Recommendations for full malware check please!
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Recommendations for full malware check please!
Hello,
I've been using Linux Mint for years, and never worried much about malware / viruses / etc. because, well, it's Linux, and I'm not in the habit of installing stuff outside the official repositories.
I've been getting masses of spam emails recently, and amongst them are the usual "You've been watching <violates forum rules> and we've recorded you on the webcam, send us all your bitcoin" ones. No problem, I don't even have a webcam!
Today I got one of these that said "One of your passwords is xxxxxxxxxxx, and we've installed a keylogger". The password they quoted is in fact one of mine, it's the basic one I use for non-critical forums like this one!
I'm 99% sure they got it by hacking some other site, but I'd like to do a check of my machine for malware (especially keyloggers). Can anyone recommend the best way to do this?
Thanks,
Piers.
I've been using Linux Mint for years, and never worried much about malware / viruses / etc. because, well, it's Linux, and I'm not in the habit of installing stuff outside the official repositories.
I've been getting masses of spam emails recently, and amongst them are the usual "You've been watching <violates forum rules> and we've recorded you on the webcam, send us all your bitcoin" ones. No problem, I don't even have a webcam!
Today I got one of these that said "One of your passwords is xxxxxxxxxxx, and we've installed a keylogger". The password they quoted is in fact one of mine, it's the basic one I use for non-critical forums like this one!
I'm 99% sure they got it by hacking some other site, but I'd like to do a check of my machine for malware (especially keyloggers). Can anyone recommend the best way to do this?
Thanks,
Piers.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Main: Dell E6410 - 8GB RAM / 500GB HDD - Dual Boot Mint 21.2 Cinnamon 64-bit / Win 10
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Re: Recommendations for full malware check please!
Hi Piers66,
I've installed rkhunter on several Ubuntu servers and it's running quite well. I've seen the package is also available in the Mint repo so you can give it a try.
At work we have to use Sophos Antivirus on our systems. Perhaps it's not the best one but I've installed the free version on Sophos on many Linux Mint systems without any trouble. I've configured the on access scan just to take care of my /home dir and the dirs where media will be mounted on e.g /cdrom, /media, ...
Regards - Olli
I've installed rkhunter on several Ubuntu servers and it's running quite well. I've seen the package is also available in the Mint repo so you can give it a try.
At work we have to use Sophos Antivirus on our systems. Perhaps it's not the best one but I've installed the free version on Sophos on many Linux Mint systems without any trouble. I've configured the on access scan just to take care of my /home dir and the dirs where media will be mounted on e.g /cdrom, /media, ...
Regards - Olli
Re: Recommendations for full malware check please!
I would take a different approach and put the email address that you use for forums like this one into https://haveibeenpwned.com . You may very well see some sites pop up... unfortunately including this one.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
-
- Level 5
- Posts: 563
- Joined: Sat Jan 02, 2021 4:44 pm
Re: Recommendations for full malware check please!
First of all: Update to the latest LM. Any reason you're still on LM19? LM updates do include security updates, so I would do that.
Consider using a different web browser like Ungoogled Chromium with the uBlock Origin extension and configure it to block third party resources (see this post to set it up this way: viewtopic.php?p=2020789#p2020789 - I highly advise you to read the uBlock Extension User Guide link in that post to set up third-party script blocking and learn how to use it) Also reconsider what websites you visit...
Change all your passwords everywhere. Yes, a hassle, but probably essential for you at this point. Use something like a paper notebook or KeePassXC (in the Software Manager) to record your passwords. Use strong passwords.
Also consider changing your email address to another provider entirely (a more "privacy-friendly" one, if you can, I'd advise). Sounds like you've had it for awhile.
I would also seriously consider wiping your hard drive, re-installing Mint and keeping it up to date from then on out. Hand-pick your personal files when you move them onto your new installation and be as sure as possible they are clean. Have a backup system.
