email account blocked due to virus [SOLVED]

[Morearty]

Hello again - people here were so helpful with my last problem about opening folders, I hope you can help here too.

I have looked at the "Questions about Defragging or Antivirus? Look here first!" thread, but I'm afraid I couldn't make much out. AFAICS most users agree that viruses are almost non-existent in Linux, but there is always a small possibility: certainly browsers can be attacked: perhaps that is what happened here.

So what happened? Yesterday my email account with UPC.at was suddenly blocked: I could not access it and correspondents' mail was rejected. I called UPC help and was told that my email was infected with a virus and therefore had to be shut down. I am supposed to clean up the virus on my PC and then they will reinstate the account. I told them I used Linux Mint which is supposed to be immune to viruses but they were not impressed: I had a virus and that's that; no advice on how I should go about cleaning. Internet is still working, I can use other email accounts like gmail, but not my main one, which is with UPC. Firefox still works, though it has been rather dodgy lately, taking more than a minute to open. I understand that others have had problems with FF45.

Any ideas? Thank you in advance for any advice.

[Cosmo.]

As far as I understand, you use the web-mail interface via Firefox; correct?

Try this:
Close FF.
Open your file-manager and make hidden files visible (press ctrl-h).
Rename the folder .mozilla to .mozilla.bck
Start FF, this will create automatically a new FF-profile.
Does this now work?

To get back to your old profile:
Close FF.
Delete the new folder .mozilla
Rename the folder .mozila.bck back to .mozilla
Start FF. Done.

[kukamuumuka]

For avoiding to lose emails, it would be good to use programs like Thunderbird. I suppose that someone has send a virus-email to your email-box and your email-provider has found that your box is infected.

It is not a linux-problem.

[Morearty]

Thank you for your replies. However, the email provider (UPC) has closed the account until I remove the virus. Will either of the above do that? If not, what can I do? Perhaps download ClamAV?

[kukamuumuka]

Thank you for your replies. However, the email provider (UPC) has closed the account until I remove the virus. Will either of the above do that? If not, what can I do? Perhaps download ClamAV?

Do the Cosmo.´s instruction or try with other browser.

Code: Select all

mv ~/.mozilla ~/.mozilla.original

One improbable choice is that your computer time is the wrong (year 2007, etc.) which causes the false interpretation from your browser.

[Cosmo.]

Hm, must be a very strange email-provider. But what has really happened?

Coming back to the original post:

I called UPC help and was told that my email was infected with a virus and therefore had to be shut down.

What was / is infected? A mail you did send or do they say, that your system / e-mail client (in your case the browser) is infected?
I think (mh: guess) they mean the first. But if you do not send this mail again, what do they expect, that you do?
Is the mail really infected? In which format did you try to send: plain text or html? Did you attach any file to the mail?
BTW: There is also the possibility, that they got a false-positive hit. This is a common problem with AV-programs (they will most likely use one of them); in this case you could do nothing at all - obviously.

I am supposed to clean up the virus on my PC and then they will reinstate the account.

Again I wonder, what they do expect. Obviously you could call them and tell them, that you have cleaned your system, but how will they check, if you had really done anything with your system?

What you can do is to launch the live system and tell them, that you have a new system. A live system is malware-free and it is a new system, so this would be the pure truth.

I also did some search about upc.at and I see, that they are indeed an Internet-provider. So what about your Internet access: Is this also affected? What I also found is this - and this doesn't look good. But I cannot judge myself.

[Habitual]

I am supposed to clean up the virus on my PC and then they will reinstate the account.

Ask them which virus.
Surely, that is not beyond reasonable?

[Tomgin5]

My Comcast account said I had a virus when I put on my Linus computer after viruses trashed my old one. I took the router to their office and told them I wanted a new one as I had switched to Linux and the old router was not serviceable. 10 seconds later the serviceman handed a new router to me and said they were now busy cleaning up their server. I plugged in the new router and everything worked and still does. Even the wife is now able to get on with her tablet through the router with her games like she never could before.
Try taking the router to them and tell them in person.

