Is my Mint install infected with a virus or malware?
Posted: Sat Feb 23, 2013 2:51 pm
I wanted to move to linux again this time more of a gradual trial.
I have a Compaq Presario that came with XP Home. I upgraded the Ram to 2GB DDR2 , From AMD Sempron CPU to a Dual Core 4200+ and a DVD burner, all which was not part of original factory setup. Thursday I tried Linux Mint 14 Cinnamon 32 bit on it and everything works including wifi so I decieded to do an install. I unplugged the 100gb sata xp drive, connected an 80gb sata drive and did a fresh install.
To boot this I just boot up computer, hit escape and choose the 80 gig drive from boot options. This way I can remove the drive and computer will be back without any boot issues.
I did the install on Feb. 21. Everything goes fine so I do a system update. Still fine. I installed some games and programs using the package manager.
Secret Maryo Chronicles
Frozen-Bubble
Bleachbit
XFCE desktop
XScreensaver
gscan2pdf
Bittornado Client
Asunder cd ripper
Docky
Samba GUI
cups-pdf
maybe a couple other things though all using default package manager so I figured i'd be safe.
I also added the firefox persona to customise the browser, changed panel to silver, adjusted menu to open on hover, changed clock to show 12 hr/ AM PM.
Changed background wallpaper to a pic I like, etc. Just minor things.
I am connected to Comcast Internet and this computer and all others are behind a Netgear Router / firewall and connected to WPA2 Personal wireless N.
I have yet to really download anything with torrent yet or anything else for that matter. I have browsed a few sites, checked my yahoo mail, and did a bit of general reading to figure out how to get programs I want on this install. Friday Morning I went to check my yahoo mail and found it odd I had like 5 Mail Delivery Failures. I had not sent any mail just checked and read some. I checked the contacts they were sent to and sure enough they were old ones I never used and had expired. Problem is it sent to everyone on contact list.
I did some searching online and seen suggestion to run rkhunter. I opened package manager, installed it and went to root and ran it.
These are the warnings I got:
[10:36:43] /usr/bin/unhide.rb [ Warning ]
[10:36:43] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
[10:38:25] Info: Starting test name 'passwd_changes'
[10:38:25] Checking for passwd file changes [ Warning ]
[10:38:25] Warning: User 'postfix' has been added to the passwd file.
[10:38:25]
[10:38:25] Info: Starting test name 'group_changes'
[10:38:25] Checking for group file changes [ Warning ]
[10:38:25] Warning: Group 'postfix' has been added to the group file.
[10:38:25] Warning: Group 'postdrop' has been added to the group file.
[10:38:26] Checking /dev for suspicious file types [ Warning ]
[10:38:26] Warning: Suspicious file types found in /dev:
[10:38:26] /dev/.udev/rules.d/root.rules: ASCII text
[10:38:26] Checking for hidden files and directories [ Warning ]
[10:38:27] Warning: Hidden directory found: '/etc/.java'
[10:38:27] Warning: Hidden directory found: '/dev/.udev'
[10:38:27] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
I searched some and I am confused as to whether they are problems or should be ignored?
I also was reading I should try to Check that I don't have any malicious browser extensions installed on your web browser. I looked under extensions and don't see anything suspicious, just Mint Search Enhancer 1.0 , Personas 1.6.2 , and Stylish 1.0.7 I just installed Personas the other two were on here.
So How do I know if I have been infected with something? I don't want to check anymore email address or use any other password protected sites till I know this install is clean?
I was under the assumption that linux was mostly invonerable to these issues or it was rare if it did get malware/spyware/ or virus's.
I have used XP for years, fairly clean user I haven't gotten any spyware buildup using malware programs to check. haven't gotten any virus warnings from antivirus either. It's just odd once I made the switch I start having issues. Also have two other issues I have noticed, Clock time is jumping to random time and when I log into linux the user name and password no longer show up. I can type user name and you can't see it, hit tab or enter password comes up type it and it's blank to, no dots. hit enter and it logs in fine.
Sorry if this is so long but I just wanted to make sure I covered everything I can think of.