You could even go so far as running some anti-virus software (Clam AV? Others might have other, better suggestions for Linux AV software) and even root kit checkers (Chkrootkit in the Software Manager, etc, there's also rkhunter but not on the Software Manager I don't think). Root kits are like nasty viruses/malware on steroids that can be extremely difficult to find.
Be more careful about what you files and software that you download and run, especially if you're using Wine, etc (stop using it if you can, go find Linux alternatives to those applications).
This is just a basic set of things to consider doing, and is just a start. It may not be as bad as you think, heck, it could just be that you got spam email with a password that they got from a hacked forum you were on (be more choosy of which forums you participate in), but it could be much worse. As a famous movie character once said, "Do you feel lucky?"
Consider using a different web browser like Ungoogled Chromium with the uBlock Origin extension and configure it to block third party resources (see this post to set it up this way: viewtopic.php?p=2020789#p2020789 - I highly advise you to read the uBlock Extension User Guide link in that post to set up third-party script blocking and learn how to use it) Also reconsider what websites you visit...
Change all your passwords everywhere. Yes, a hassle, but probably essential for you at this point. Use something like a paper notebook or KeePassXC (in the Software Manager) to record your passwords. Use strong passwords.
Also consider changing your email address to another provider entirely (a more "privacy-friendly" one, if you can, I'd advise). Sounds like you've had it for awhile.
I would also seriously consider wiping your hard drive, re-installing Mint and keeping it up to date from then on out. Hand-pick your personal files when you move them onto your new installation and be as sure as possible they are clean. Have a backup system.
You could even go so far as running some anti-virus software (Clam AV? Others might have other, better suggestions for Linux AV software) and even root kit checkers (Chkrootkit in the Software Manager, etc, there's also rkhunter but not on the Software Manager I don't think). Root kits are like nasty viruses/malware on steroids that can be extremely difficult to find.
Be more careful about what you files and software that you download and run, especially if you're using Wine, etc (stop using it if you can, go find Linux alternatives to those applications).
This is just a basic set of things to consider doing, and is just a start. It may not be as bad as you think, heck, it could just be that you got spam email with a password that they got from a hacked forum you were on (be more choosy of which forums you participate in), but it could be much worse. As a famous movie character once said, "Do you feel lucky?"
-
- Level 12
- Posts: 4287
- Joined: Tue May 28, 2019 4:27 pm
Re: Recommendations for full malware check please!
Why would they tell you they've installed a keylogger?
If they had, by the time they told you, your bank account would have been emptied and you wouldn't have access to any of your emails or Netflix account.
If they had, by the time they told you, your bank account would have been emptied and you wouldn't have access to any of your emails or Netflix account.
Re: Recommendations for full malware check please!
Thanks for the suggestion. I still want to check the computer, but in the mean time I ran my email address and it found "Pwned in 8 data breaches and found 1 paste", including Linux Mint!Moem wrote: ⤴Wed Jun 16, 2021 3:54 pm I would take a different approach and put the email address that you use for forums like this one into https://haveibeenpwned.com . You may very well see some sites pop up... unfortunately including this one.
Piers.
Main: Dell E6410 - 8GB RAM / 500GB HDD - Dual Boot Mint 21.2 Cinnamon 64-bit / Win 10
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Re: Recommendations for full malware check please!
As I said, 99% sure it's from a data breach, not a keylogger, but want to do the belt & braces thing.gittiest personITW wrote: ⤴Wed Jun 16, 2021 4:02 pm Why would they tell you they've installed a keylogger?
If they had, by the time they told you, your bank account would have been emptied and you wouldn't have access to any of your emails or Netflix account.
Main: Dell E6410 - 8GB RAM / 500GB HDD - Dual Boot Mint 21.2 Cinnamon 64-bit / Win 10
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Re: Recommendations for full malware check please!
Nothing wrong with LM 19, it's supported until April 2023.newlyminted7 wrote: ⤴Wed Jun 16, 2021 3:57 pm First of all: Update to the latest LM. Any reason you're still on LM19?...