[Morearty]

Thanks for the suggestions and comments. It seems that most of you feel, as I do, that UPC.at is an unsatisfactory provider, at least as far as service goes. I used to have access interruptions quite often, and they fobbed off my requests for help, saying that my connection (in-house cable) was too long, although it had worked fine before. Finally they sent someone competent, who replaced the cables in the junction box out in the street, and no trouble since. Nonetheless, the connection is usually OK and it would be a hassle to change, although that may eventually be necessary.

As some of you have pointed out, the problem is not at all clear. What I understood is that they say that a virus has infected my email account and I am supposed to clean it. The account, however, is apparently not on my PC, and my access to their server is blocked, so how can I do that? I believe they are asserting that my PC is infected: that seems unlikely, but they demand that I fix it, and email them (from another account) evidence that I have run the virus check. I can tell them to go ___ themselves, but they'll reply the same.

Upshot is, I would like to run a virus check anyway, I've wanted to have peace of mind for some time, so I'd appreciate your helping me go about that. Should I install ClamAV and run it? How to do that? I have a bewildering lot of offers from Software Manager (see attachment), should I install all of them? And then, how to proceed with the virus check? I guess some of you will consider this foolish, but I would like to try it. Surely it can do no harm...can it?

[Cosmo.]

What I understood is that they say that a virus has infected my email account and I am supposed to clean it. The account, however, is apparently not on my PC, and my access to their server is blocked, so how can I do that?

I interpret this so, that you have an IMAP account. In this case you are right: Without having access to the account, they demand something impossible. All your mails are on their server.

I believe they are asserting that my PC is infected: that seems unlikely, but they demand that I fix it, and email them (from another account) evidence that I have run the virus check. I can tell them to go ___ themselves, but they'll reply the same.

They can (perhaps) scan, what you sent from your computer. They can see, if you misuse the computer for spamming (what might be in a - theoretical case of a zombie system - could happen without your knowledge). But how will they see, if the system is infected? Did UPC force you to install any proprietary software on your computer? If not, this cannot be.

As I already wrote: How should they be able to decide, if you have "cleaned" the system or not? So if you would install any AV and run it (let's say for your piece of mind), what guarantees you, that they say "OK, fine done" and let you use the account again? As they cannot see it themselves (assuming, that the mentioned proprietary software does not exist), they could still tell you, that the system is allegedly infected.

I still stay with my recommendation with the live system. You can tell them, that you use a new system, which is guaranteed malware-free - and you would tell the truth.

Another question - but above the scope of the forum - is, if you tell them, that you pay until the account is again available a shorter fee. If the account belongs to the services, which belong to your contract, they obviously do not give you the full service. Take this not as advice (I am no layer), but as a thought.

[phd21]

Hi "Morearty",

I just read your post and the good replies to it. Here are my thoughts on this as well.

It would help to know more about your system setup. If you run "inxi -Fxzd" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

It is very unlikely that your Linux Mint system would be affected by a virus, even if you received one in your email. Most email providers like Google's gmail are very good about preventing virus and malware from being sent or received, apparently UPC is not. Do you have to use the UPC email? What does UPC stand for? How do you read and send email, through a web interface, or do you use an email desktop program (email client) and which one?

I would highly recommend that you create & run a bootable anti-virus program from Avira, Comodo, AVG, etc... to check your entire system, and save the results to a flash drive, or somewhere, then email that to them and see if they will reactivate your account. One of these will also remove the problem, and or at least identify it, so you can. You would think that they could easily scrub (remove) the offending email and its attachment from their end, and provide you with specific details, so that you can remove the email on your end.

Avira - download .iso file burn to a CD/DVD, or to a USB flash drive stick to run it. I really like the Avira.
https://www.avira.com/en/download/produ ... cue-system


Comodo - rescue disk - they also have a real time Linux version to install, but back up first, in case your Linux system does not like it.
https://help.comodo.com/topic-170-1-493 ... tml?page=3

You could install an anti-virus, like ClamAV (ClamTK), but turn off PUA before running it, and make sure it updates first. You really do not need to install an anti-virus program.

Hope this helps ...

[kukamuumuka]

An easy test if the fault is in your computer or your email provider, is to boot using liveDVD and try to login to your email-account. If you cannot login, there is no problem in your computer.

