No Internet connection after being forced to a malware site

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
brutto07
Level 1
Level 1
Posts: 16
Joined: Mon Jan 19, 2015 10:41 am
Location: Sweden

No Internet connection after being forced to a malware site

Post by brutto07 » Thu Dec 07, 2017 6:13 pm

Hi, I have been using Linux Mint for a couple of years (that is, a relative newbie). All has worked just fine until now. My problem is that I can't connect to Internet anymore. The background is as follows: Using Mint 18.3 and Firefox I occasionally visited a web site which sent me to another (malware?) site having a popup window taking command of the whole screen and demanding me to reinstall Firefox (their version). As there were no way to leave that site I eventually had to force a shutdown of the computer. After restarting the computer the Internet connection was gone. I'm using a router and wifi and have tried a cable connection without any result. I have also tried another computer with Mint 17.3 installed, a Windows 10 computer, and my Android cellphone, without any problems connecting to internet via wifi. The router seems to work without any flaws.

I really have no clue what to do. I have heard and read that Linux is relatively secure when it comes to virus and malware. So perhaps it is something other?
Thanks in advance for any answer!

User avatar
Pjotr
Level 20
Level 20
Posts: 10058
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: No Internet connection after being forced to a malware site

Post by Pjotr » Thu Dec 07, 2017 6:20 pm

Can you send me a PM with the URL of the malware site? I'd like to take a look.
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
coffee412
Level 5
Level 5
Posts: 808
Joined: Mon Nov 12, 2012 7:38 pm
Location: Indiana, USA
Contact:

Re: No Internet connection after being forced to a malware site

Post by coffee412 » Thu Dec 07, 2017 6:20 pm

When your on the problem computer can you do these things:

1. Open a term window and type in "ifconfig" and post the output.

2. See if you can ping 8.8.8.8 and get a reply. The command is "ping 8.8.8.8"

Lets see what it shows :)
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
IceWarp * Samba AD * Mint 18.1 * RAID 1/5 * OpenVPN * Linux since kernel 2.0.36

brutto07
Level 1
Level 1
Posts: 16
Joined: Mon Jan 19, 2015 10:41 am
Location: Sweden

Re: No Internet connection after being forced to a malware site

Post by brutto07 » Thu Dec 07, 2017 9:37 pm

Many thanks!
I have sent a PM with the URL and some details to Pjotr!

I have already tried to Ping and that seems to work.
I will run "ipconfig" in the terminal and post the output when I have transfered it from the computer with no internet to this one. But if it's ok it will take some hours because it is in the middle in the night here (03.00), so really don't know for sure what I'm doing.

Mute Ant
Level 13
Level 13
Posts: 4658
Joined: Tue Sep 03, 2013 7:45 pm

Re: No Internet connection after being forced to a malware site

Post by Mute Ant » Thu Dec 07, 2017 10:12 pm

If you were running as a normal user, firefox can only damage that user's environment. It's relatively easy to make a new user account and start fresh.
o If your GUI is set to auto-login, switch that off.
o Log out of the GUI.
o Ctrl+Alt+F1 to switch to text console TTY1.
o Log in and think of a new user name... one word in lower case letters... johndoe
o Enter sudo adduser johndoe and answer the questions.
o Give your new user sudo powers... sudo adduser johndoe sudo
o Switch back to the GUI greeter with Alt+LeftArrow and log in as johndoe.
You were in the left-hand lane and you were signalling left and I more or less assumed you were going to turn left.

User avatar
trytip
Level 6
Level 6
Posts: 1155
Joined: Tue Jul 05, 2016 1:20 pm

Re: No Internet connection after being forced to a malware site

Post by trytip » Thu Dec 07, 2017 10:23 pm

does another browser work?
Image

User avatar
Pepi
Level 5
Level 5
Posts: 574
Joined: Wed Nov 18, 2009 7:47 pm

Re: No Internet connection after being forced to a malware site

Post by Pepi » Thu Dec 07, 2017 10:33 pm

Would it had helped if the poster was using FIreJail :?:

brutto07
Level 1
Level 1
Posts: 16
Joined: Mon Jan 19, 2015 10:41 am
Location: Sweden

