

Questions about applications and software
Forum rules
Before you post please read how to get help
vintagepen
Level 4
Level 4
Posts: 216
Joined: Mon Feb 06, 2012 10:14 pm

Windows virus still does SOME damage in Linux

Postby vintagepen » Wed Nov 08, 2017 9:21 am

Anyone know how to get rid of the ActiveDiscount virus please? ClamAV doesnt seem to remove it and my experience is that none of the half dozen windows AV programs [except Zoek] can find it. I dont suppose there is a way of effectively running Zoek in linux, is there?

Ii got it by following a 2012 link on xda-developers to Android File Host

User avatar
kc1di
Level 10
Level 10
Posts: 3305
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Windows virus still does SOME damage in Linux

Postby kc1di » Wed Nov 08, 2017 9:44 am

Hi,
Active discount does not attack linux per sae, but attaches itself to a browser or email client. Since you did not say which browser or Client is effected.
here is a web page that tells you how to clean it out of the browser.
https://malwaretips.com/blogs/ads-by-active-discount-removal/#browser
follow step # 5
the example if for google chrome, of course FireFox would be diffferent but the proceedure would be the same reset your personal data.
John 3:16
Morse code an Early Digital Mode
Registered Linux User #462608
Wireless Script: http://ubuntuforums.org/showthread.php?t=2082305&p=12350385#post12350385
Good terminal command tutorial: https://ryanstutorials.net/linuxtutorial/

User avatar
phd21
Level 13
Level 13
Posts: 4886
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Windows virus still does SOME damage in Linux

Postby phd21 » Wed Nov 08, 2017 10:29 am

Hi "vintagepen",

I just read your post and the good replies to it. Here are my thoughts on this as well.

You could create a bootable CD/DVD or USB flash drive stick of one of the reliable Anti-virus rescue discs and boot to that and run it on your whole system and any attached drives (ie: USB sticks)... Kaspersky (cd/dvd), Avira, Dr.Web, etc... It will take awhile to run.


Hope this helps ...
Phd21: Mint KDE 17.3 & 18.2, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,3gb Ram,160gb hdd, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Pjotr
Level 18
Level 18
Posts: 8829
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Pjotr » Wed Nov 08, 2017 10:36 am

Don't install any antivirus for this; that's unnecessary and even decreases the security of your system. It suffices to reset Firefox to its defaults:

- Launch a terminal window (this is how to launch a terminal window);

- copy/paste this command into the terminal:

Code: Select all

rm -v -R ~/.mozilla

Press Enter.

Close Firefox and relaunch it. Done. :mrgreen:

Same procedure for Google Chrome:

Code: Select all

rm -v -R ~/.config/google-chrome

Close & relaunch.

For Chromium:

Code: Select all

rm -v -R ~/.config/chromium

Close & relaunch.
Last edited by Pjotr on Wed Nov 08, 2017 11:05 am, edited 2 times in total.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
karlchen
Level 17
Level 17
Posts: 7946
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Windows virus still does SOME damage in Linux

Postby karlchen » Wed Nov 08, 2017 10:46 am

Hi, vintagepen.

Although the incorrect label virus is used in the article as well, it is still incorrect. It is a normal piece of Windows software, which has been designed and developped to do things which you may not like. Apart from the Windows executable file, which should not work on Linux Mint at all, there is a browser extension.
Browser extensions might well be able to run on Linux Firefox versions as well.
Hence you should definitely get rid of the ActiveDiscount browser extension.
I would look for it inside my browser profile, subfolder extensions, and remove it.
No idea whether the ActiveDiscount browser extension is able to pull in any further browser extensions or plugins - might be. So it is definitely worth checking.
Maybe the only really safe way, is, as has been suggested already, by renaming your $HOME/.mozilla subfolder tree (Firefox profile), and start all over with a fresh Firefox profile. In this case it would make sense, deleting the stuff inside $HOME/.cache/mozilla as well (would have to look up the exact pathname on a Linux system)

Regards,
Karl
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

User avatar
Pjotr
Level 18
Level 18
Posts: 8829
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Pjotr » Wed Nov 08, 2017 10:50 am

karlchen wrote:In this case it would make sense, deleting the stuff inside $HOME/.cache/mozilla as well (would have to look up the exact pathname on a Linux system)
Karl

This should do the trick for the Firefox cache:

Code: Select all

rm -v -R ~/.cache/mozilla/*


For the cache of Google Chrome:

Code: Select all

rm -v -R ~/.cache/google-chrome/*


For the cache of Chromium:

Code: Select all

rm -v -R ~/.cache/chromium/*
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

vintagepen
Level 4
Level 4
Posts: 216
Joined: Mon Feb 06, 2012 10:14 pm

Re: Windows virus still does SOME damage in Linux

Postby vintagepen » Fri Nov 10, 2017 10:40 am

Pjotr wrote:[b][i]

Code: Select all

rm -v -R ~/.mozilla

Press Enter.