[Cosmo.]

An easy test if the fault is in your computer or your email provider, is to boot using liveDVD and try to login to your email-account. If you cannot login, there is no problem in your computer.

They have closed the OP's account, so without at first open the account again from the provider site nothing will work.

But what a nonsense in this demand itself:

they demand that I fix it, and email them (from another account) evidence that I have run the virus check.

If UPC think, that their behavior to close the account is a correct and useful approach, where shall the logic be, that another e-mail provider will not stop the service for the OP? Their demand alone is a contradiction in itself.

If I were the OP, I would - as soon as the account is accessible again - store all mails, which are stored on their server, locally on my computer and then I would close this service (i. e. resign the contract). This happened once, it can happen again.

[Habitual]

Move on.

[killer de bug]

What I think is that you computer was used as a bootnet sending spam. That's the only reason I see them closing your account. So that spam stops. Wherefore I believe the virus/trojan is on your system. If it was in your mails, they would have stopped it long ago. Most if not all provider have antivirus scanning the email you send/receive. Most of them prevent you from emailing .exe for example.

[Morearty]

Hey guys, thanks again for your help. Perhaps I should explain: UPC.at are not the most considerate people, but their overall performance is good: dissing them and sayíng what they should do is not much help to me. I need to get back to my email account, so I can copy crucial mails and addresses: then I'll be free to shift to, say, gmail as my primary account and kiss UPC's email goodbye. And the price for getting back in, unreasonable as it is, is apparently to search out and repair possible viruses on my PC (and I'd like to do that anyway, just for peace of mind). Now the last poster, killer de bug, is saying, if I understand correctly, that I probably do have some viruses on my PC. (btw, killer de bug lives, like me, in Austria, so he surely has heard of UPC.at. )
So: do I have to go to the trouble of burning a CD with a rescue disk? Do I even need a rescue disk (whatever that is) just to get rid of viruses? Or will ClamAV do the job? If so, I'd really appreciate some help in deciding how to go about it. In my previous post of Sat May 14, I attached a screencap that lists all kinds of Clam stuff. Can you tell me which I need to install, and how to proceed once I've got it? Thank you for any help.

[Cosmo.]

do I have to go to the trouble of burning a CD with a rescue disk? Do I even need a rescue disk (whatever that is) just to get rid of viruses? Or will ClamAV do the job?

You need your live system (DVD or usb stick), which you used to install Mint.
Maybe ClamAV will "do the job", perhaps not. Definitely not, if there should be no virus (was still is not decided and IMO doubtful).

What I forgot to mention: Assumed that there would be really malware on your computer, than there is the chance, that it is not inside of your system, but "only" in your account. In case that you have only software installed by the official repositories and did not misuse sudo for other than really needed things (especially not used to launch your browser) or have at any time logged in as root, this chance is very high. In this case a new account would be malware-free.

[kukamuumuka]

It is quite improbable that your system has a virus. If you use Wine, there can be a windows virus, but more probable device can be a your router.
http://www.howtogeek.com/227384/how-to- ... r-malware/

For checking your system you can run Kaspersky-rescue CD or Avira Rescue CD

[Cosmo.]

For checking your system you can run Kaspersky-rescue CD or Avira Rescue CD

I doubt, that they will be of any use. As far as I understand the documentations they will not be able to open ext4 partitions. Only Windows systems are mentioned.

[phd21]

Hi "Morearty",

It is super easy to create (burn) a CD of Avira anti-virus (.iso) using your CD/DVD application (xfburn, or K3B, or whatever) 1-2 minutes at most. Then, boot to it and run it on your entire system. I have used this many times, and it will work on Linux and or MS Windows systems. Just save the results as a text file somewhere, like a usb flash drive stick, so that you can then email the results back to your email host. Obviously, if Avira asks to repair or delete something, do it, which can be setup to be done automatically in the Avira options or at runtime. This will take awhile to run, but at least you do not need to install anything in the current computer.

FYI: if you think, or know that you have a virus, or malware, in your current computer's operating system, then creating a bootable CD/DVD or USB flash drive stick to repair and diagnose your system is the right thing to do, because the current system is already compromised.

Hope this helps ...