Re: No Internet connection after being forced to a malware site

Post by brutto07 » Fri Dec 08, 2017 7:52 am

Here's the output from ifconfig (second try):

Code: Select all

enp8s0    Link encap:Ethernet  HWaddr 7c:05:07:26:d9:85  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2076 (2.0 KB)  TX bytes:2076 (2.0 KB)

wlp7s0    Link encap:Ethernet  HWaddr a8:54:b2:96:aa:b4  
          inet addr:192.168.1.142  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::3c48:3c17:1fc5:bad7/64 Scope:Link
          inet6 addr: fd5a:b95b:8aae:0:59d:4e1d:ee4c:4e40/64 Scope:Global
          inet6 addr: fd5a:b95b:8aae:0:27aa:2e26:2ac9:bb00/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:125155 (125.1 KB)  TX bytes:163414 (163.4 KB)
I will test if it works making a new user. Another browser doesn't work. Internet is down for everything on the computer (my email, the update manager etc). Firejail is something new for me. But doesn't that already presuppose an Internet connection?

brutto07
Level 1
Level 1
Posts: 16
Joined: Mon Jan 19, 2015 10:41 am
Location: Sweden

Re: No Internet connection after being forced to a malware site

Post by brutto07 » Fri Dec 08, 2017 9:02 am

Making and using a new user account didn't work

User avatar
Pepi
Level 5
Level 5
Posts: 574
Joined: Wed Nov 18, 2009 7:47 pm

Re: No Internet connection after being forced to a malware site

Post by Pepi » Fri Dec 08, 2017 9:07 am

I was just wondering if something installed on your computer when you hit that bad webpage. I think FireJail would have stopped this from happening ... I think :oops: :mrgreen:

User avatar
Pjotr
Level 20
Level 20
Posts: 10058
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: No Internet connection after being forced to a malware site

Post by Pjotr » Fri Dec 08, 2017 9:52 am

brutto07 wrote:I have sent a PM with the URL and some details to Pjotr!
I received nothing....
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
coffee412
Level 5
Level 5
Posts: 808
Joined: Mon Nov 12, 2012 7:38 pm
Location: Indiana, USA
Contact:

Re: No Internet connection after being forced to a malware site

Post by coffee412 » Fri Dec 08, 2017 10:29 am

brutto07 wrote:Here's the output from ifconfig (second try):

Code: Select all

enp8s0    Link encap:Ethernet  HWaddr 7c:05:07:26:d9:85  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2076 (2.0 KB)  TX bytes:2076 (2.0 KB)

wlp7s0    Link encap:Ethernet  HWaddr a8:54:b2:96:aa:b4  
          inet addr:192.168.1.142  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::3c48:3c17:1fc5:bad7/64 Scope:Link
          inet6 addr: fd5a:b95b:8aae:0:59d:4e1d:ee4c:4e40/64 Scope:Global
          inet6 addr: fd5a:b95b:8aae:0:27aa:2e26:2ac9:bb00/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:125155 (125.1 KB)  TX bytes:163414 (163.4 KB)
I will test if it works making a new user. Another browser doesn't work. Internet is down for everything on the computer (my email, the update manager etc). Firejail is something new for me. But doesn't that already presuppose an Internet connection?
Ok. That looks good. Now post the output of your /etc/resolv.conf file

Like this:

Code: Select all

cat /etc/resolv.conf
paste it.
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
IceWarp * Samba AD * Mint 18.1 * RAID 1/5 * OpenVPN * Linux since kernel 2.0.36

User avatar
WharfRat
Level 20
Level 20
Posts: 11111
Joined: Thu Apr 07, 2011 8:15 pm

Re: No Internet connection after being forced to a malware site

Post by WharfRat » Fri Dec 08, 2017 10:58 am

brutto07 wrote:I occasionally visited a web site which sent me to another (malware?) site having a popup window taking command of the whole screen and demanding me to reinstall Firefox (their version).
Can you pm me with the link and also Pjotr said he didn't get anything.
Image ImageImage

