I think im infected

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
Glossic
Level 1
Level 1
Posts: 8
Joined: Tue Jun 10, 2014 8:53 am

I think im infected

Post by Glossic » Fri Jun 13, 2014 1:46 pm

Sorry if I sound like I dont know anything about linux as I am a complete new guy. So for the past week I have been distro hoping and I've had a problem every single time. When ever I click on a link I always get an advertisement. Not just a normal one, but a "update your drivers" one and things like that. I'm thinking this is adware but it cant be as I just installed linux mint and havent touched anything. What should I do about this? Thanks :)

Mute Ant
Level 14
Level 14
Posts: 5135
Joined: Tue Sep 03, 2013 7:45 pm
Location: Norfolk UK

Re: I think im infected

Post by Mute Ant » Fri Jun 13, 2014 2:11 pm

I didn't even know this was possible until I read it here...
http://forums.linuxmint.com/viewtopic.php?f=90&t=169867
...
Last ditch effort was to check my router configuration......apparently "Remote Management" was checked on my
router. Further investigation showed that the DNS numbers were statically set (I never do that). I ran a WHOIS on the numbers
and found that they were located in China.
While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named "manual".

User avatar
Reorx
Level 11
Level 11
Posts: 3931
Joined: Tue Jul 07, 2009 7:14 pm
Location: SE Florida, USA

Re: I think im infected

Post by Reorx » Fri Jun 13, 2014 2:16 pm

Try blocking pop-up in your browser preferences...
browser-prefs.png
If that doesn't work, try NoScript (browser add-on) >>> http://noscript.net/

If that doesn't work, close Firefox. Then open your file manager. On the menu bar >> View > Show hidden files/folders and click this item. Find a folder called .mozilla and rename it to .mozilla-old. Then restart your browser and let us know if it works OK...
Full time Linux Mint user since 2011 - Currently running LM19 Cinnamon.

Image Image

Glossic
Level 1
Level 1
Posts: 8
Joined: Tue Jun 10, 2014 8:53 am

Re: I think im infected

Post by Glossic » Fri Jun 13, 2014 2:55 pm

Ok so I have removed the Firefox directory and uninstalled firefox. I am now using google chrome. The only concern that I have is that this "Virus" acted like a keylogger as well as adware. Is there anyway to scan my system?

User avatar
WharfRat
Level 21
Level 21
Posts: 13149
Joined: Thu Apr 07, 2011 8:15 pm

Re: I think im infected

Post by WharfRat » Fri Jun 13, 2014 3:16 pm

Glossic wrote:Ok so I have removed the Firefox directory and uninstalled firefox. I am now using google chrome. The only concern that I have is that this "Virus" acted like a keylogger as well as adware. Is there anyway to scan my system?
Did yo check your router configuration http://forums.linuxmint.com/viewtopic.p ... 67#p873321 :?:
ImageImage

User avatar
daveinuk
Level 7
Level 7
Posts: 1555
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Re: I think im infected

Post by daveinuk » Fri Jun 13, 2014 3:20 pm

You didn't need to uninstall, as mentioned above, popup blocker turned on, adblock plus FF add-on, and noscript add-on should pretty much stop any bogies - you can run clam AV on your system, plus other app's like rkhunter etc etc, read up on them first as there can be false positives and such, odds are its highly unlikely you're actually infected, but feel free to do whatever puts your mind at rest.

Glossic
Level 1
Level 1
Posts: 8
Joined: Tue Jun 10, 2014 8:53 am

Re: I think im infected

Post by Glossic » Fri Jun 13, 2014 3:35 pm

daveinuk wrote:You didn't need to uninstall, as mentioned above, popup blocker turned on, adblock plus FF add-on, and noscript add-on should pretty much stop any bogies - you can run clam AV on your system, plus other app's like rkhunter etc etc, read up on them first as there can be false positives and such, odds are its highly unlikely you're actually infected, but feel free to do whatever puts your mind at rest.
Ok no more random driver update ads! (so far) Thanks for the help guys :)

User avatar
daveinuk
Level 7
Level 7
Posts: 1555
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Re: I think im infected

Post by daveinuk » Fri Jun 13, 2014 3:42 pm

I like/prefer firefox cos' of the addons and extras, never really liked chrome as i have an aversion to google but if there are addons available similar to those mentioned then get some, if only to cut the crud down . . . . . . . :wink:

User avatar
Reorx
Level 11
Level 11
Posts: 3931
Joined: Tue Jul 07, 2009 7:14 pm
Location: SE Florida, USA

Re: I think im infected

Post by Reorx » Fri Jun 13, 2014 3:56 pm

Glossic wrote:...this "Virus" acted like a keylogger...
You mean is sat silently on your system and recorded key strokes?!?!? Keyloggers are invisible/transparent on your system... the only evidence of their presence on your system is identity theft in one form or another!!!

This "virus" acted like a browser hijacker if anything... Browser hijackers take advantage of browser vlnerabilities... that is why I suggested NoScript (and renaming your .mozilla folder)!... Besides, a keylogger is software and like all software on your system, you have to install it... and there is no way to install it silently... it's the whole admin PW dialogue box thing... the presence of a keylogger seems unlikely...
Full time Linux Mint user since 2011 - Currently running LM19 Cinnamon.

Image Image

Glossic
Level 1
Level 1
Posts: 8
Joined: Tue Jun 10, 2014 8:53 am

Re: I think im infected

Post by Glossic » Fri Jun 13, 2014 4:04 pm

Reorx wrote:
Glossic wrote:...this "Virus" acted like a keylogger...
You mean is sat silently on your system and recorded key strokes?!?!? Keyloggers are invisible/transparent on your system... the only evidence of their presence on your system is identity theft in one form or another!!!

