Windows virus still does SOME damage in Linux
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Windows virus still does SOME damage in Linux
Anyone know how to get rid of the ActiveDiscount virus please? ClamAV doesnt seem to remove it and my experience is that none of the half dozen windows AV programs [except Zoek] can find it. I dont suppose there is a way of effectively running Zoek in linux, is there?
Ii got it by following a 2012 link on xda-developers to Android File Host
Ii got it by following a 2012 link on xda-developers to Android File Host
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Windows virus still does SOME damage in Linux
Hi,
Active discount does not attack linux per sae, but attaches itself to a browser or email client. Since you did not say which browser or Client is effected.
here is a web page that tells you how to clean it out of the browser.
https://malwaretips.com/blogs/ads-by-ac ... l/#browser
follow step # 5
the example if for google chrome, of course FireFox would be diffferent but the proceedure would be the same reset your personal data.
Active discount does not attack linux per sae, but attaches itself to a browser or email client. Since you did not say which browser or Client is effected.
here is a web page that tells you how to clean it out of the browser.
https://malwaretips.com/blogs/ads-by-ac ... l/#browser
follow step # 5
the example if for google chrome, of course FireFox would be diffferent but the proceedure would be the same reset your personal data.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: Windows virus still does SOME damage in Linux
Hi "vintagepen",
I just read your post and the good replies to it. Here are my thoughts on this as well.
You could create a bootable CD/DVD or USB flash drive stick of one of the reliable Anti-virus rescue discs and boot to that and run it on your whole system and any attached drives (ie: USB sticks)... Kaspersky (cd/dvd), Avira, Dr.Web, etc... It will take awhile to run.
Hope this helps ...
I just read your post and the good replies to it. Here are my thoughts on this as well.
You could create a bootable CD/DVD or USB flash drive stick of one of the reliable Anti-virus rescue discs and boot to that and run it on your whole system and any attached drives (ie: USB sticks)... Kaspersky (cd/dvd), Avira, Dr.Web, etc... It will take awhile to run.
Hope this helps ...
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
- Pjotr
- Level 24
- Posts: 20117
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Windows virus still does SOME damage in Linux
Don't install any antivirus for this; that's unnecessary and even decreases the security of your system. It suffices to reset Firefox to its defaults:
- Launch a terminal window (this is how to launch a terminal window);
- copy/paste this command into the terminal:
Press Enter.
Close Firefox and relaunch it. Done.
Same procedure for Google Chrome:
Close & relaunch.
For Chromium:
Close & relaunch.
- Launch a terminal window (this is how to launch a terminal window);
- copy/paste this command into the terminal:
Code: Select all
rm -v -R ~/.mozilla
Close Firefox and relaunch it. Done.
Same procedure for Google Chrome:
Code: Select all
rm -v -R ~/.config/google-chrome
For Chromium:
Code: Select all
rm -v -R ~/.config/chromium
Last edited by Pjotr on Wed Nov 08, 2017 11:05 am, edited 2 times in total.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Windows virus still does SOME damage in Linux
Hi, vintagepen.
Although the incorrect label virus is used in the article as well, it is still incorrect. It is a normal piece of Windows software, which has been designed and developped to do things which you may not like. Apart from the Windows executable file, which should not work on Linux Mint at all, there is a browser extension.
Browser extensions might well be able to run on Linux Firefox versions as well.
Hence you should definitely get rid of the ActiveDiscount browser extension.
I would look for it inside my browser profile, subfolder extensions, and remove it.
No idea whether the ActiveDiscount browser extension is able to pull in any further browser extensions or plugins - might be. So it is definitely worth checking.
Maybe the only really safe way, is, as has been suggested already, by renaming your $HOME/.mozilla subfolder tree (Firefox profile), and start all over with a fresh Firefox profile. In this case it would make sense, deleting the stuff inside $HOME/.cache/mozilla as well (would have to look up the exact pathname on a Linux system)
Regards,
Karl
Although the incorrect label virus is used in the article as well, it is still incorrect. It is a normal piece of Windows software, which has been designed and developped to do things which you may not like. Apart from the Windows executable file, which should not work on Linux Mint at all, there is a browser extension.