Re: Recommendations for full malware check please!
Thanks for the comprehensive reply.newlyminted7 wrote: ⤴Wed Jun 16, 2021 3:57 pm First of all: Update to the latest LM. Any reason you're still on LM19? LM updates do include security updates, so I would do that.
Consider using a different web browser like Ungoogled Chromium with the uBlock Origin extension and configure it to block third party resources (see this post to set it up this way: viewtopic.php?p=2020789#p2020789 - I highly advise you to read the uBlock Extension User Guide link in that post to set up third-party script blocking and learn how to use it) Also reconsider what websites you visit...
Change all your passwords everywhere. Yes, a hassle, but probably essential for you at this point. Use something like a paper notebook or KeePassXC (in the Software Manager) to record your passwords. Use strong passwords.
Also consider changing your email address to another provider entirely (a more "privacy-friendly" one, if you can, I'd advise). Sounds like you've had it for awhile.
I would also seriously consider wiping your hard drive, re-installing Mint and keeping it up to date from then on out. Hand-pick your personal files when you move them onto your new installation and be as sure as possible they are clean. Have a backup system.
You could even go so far as running some anti-virus software (Clam AV? Others might have other, better suggestions for Linux AV software) and even root kit checkers (Chkrootkit in the Software Manager, etc, there's also rkhunter but not on the Software Manager I don't think). Root kits are like nasty viruses/malware on steroids that can be extremely difficult to find.
Be more careful about what you files and software that you download and run, especially if you're using Wine, etc (stop using it if you can, go find Linux alternatives to those applications).
This is just a basic set of things to consider doing, and is just a start. It may not be as bad as you think, heck, it could just be that you got spam email with a password that they got from a hacked forum you were on (be more choosy of which forums you participate in), but it could be much worse. As a famous movie character once said, "Do you feel lucky?"
I'm on LM19 because I have an older, somewhat underpowered laptop, and assume that later versions will be more processor hungry, but I have been considering upgrading. Is the security significantly better with an up to date version?
At the moment I use Firefox, with uBlock origin. Most of the Firefox security settings are on the stricter side. I'll investigate uBlock in a bit more depth.
Yes, time to change all passwords, some of which haven't changed in years... I keep a file with all my passwords in but (don't panic!) in a form that will remind me what ones I've used rather than listing them explicitly (the 'key' is in my head).
The email address is, I'm sorry to admit, a gmail one. But, it's been in use for a decade and changing it would be very painful (I helped my mother change hers a while back, and well over a year later her friends are still complaining that the old one doesn't work!).
If I upgrade Mint I will do a clean install anyway. As for being sure that personal files are clean, that's the reason to ask about checking for malware. I'll check out the a-v ones you've suggested.
I don't use Wine, and, I think, probably have less installed software than many. The vast majority of what I do involves the basic software that comes with every Mint install. Can't actually think of anything that wasn't installed via the Software Manager.
Piers.
Main: Dell E6410 - 8GB RAM / 500GB HDD - Dual Boot Mint 21.2 Cinnamon 64-bit / Win 10
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Re: Recommendations for full malware check please!
It's called "scare tactics", I'm pretty sure they didn't install a keylogger. Telling me "we installed a keylogger" would immediately prompt a full clean install of the system.. only an idiot would say they installed a keylogger. Perhaps they assume you're as stupid as they are.Piers66 wrote: ⤴Wed Jun 16, 2021 4:03 pmAs I said, 99% sure it's from a data breach, not a keylogger, but want to do the belt & braces thing.gittiest personITW wrote: ⤴Wed Jun 16, 2021 4:02 pm Why would they tell you they've installed a keylogger?
If they had, by the time they told you, your bank account would have been emptied and you wouldn't have access to any of your emails or Netflix account.
Give a man a fish and you'll feed him for a day. Teach a man to fish and you'll feed him for a lifetime.
US Navy, NEC HM8404
US Navy, NEC HM8404
Re: Recommendations for full malware check please!