If this is an infection, is there any way to prevent it? like a virus protection software or malware scanner/remover?
I have a Compaq Presario that came with XP Home. I upgraded the Ram to 2GB DDR2 , From AMD Sempron CPU to a Dual Core 4200+ and a DVD burner, all which was not part of original factory setup. Thursday I tried Linux Mint 14 Cinnamon 32 bit on it and everything works including wifi so I decieded to do an install. I unplugged the 100gb sata xp drive, connected an 80gb sata drive and did a fresh install.
To boot this I just boot up computer, hit escape and choose the 80 gig drive from boot options. This way I can remove the drive and computer will be back without any boot issues.
I did the install on Feb. 21. Everything goes fine so I do a system update. Still fine. I installed some games and programs using the package manager.
Secret Maryo Chronicles
Frozen-Bubble
Bleachbit
XFCE desktop
XScreensaver
gscan2pdf
Bittornado Client
Asunder cd ripper
Docky
Samba GUI
cups-pdf
maybe a couple other things though all using default package manager so I figured i'd be safe.
I also added the firefox persona to customise the browser, changed panel to silver, adjusted menu to open on hover, changed clock to show 12 hr/ AM PM.
Changed background wallpaper to a pic I like, etc. Just minor things.
I am connected to Comcast Internet and this computer and all others are behind a Netgear Router / firewall and connected to WPA2 Personal wireless N.
I have yet to really download anything with torrent yet or anything else for that matter. I have browsed a few sites, checked my yahoo mail, and did a bit of general reading to figure out how to get programs I want on this install. Friday Morning I went to check my yahoo mail and found it odd I had like 5 Mail Delivery Failures. I had not sent any mail just checked and read some. I checked the contacts they were sent to and sure enough they were old ones I never used and had expired. Problem is it sent to everyone on contact list.
I did some searching online and seen suggestion to run rkhunter. I opened package manager, installed it and went to root and ran it.
These are the warnings I got:
[10:36:43] /usr/bin/unhide.rb [ Warning ]
[10:36:43] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
[10:38:25] Info: Starting test name 'passwd_changes'
[10:38:25] Checking for passwd file changes [ Warning ]
[10:38:25] Warning: User 'postfix' has been added to the passwd file.
[10:38:25]
[10:38:25] Info: Starting test name 'group_changes'
[10:38:25] Checking for group file changes [ Warning ]
[10:38:25] Warning: Group 'postfix' has been added to the group file.
[10:38:25] Warning: Group 'postdrop' has been added to the group file.
[10:38:26] Checking /dev for suspicious file types [ Warning ]
[10:38:26] Warning: Suspicious file types found in /dev:
[10:38:26] /dev/.udev/rules.d/root.rules: ASCII text
[10:38:26] Checking for hidden files and directories [ Warning ]
[10:38:27] Warning: Hidden directory found: '/etc/.java'
[10:38:27] Warning: Hidden directory found: '/dev/.udev'
[10:38:27] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
I searched some and I am confused as to whether they are problems or should be ignored?
I also was reading I should try to Check that I don't have any malicious browser extensions installed on your web browser. I looked under extensions and don't see anything suspicious, just Mint Search Enhancer 1.0 , Personas 1.6.2 , and Stylish 1.0.7 I just installed Personas the other two were on here.
So How do I know if I have been infected with something? I don't want to check anymore email address or use any other password protected sites till I know this install is clean?
I was under the assumption that linux was mostly invonerable to these issues or it was rare if it did get malware/spyware/ or virus's.
I have used XP for years, fairly clean user I haven't gotten any spyware buildup using malware programs to check. haven't gotten any virus warnings from antivirus either. It's just odd once I made the switch I start having issues. Also have two other issues I have noticed, Clock time is jumping to random time and when I log into linux the user name and password no longer show up. I can type user name and you can't see it, hit tab or enter password comes up type it and it's blank to, no dots. hit enter and it logs in fine.
Sorry if this is so long but I just wanted to make sure I covered everything I can think of.
If this is an infection, is there any way to prevent it? like a virus protection software or malware scanner/remover?