Browser extensions might well be able to run on Linux Firefox versions as well.
Hence you should definitely get rid of the ActiveDiscount browser extension.
I would look for it inside my browser profile, subfolder extensions, and remove it.
No idea whether the ActiveDiscount browser extension is able to pull in any further browser extensions or plugins - might be. So it is definitely worth checking.
Maybe the only really safe way, is, as has been suggested already, by renaming your $HOME/.mozilla subfolder tree (Firefox profile), and start all over with a fresh Firefox profile. In this case it would make sense, deleting the stuff inside $HOME/.cache/mozilla as well (would have to look up the exact pathname on a Linux system)
Regards,
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
- Pjotr
- Level 24
- Posts: 20117
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Windows virus still does SOME damage in Linux
This should do the trick for the Firefox cache:karlchen wrote:In this case it would make sense, deleting the stuff inside $HOME/.cache/mozilla as well (would have to look up the exact pathname on a Linux system)
Karl
Code: Select all
rm -v -R ~/.cache/mozilla/*
Code: Select all
rm -v -R ~/.cache/google-chrome/*
Code: Select all
rm -v -R ~/.cache/chromium/*
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Windows virus still does SOME damage in Linux
Pjotr wrote:Press Enter.Code: Select all
rm -v -R ~/.mozilla
Well that was absolutely catastrophic! Though it may have got rid of the malware, - as has been pointed out to me, IF I had it.
But this is my fault because I am not sure why I followed the destructive instructions after i had refreshed firefox and that SEEMED to get rid of the problem and the (possibly hidden) extension.
The chromium and firefox instructions lost me all my passwords, configurations and over a month's worth of work, all my 20-30 carefully preserved tabs that I was working on and changed all my internet search se tti ngs to an almost completely useless search engine called yahoo, which specialises in keeping users on their site (AOL-like) and never returning any relevant results if you aren't shopping [and doing so with their preferred retailers]. Curiously I have read articles that describe this business of switching search settings to Yahoo without knowledge or consent as malware in itself!
I should have had a bit more faith in Linux's ability to resist viruses & malware.
Re: Windows virus still does SOME damage in Linux
Well, that's what it means to reset Firefox to its defaults. I do feel that Pjotr could have given a clearer warning than that...
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Windows virus still does SOME damage in Linux
Without a big "YOU'LL LOSE ALL YOUR BOOKMARKS AND ADDONS ETC" it was terrible advice.vintagepen wrote:Well that was absolutely catastrophic!Pjotr wrote:Press Enter.Code: Select all
rm -v -R ~/.mozilla
It's actually a browser problem.I should have had a bit more faith in Linux's ability to resist viruses & malware.
You might want to find the URL that supplies this bogus addon (or whatever it is) and add it to your /etc/hosts file so it can't be accessed again.
But! You DO BACKUPS, RIGHT?!?!?
So you can restore your ~/.mozilla directory from it....right?
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?
Your data and OS are backed up....right?
- Pjotr
- Level 24
- Posts: 20117
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Windows virus still does SOME damage in Linux
It *is* your fault. I clearly stated that it would reset Firefox (and Chromium) to its defaults. Missed that line?vintagepen wrote:Well that was absolutely catastrophic! Though it may have got rid of the malware, - as has been pointed out to me, IF I had it.
But this is my fault because I am not sure why I followed the destructive instructions after i had refreshed firefox and that SEEMED to get rid of the problem and the (possibly hidden) extension.
The chromium and firefox instructions lost me all my passwords, configurations and over a month's worth of work, all my 20-30 carefully preserved tabs that I was working on
Sometimes I'm a bit surprised by the amount of hand-holding that some people apparently expect....
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Windows virus still does SOME damage in Linux
Yes, it does appear to be necessary to explain that resetting firefox to defaults includes losing all work, tabs, passwords, configurations and introducing Yahoo malware into my computer: Heck, even gmail now has a screwed up, completely alien and totally non-intuitive look which seems to have been designed by Yahoo to stop users using gmail!