That seems utterly likely to me. Especially since that same email address and password were used on breached sites.newlyminted7 wrote: ⤴Wed Jun 16, 2021 3:57 pm heck, it could just be that you got spam email with a password that they got from a hacked forum you were on
I would at the very, very least stop reusing passwords! That's really the worst thing you can do. Even if you have to write them down on paper, that is safer than using the same one on several sites... the paper would only be accessible to someone who can physically get to it.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Recommendations for full malware check please!
First one changed (this forum), 120 to go!Moem wrote: ⤴Wed Jun 16, 2021 4:33 pmThat seems utterly likely to me. Especially since that same email address and password were used on breached sites.newlyminted7 wrote: ⤴Wed Jun 16, 2021 3:57 pm heck, it could just be that you got spam email with a password that they got from a hacked forum you were on
I would at the very, very least stop reusing passwords! That's really the worst thing you can do. Even if you have to write them down on paper, that is safer than using the same one on several sites... the paper would only be accessible to someone who can physically get to it.
Using a new PW creation scheme that will make them all different but relatively easy for me to remember... (he says, confidently! )
Main: Dell E6410 - 8GB RAM / 500GB HDD - Dual Boot Mint 21.2 Cinnamon 64-bit / Win 10
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
-
- Level 12
- Posts: 4287
- Joined: Tue May 28, 2019 4:27 pm
Re: Recommendations for full malware check please!
I recommend, as would lots of others, not to use a scheme.
If it is easy for you to remember then it is not much harder for someone who is that way inclined to figure out the pattern.
Try KeepassXC or something similar. It has a neat little password generator on it that you can configure very easily.
For instance, in the old days passwords were something like (for example)
111111
Then, we were told to add a letter
a111111 or 111111a
Then, we were told to add a minimum of 1 upper case letter
A111111 or 111111A
Then, we were told that we need to start getting serious about our passwords and it is time to add punctuation
A111111. or 111111A. or .A111111 or .111111A (you get the picture).
I can just see many " "
If it is easy for you to remember then it is not much harder for someone who is that way inclined to figure out the pattern.
Try KeepassXC or something similar. It has a neat little password generator on it that you can configure very easily.
For instance, in the old days passwords were something like (for example)
111111
Then, we were told to add a letter
a111111 or 111111a
Then, we were told to add a minimum of 1 upper case letter
A111111 or 111111A
Then, we were told that we need to start getting serious about our passwords and it is time to add punctuation
A111111. or 111111A. or .A111111 or .111111A (you get the picture).
I can just see many " "
Re: Recommendations for full malware check please!
I keep all my passwords in a text file, that is then encrypted with a robust master password. The individual passwords can be as complicated as I'd like.
It is easier to move that encrypted file around to any device I need. Much easier than juggling Post-It notes.
It is easier to move that encrypted file around to any device I need. Much easier than juggling Post-It notes.
Re: Recommendations for full malware check please!
Have you considered a password manager? I came to Bitwarden from Lastpass and man, I love it. Makes it real easy to use complicated passwords and keep track of everything. Easy to use, too.
-
- Level 5
- Posts: 563
- Joined: Sat Jan 02, 2021 4:44 pm
Re: Recommendations for full malware check please!
You're welcome. It sounds like you have a level head about this, I'm sure you'll be fine. I agree with you that it's most likely just a hacked forum where they got your email and password. As others have pointed out, it's unlikely that competent hackers would tell you they installed a keylogger until it was far too late. But, unfortunately, they may have gotten your email and password somewhere else and your machine might be compromised. Frustrating, I know, and I'm sorry it happened to you.Piers66 wrote: ⤴Wed Jun 16, 2021 4:27 pm Thanks for the comprehensive reply.
I'm on LM19 because I have an older, somewhat underpowered laptop, and assume that later versions will be more processor hungry, but I have been considering upgrading. Is the security significantly better with an up to date version?
At the moment I use Firefox, with uBlock origin. Most of the Firefox security settings are on the stricter side. I'll investigate uBlock in a bit more depth.