Well that was absolutely catastrophic! Though it may have got rid of the malware, - as has been pointed out to me, IF I had it.

But this is my fault because I am not sure why I followed the destructive instructions after i had refreshed firefox and that SEEMED to get rid of the problem and the (possibly hidden) extension.

The chromium and firefox instructions lost me all my passwords, configurations and over a month's worth of work, all my 20-30 carefully preserved tabs that I was working on and changed all my internet search se tti ngs to an almost completely useless search engine called yahoo, which specialises in keeping users on their site (AOL-like) and never returning any relevant results if you aren't shopping [and doing so with their preferred retailers]. Curiously I have read articles that describe this business of switching search settings to Yahoo without knowledge or consent as malware in itself!

I should have had a bit more faith in Linux's ability to resist viruses & malware.

User avatar
Moem
Level 11
Level 11
Posts: 3665
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Moem » Fri Nov 10, 2017 10:50 am

Well, that's what it means to reset Firefox to its defaults. I do feel that Pjotr could have given a clearer warning than that... :?
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Flemur
Level 13
Level 13
Posts: 4540
Joined: Mon Aug 20, 2012 9:41 pm
Location: Potemkin Village

Re: Windows virus still does SOME damage in Linux

Postby Flemur » Fri Nov 10, 2017 11:11 am

vintagepen wrote:
Pjotr wrote:

Code: Select all

rm -v -R ~/.mozilla

Press Enter.

Well that was absolutely catastrophic!

Without a big "YOU'LL LOSE ALL YOUR BOOKMARKS AND ADDONS ETC" it was terrible advice.

I should have had a bit more faith in Linux's ability to resist viruses & malware.

It's actually a browser problem.
You might want to find the URL that supplies this bogus addon (or whatever it is) and add it to your /etc/hosts file so it can't be accessed again.

But! You DO BACKUPS, RIGHT?!?!?

So you can restore your ~/.mozilla directory from it....right?
Mint 18.2 Xfce/fluxbox/pulse-less - Xubuntu 16.10/fluxbox/pulse-less
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?

User avatar
Pjotr
Level 18
Level 18
Posts: 8829
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Pjotr » Fri Nov 10, 2017 12:41 pm

vintagepen wrote:Well that was absolutely catastrophic! Though it may have got rid of the malware, - as has been pointed out to me, IF I had it.

But this is my fault because I am not sure why I followed the destructive instructions after i had refreshed firefox and that SEEMED to get rid of the problem and the (possibly hidden) extension.

The chromium and firefox instructions lost me all my passwords, configurations and over a month's worth of work, all my 20-30 carefully preserved tabs that I was working on

It *is* your fault. I clearly stated that it would reset Firefox (and Chromium) to its defaults. Missed that line?

Sometimes I'm a bit surprised by the amount of hand-holding that some people apparently expect.... :shock:
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

vintagepen
Level 4
Level 4
Posts: 216
Joined: Mon Feb 06, 2012 10:14 pm

Re: Windows virus still does SOME damage in Linux

Postby vintagepen » Fri Nov 10, 2017 1:04 pm

Yes, it does appear to be necessary to explain that resetting firefox to defaults includes losing all work, tabs, passwords, configurations and introducing Yahoo malware into my computer: Heck, even gmail now has a screwed up, completely alien and totally non-intuitive look which seems to have been designed by Yahoo to stop users using gmail!

Especially where 'refreshing firefox' may have cured the problem (though not curing activediscount abusing memory/processing power by trying constantly to infect the non-existent registry?) yet doesn't do any of this.

User avatar
Pjotr
Level 18
Level 18
Posts: 8829
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Pjotr » Fri Nov 10, 2017 1:08 pm

vintagepen wrote:Yes, it does appear to be necessary to explain that resetting firefox to defaults includes losing all work, tabs, passwords, configurations and introducing Yahoo malware into my computer: Heck, even gmail now has a screwed up, completely alien and totally non-intuitive look which seems to have been designed by Yahoo to stop users using gmail!