User avatar
trytip
Level 6
Level 6
Posts: 1155
Joined: Tue Jul 05, 2016 1:20 pm

Re: No Internet connection after being forced to a malware site

Post by trytip » Fri Dec 08, 2017 10:59 am

delete your internet connection and connect again. simplest way i can suggest is rightclick on network tray icon > edit connections > select your wifi and delete
i've not heard a browser hijack that could cause this so severe that connecting in linux is broken. a better troubleshoot is this . wireless info run the script and post it here in CODE https://github.com/UbuntuForums/wireless-info
Image

User avatar
Pjotr
Level 20
Level 20
Posts: 10058
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: No Internet connection after being forced to a malware site

Post by Pjotr » Fri Dec 08, 2017 3:26 pm

I repeat: please PM me the link, because in spite of wat you said, this still hasn't occurred. When this doesn't happen, I'll have to consider your message as a hoax.
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
Pjotr
Level 20
Level 20
Posts: 10058
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: No Internet connection after being forced to a malware site

Post by Pjotr » Fri Dec 08, 2017 4:06 pm

OK, I received the required information from the OP (thank you for that!). :)

I followed the same click path as the OP did, but this didn't lead to anything unusual. So I'm sorry to say that I can't reproduce his problem.

It has been mentioned already in this thread by others: you might want to increase the security of your web browser by running it inside a secured sandbox. This is how:
https://sites.google.com/site/easylinux ... ct/sandbox
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

brutto07
Level 1
Level 1
Posts: 16
Joined: Mon Jan 19, 2015 10:41 am
Location: Sweden

Re: No Internet connection after being forced to a malware site

Post by brutto07 » Fri Dec 08, 2017 5:12 pm

To Pepi: I really don't know if something was installed. But with my limited knowledge of Linux something like that isn't possible without username and password to my computer?

To Trytip: Have already tried that. Shall try to use the script you mention (if it is safe?)

To WharfRat: Hopefully you got my PM

To Coffee412: Here's the output from cat /etc/resolv.conf:

# Generated by Eddie v2.13.6 | https://eddie.website

nameserver 10.4.0.1

(My Comment: Eddie is a client used by AirVPN (airvpn.org). It was inactivated when generating the output but active when I visited the site where all seems to have started.)

User avatar
coffee412
Level 5
Level 5
Posts: 808
Joined: Mon Nov 12, 2012 7:38 pm
Location: Indiana, USA
Contact:

Re: No Internet connection after being forced to a malware site

Post by coffee412 » Fri Dec 08, 2017 5:25 pm

brutto07 wrote:To Pepi: I really don't know if something was installed. But with my limited knowledge of Linux something like that isn't possible without username and password to my computer?

To Trytip: Have already tried that. Shall try to use the script you mention (if it is safe?)

To WharfRat: Hopefully you got my PM

To Coffee412: Here's the output from cat /etc/resolv.conf:

# Generated by Eddie v2.13.6 | https://eddie.website

nameserver 10.4.0.1

(My Comment: Eddie is a client used by AirVPN (airvpn.org). It was inactivated when generating the output but active when I visited the site where all seems to have started.)

Your resolv.conf file is the only thing probably wrong. The reason you cannot find sites on the internet is because your Name server is set to 10.4.0.1 which is a private address.

Fix that in Network manager and you will be all set
Ryzen x1800 Asus Prime x370-Pro 32 gigs Ram RX480 graphics
IceWarp * Samba AD * Mint 18.1 * RAID 1/5 * OpenVPN * Linux since kernel 2.0.36

User avatar
WharfRat
Level 20
Level 20
Posts: 11111
Joined: Thu Apr 07, 2011 8:15 pm

Re: No Internet connection after being forced to a malware site

Post by WharfRat » Fri Dec 08, 2017 7:42 pm

brutto07,

I went to the site, found the book you mentioned and tried the download, nothing to report.

I didn't register to complete the download, but to that point nothing unusual happened.
Image ImageImage

brutto07
Level 1
Level 1
Posts: 16
Joined: Mon Jan 19, 2015 10:41 am
Location: Sweden

Re: No Internet connection after being forced to a malware site

Post by brutto07 » Fri Dec 08, 2017 7:57 pm

To Coffee412: Now that looks promising! But I have a maybe typical newbie (and dumb) question: how do I fix that in Network Manager and how do I know what name server to use, that is, what address to use?

Post Reply

Return to “Newbie Questions”