Yes, time to change all passwords, some of which haven't changed in years... I keep a file with all my passwords in but (don't panic!) in a form that will remind me what ones I've used rather than listing them explicitly (the 'key' is in my head).
The email address is, I'm sorry to admit, a gmail one. But, it's been in use for a decade and changing it would be very painful (I helped my mother change hers a while back, and well over a year later her friends are still complaining that the old one doesn't work!).
If I upgrade Mint I will do a clean install anyway. As for being sure that personal files are clean, that's the reason to ask about checking for malware. I'll check out the a-v ones you've suggested.
I don't use Wine, and, I think, probably have less installed software than many. The vast majority of what I do involves the basic software that comes with every Mint install. Can't actually think of anything that wasn't installed via the Software Manager.
Piers.
Internet forums are unfortunately only as secure as the people who administer them and the forum software they use, a lot of which isn't perfect, either. I'd wager that many forums are insecure and should be avoided altogether. Many people think modern technology and the internet are "magic", secure, trustworthy, and darn well should be trusted. Unfortunately, it is very distinctly the other way around. It is actually quite insane. People just assume all this tech can be trusted. A lot of it simply can't be trusted, and as we're finding out, many businesses can't, either (even the ones we assumed were trustworthy, like your current email provider *cough*cough*).
Successful hacks are the ones we don't hear about and don't show up on sites like "https://haveibeenpwned.com". Some forums don't even encrypt or hash passwords when stored, and, worse yet, others are honeypots that intentionally don't encrypt/hash their passwords in order to sell them or share them with bad guys, or are directly run by bad guys.
In my personal opinion it takes around ten years of average use before an email address needs to be replaced due to reasons similar to what you've experienced. If you don't already, consider using email aliases and ditch them when you need to. Only share your main email address with friends and family and create an alias for every other activity you do online (without any elements of your personal name in the alias, either). I'm in the same situation where I'm trying to get off of a "popular" email provider and migrate to a more (supposedly) privacy-friendly one, but I keep putting it off, as well, so I can't really blame you. It's a hassle.
As for Mint's performance on your older hardware, I'd suggest looking into a diffferent window manager than Cinnamon (Xfce or Mate versions of Linux Mint), since it isn't the version of the software that is going to slow you down, but the graphically intensive elements of the UI. If I were you I would upgrade to 20.1 (to get all the bugfixes and security patches) and use Mate or Xfce for better performance. Xfce is the fastest / most lightweight.
Another thing you might want to do is install OpenSnitch (https://github.com/evilsocket/opensnitch). It will alert you if and when any applications try to phone home (including Linux Mint things like unscrupulous panel applets, etc - I'm looking at you, Redshift!). For me it is more just for peace of mind and understanding what certain applications are up to on your computer, but it is pretty handy to spot if malware is trying to phone home, as well.
- ricardogroetaers
- Level 6
- Posts: 1368
- Joined: Sat Oct 27, 2018 3:06 am
- Location: Rio de Janeiro, Brasil
Re: Recommendations for full malware check please!
Sorry for the pragmatism.
Email passes to everyone and someone passes their email to someone else, who passes it to someone else, that ......
Who guarantees that non-critical places (websites, forums, internet stores, others) don't know your password and don't share it with others?
Save passwords to Google (or similar)? Tie dog with sausage, which has the same effect.
As for a "scan" on the computer, no exaggeration and occasionally I use "Comodo antivirus".
It's not just Linux we use and our removable storage devices (and others' devices) are inserted into many computers, including our computer.
Re: Recommendations for full malware check please!
Hello,
OK, so I installed rkhunter and ran it. The only warnings it produced were one file property error, a bunch of overly large memory segments and one hidden directory:
From doing a bit of searching online and finding other people who have had the same warnings, I think I can ignore all of the above as false positives.
At this point is it safe to go with my first assumption (my PC is fine, it was an external data breach)?
Piers.