This "virus" acted like a browser hijacker if anything... Browser hijackers take advantage of browser vlnerabilities... that is why I suggested NoScript (and renaming your .mozilla folder)!... Besides, a keylogger is software and like all software on your system, you have to install it... and there is no way to install it silently... it's the whole admin PW dialogue box thing... the presence of a keylogger seems unlikely...
Yeah I come from the windows world where a simple java script can silently install a RAT on your computer. But I guess I'll be safe from that on linux! Thanks.

Distro-Don
Level 3
Level 3
Posts: 149
Joined: Thu May 23, 2013 8:43 pm

Re: I think im infected

Post by Distro-Don » Fri Jun 13, 2014 4:13 pm

Glossic wrote:
daveinuk wrote:You didn't need to uninstall, as mentioned above, popup blocker turned on, adblock plus FF add-on, and noscript add-on should pretty much stop any bogies - you can run clam AV on your system, plus other app's like rkhunter etc etc, read up on them first as there can be false positives and such, odds are its highly unlikely you're actually infected, but feel free to do whatever puts your mind at rest.
Ok no more random driver update ads! (so far) Thanks for the help guys :)

User avatar
Reorx
Level 11
Level 11
Posts: 3931
Joined: Tue Jul 07, 2009 7:14 pm
Location: SE Florida, USA

Re: I think im infected

Post by Reorx » Fri Jun 13, 2014 4:16 pm

Glossic wrote:Yeah I come from the windows world where a simple java script can silently install a RAT on your computer. But I guess I'll be safe from that on linux! Thanks.
(almost) Everybody here comes from the Windoze world, that's why we're here! :lol:

When I first started using Linux (about 5 years ago), I had heard that Linux was "virus proof" so I decided to prove that to myself... surfed some of the slimiest websited imaginable until I found one that tried to infect my computer... it was funny!... a dialogue box popped up and informed me that the website was trying to install SomePieceOfSlimeWare.exe on my computer... then another dialog popped up and asked for the admin PW... and I just looked on and giggled... then clicked "Cancel" and went on my way uninfected... Life's good in the world of Linux... :D

Good luck and as always, Enjoy the Mint! :mrgreen:
Full time Linux Mint user since 2011 - Currently running LM19 Cinnamon.

Image Image

User avatar
turtlebay777
Level 5
Level 5
Posts: 550
Joined: Tue Apr 15, 2014 4:56 pm

Re: I think im infected

Post by turtlebay777 » Fri Jun 13, 2014 4:37 pm

Whilst it's not prone to virus attack yet due to Windoze being the most popular, as more and more people move to Linux there may be some slime balls who will try to infect Linux distros with Linux viruses. They have already been manufactured under laboratory conditions.

Another more worrying aspect of Linux is that it is possible for a root kit to infect your system.

I'd suggest installing rkhunter and doing an occasional check to ensure you are clear.

To install rkhunter do this in terminal (copy and paste is easiest to get the spaces right):

Code: Select all

sudo apt-get install rkhunter
Then

Code: Select all

sudo rkhunter --update
Then run a check with it by writing this in Terminal

Code: Select all

sudo rkhunter -c

User avatar
turtlebay777
Level 5
Level 5
Posts: 550
Joined: Tue Apr 15, 2014 4:56 pm

Re: I think im infected

Post by turtlebay777 » Fri Jun 13, 2014 4:49 pm

On first run you may have similar reports like mine so read this short thread, http://forums.linuxmint.com/viewtopic.php?f=47&t=169702

User avatar
js3915
Level 3
Level 3
Posts: 177
Joined: Fri Jul 05, 2013 5:35 pm

Re: I think im infected

Post by js3915 » Fri Jun 13, 2014 4:59 pm

Your pretty safe in linux, most virus die when a kernel is updated. Long as you practice simple safe guidelines and your password isnt some name/dictionary based password youll never have to worry really. And if firefox/chome/palemoon/whatever browser you use shouldnt really need to ask for you sudo password if it does you know something is fishy.

User avatar
slipstick
Level 5
Level 5
Posts: 940
Joined: Sun Oct 21, 2012 9:56 pm
Location: Somewhere on the /LL0 scale

Re: I think im infected

Post by slipstick » Fri Jun 13, 2014 5:34 pm

turtlebay777 wrote:Another more worrying aspect of Linux is that it is possible for a root kit to infect your system
A very useful thread for us newbie's. But one thing I don't understand - if s/w can't be installed on your system without your approval, how do root kits get installed - how are they different than viruses?
In theory, theory and practice are the same. In practice, they ain't.

User avatar
Spearmint2
Level 16
Level 16
Posts: 6812
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: I think im infected

Post by Spearmint2 » Fri Jun 13, 2014 11:16 pm

Mute Ant wrote:I didn't even know this was possible until I read it here...
http://forums.linuxmint.com/viewtopic.php?f=90&t=169867
...
Last ditch effort was to check my router configuration......apparently "Remote Management" was checked on my
router. Further investigation showed that the DNS numbers were statically set (I never do that). I ran a WHOIS on the numbers
and found that they were located in China.
I believe you have the correct answer. A bad DNS server is no better than a bad proxy server and there's a large number of those capturing private information across the internet. A bad DNS is a "man in the middle" approach. He should put his router and his system's DNS settings to 8.8.8.8 and 8.8.4.4 to use the google DNS, unless he doesn't trust them either. Verizon has several DNS and you have to search to find out the one that lets you "opt out" of the adware Verizon sends back to browsers using that DNS server.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

Post Reply

Return to “Newbie Questions”