Especially where 'refreshing firefox' may have cured the problem (though not curing activediscount abusing memory/processing power by trying constantly to infect the non-existent registry?) yet doesn't do any of this.

Don't shout. And assume responsibility for your own clear mistake. I'm not a babysitter.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

vintagepen
Level 4
Level 4
Posts: 216
Joined: Mon Feb 06, 2012 10:14 pm

Re: Windows virus still does SOME damage in Linux

Postby vintagepen » Fri Nov 10, 2017 4:42 pm

Pjotr wrote:Don't shout.

Sorry for that, - and I do acknowledge that your advice was correct

User avatar
karlchen
Level 17
Level 17
Posts: 7946
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Windows virus still does SOME damage in Linux

Postby karlchen » Fri Nov 10, 2017 5:27 pm

Hello, vintagepen.

Others have already stated that a warning might have been appropriate, emphasizing that removing the Firefox profile folder would of course remove all your bookmarks, your saved login credentials, your Firefox settings, your addons and a few things more. On the one hand.
On the other hand, I admit that if I had given the advice of removing the Firefox profile, I might also have made the mistake of assuming that a forum user, who joined more than 5.5 years ago, might be aware of what removing the Firefox profile will do.

This very likely is the reason, why user Cosmo. had made it a habit to instruct users of renaming the Firefox profile folder instead.

Code: Select all

mv $HOME/.mozilla $HOME/.mozilla.bak
And only if all problems had been sorted out, he told to remove the renamed folder.
This gave users the chance of reverting or selectively restoring particular files from the renamed profile folder to the new profile folder.

Also, please, keep in mind, that not giving the warning would have had no ill side effects, provided you did regular backups of your data. Apparently you do not do so. And this is something which you cannot blame Pjotr for.

This story once again illustrates that it always takes more than one mistake to make a catastrophe.

Best regards,
Karl
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

Penn
Level 5
Level 5
Posts: 640
Joined: Tue Jun 10, 2014 1:12 pm

Re: Windows virus still does SOME damage in Linux

Postby Penn » Fri Nov 10, 2017 6:03 pm

Pjotr wrote:Don't shout. And assume responsibility for your own clear mistake. I'm not a babysitter.

This seems out of character for you. What makes your site so good is you include detailed step by step instructions on how to do things coupled with easy to understand but informative explanations of why take those steps and what they mean in the eyes of those who don't understand such terminology as "reset your browser".

The in this thread went so far as to "correct" karlchen who I feel gave the better advice. The only thing he didn't do that I have seen others do is explain that after a fresh profile was established you could use the renamed folder to get back some of you old profile.

However, maybe the way it happened can be a learning experience for the OP. Back up your bookmarks and other personal data you may want. Personally, I say DON'T let the browser remember your passwords. Over time such security measures as encryption and salting have gotten better but I do remember a time when people could steal all your saved passwords when you connected to their site (or false ad). It wouldn't surprise me if some hackers figured out how to do that again, present or future, though currently I haven't heard about that type of exploit existing.

User avatar
Pjotr
Level 18
Level 18
Posts: 8829
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Pjotr » Fri Nov 10, 2017 6:10 pm

Penn wrote:
Pjotr wrote:Don't shout. And assume responsibility for your own clear mistake. I'm not a babysitter.

This seems out of character for you. What makes your site so good is you include detailed step by step instructions on how to do things coupled with easy to understand but informative explanations of why take those steps and what they mean in the eyes of those who don't understand such terminology as "reset your browser".

Thanks for your compliment. :)

There's a difference though, between my website and my advice on this forum.... I can afford the one-time investment of time and effort in creating elaborate step-by-step how-to's on my website, but not so for my forum advice.

Because the latter is repetitive and would require more time and effort than I have to spare (at least when I can't give a link to a how-to on my website). So my forum advice is usually not so elaborate. :wink:
Last edited by Pjotr on Fri Nov 10, 2017 6:19 pm, edited 2 times in total.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
Pjotr
Level 18
Level 18
Posts: 8829
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Windows virus still does SOME damage in Linux

Postby Pjotr » Fri Nov 10, 2017 6:17 pm

vintagepen wrote:
Pjotr wrote:Don't shout.

Sorry for that, - and I do acknowledge that your advice was correct

Apology accepted. Good luck with getting things running again. :)

I've noticed that in the meantime, a mod (karlchen?) has undone the shouting.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.


Return to “Software & Applications”

Who is online

Users browsing this forum: Bing [Bot] and 10 guests