OK, so I installed rkhunter and ran it. The only warnings it produced were one file property error, a bunch of overly large memory segments and one hidden directory:
Code: Select all
[11:50:13] /usr/bin/lwp-request [ Warning ]
[11:50:13] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[11:57:27] Checking for suspicious (large) shared memory segments [ Warning ]
[11:57:27] Warning: The following suspicious (large) shared memory segments have been found:
[11:57:27] Process: /usr/lib/x86_64-linux-gnu/cinnamon-settings-daemon/csd-background PID: 1599 Owner: piers Size: 64MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/bin/nemo-desktop PID: 2007 Owner: piers Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 PID: 1756 Owner: piers Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/bin/cinnamon PID: 1713 Owner: piers Size: 2.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/lib/firefox/firefox PID: 26586 Owner: piers Size: 4.7MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/lib/gnome-terminal/gnome-terminal-server PID: 26540 Owner: piers Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/lib/firefox/firefox PID: 26586 Owner: piers Size: 4.7MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/bin/nemo PID: 27004 Owner: piers Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/bin/nemo PID: 27004 Owner: piers Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/bin/xed PID: 27022 Owner: piers Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:27] Process: /usr/bin/nemo PID: 32286 Owner: root Size: 4.0MB (configured size allowed: 1.0MB)
[11:57:39] Checking for hidden files and directories [ Warning ]
[11:57:39] Warning: Hidden directory found: /etc/.java
At this point is it safe to go with my first assumption (my PC is fine, it was an external data breach)?
Piers.
Main: Dell E6410 - 8GB RAM / 500GB HDD - Dual Boot Mint 21.2 Cinnamon 64-bit / Win 10
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Backup: iMac 5.1 - 3GB RAM / 240GB HDD - Dual Boot Mint 19.1 Cinnamon 64-bit / OSX 10.5.8
Re: Recommendations for full malware check please!
Hi Piers66,
in rkhunter you have to do some fine tuning:
in rkhunter you have to do some fine tuning:
- rkhunter needs to know what package manager you are using. Edit /etc/rkhunter.conf add the following line:
PKGMGR=DPKG
This way, rkhunter will know to expect those executables to be scripts, and not flag the false positive. - I think it's better to run rkhunter without running to much other programs e.g. firefox, nemo... (warning "shared memory segments ").
- You also can exclude the hidden dir /etc/.java in /etc/rkhunter.conf to supress this warning.
Re: Recommendations for full malware check please!
I'd like to comment on that keylogger they say they've installed. When you download an executable file in Linux the executable flag is stripped. If the user wants to execute that file, they must go into the terminal and restore that executable flag. Then, the user must manually execute that file. Anyone who has been learning while using Linux know that you can download every virus known to man.. but none of them will ever run without user intervention. This is just one of the many reasons I choose *nix over other operating systems - it's also why almost no one wastes their time writing viruses for Linux. So, exactly how did they install a keylogger? They didn't, making such a grandiose statement is nothing more than a testament to their own ignorance.Piers66 wrote: ⤴Wed Jun 16, 2021 3:31 pm Hello,
I've been using Linux Mint for years, and never worried much about malware / viruses / etc. because, well, it's Linux, and I'm not in the habit of installing stuff outside the official repositories.
I've been getting masses of spam emails recently, and amongst them are the usual "You've been watching **** and we've recorded you on the webcam, send us all your bitcoin" ones. No problem, I don't even have a webcam!
Today I got one of these that said "One of your passwords is xxxxxxxxxxx, and we've installed a keylogger". The password they quoted is in fact one of mine, it's the basic one I use for non-critical forums like this one!
I'm 99% sure they got it by hacking some other site, but I'd like to do a check of my machine for malware (especially keyloggers). Can anyone recommend the best way to do this?
Thanks,
Piers.
Give a man a fish and you'll feed him for a day. Teach a man to fish and you'll feed him for a lifetime.
US Navy, NEC HM8404
US Navy, NEC HM8404