Especially where 'refreshing firefox' may have cured the problem (though not curing activediscount abusing memory/processing power by trying constantly to infect the non-existent registry?) yet doesn't do any of this.
Especially where 'refreshing firefox' may have cured the problem (though not curing activediscount abusing memory/processing power by trying constantly to infect the non-existent registry?) yet doesn't do any of this.
- Pjotr
- Level 24
- Posts: 20117
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Windows virus still does SOME damage in Linux
Don't shout. And assume responsibility for your own clear mistake. I'm not a babysitter.vintagepen wrote:Yes, it does appear to be necessary to explain that resetting firefox to defaults includes losing all work, tabs, passwords, configurations and introducing Yahoo malware into my computer: Heck, even gmail now has a screwed up, completely alien and totally non-intuitive look which seems to have been designed by Yahoo to stop users using gmail!
Especially where 'refreshing firefox' may have cured the problem (though not curing activediscount abusing memory/processing power by trying constantly to infect the non-existent registry?) yet doesn't do any of this.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Windows virus still does SOME damage in Linux
Sorry for that, - and I do acknowledge that your advice was correctPjotr wrote:Don't shout.
Re: Windows virus still does SOME damage in Linux
Hello, vintagepen.
Others have already stated that a warning might have been appropriate, emphasizing that removing the Firefox profile folder would of course remove all your bookmarks, your saved login credentials, your Firefox settings, your addons and a few things more. On the one hand.
On the other hand, I admit that if I had given the advice of removing the Firefox profile, I might also have made the mistake of assuming that a forum user, who joined more than 5.5 years ago, might be aware of what removing the Firefox profile will do.
This very likely is the reason, why user Cosmo. had made it a habit to instruct users of renaming the Firefox profile folder instead. And only if all problems had been sorted out, he told to remove the renamed folder.
This gave users the chance of reverting or selectively restoring particular files from the renamed profile folder to the new profile folder.
Also, please, keep in mind, that not giving the warning would have had no ill side effects, provided you did regular backups of your data. Apparently you do not do so. And this is something which you cannot blame Pjotr for.
This story once again illustrates that it always takes more than one mistake to make a catastrophe.
Best regards,
Karl
Others have already stated that a warning might have been appropriate, emphasizing that removing the Firefox profile folder would of course remove all your bookmarks, your saved login credentials, your Firefox settings, your addons and a few things more. On the one hand.
On the other hand, I admit that if I had given the advice of removing the Firefox profile, I might also have made the mistake of assuming that a forum user, who joined more than 5.5 years ago, might be aware of what removing the Firefox profile will do.
This very likely is the reason, why user Cosmo. had made it a habit to instruct users of renaming the Firefox profile folder instead.
Code: Select all
mv $HOME/.mozilla $HOME/.mozilla.bak
This gave users the chance of reverting or selectively restoring particular files from the renamed profile folder to the new profile folder.
Also, please, keep in mind, that not giving the warning would have had no ill side effects, provided you did regular backups of your data. Apparently you do not do so. And this is something which you cannot blame Pjotr for.
This story once again illustrates that it always takes more than one mistake to make a catastrophe.
Best regards,
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Re: Windows virus still does SOME damage in Linux
This seems out of character for you. What makes your site so good is you include detailed step by step instructions on how to do things coupled with easy to understand but informative explanations of why take those steps and what they mean in the eyes of those who don't understand such terminology as "reset your browser".Pjotr wrote:Don't shout. And assume responsibility for your own clear mistake. I'm not a babysitter.
The in this thread went so far as to "correct" karlchen who I feel gave the better advice. The only thing he didn't do that I have seen others do is explain that after a fresh profile was established you could use the renamed folder to get back some of you old profile.
However, maybe the way it happened can be a learning experience for the OP. Back up your bookmarks and other personal data you may want. Personally, I say DON'T let the browser remember your passwords. Over time such security measures as encryption and salting have gotten better but I do remember a time when people could steal all your saved passwords when you connected to their site (or false ad). It wouldn't surprise me if some hackers figured out how to do that again, present or future, though currently I haven't heard about that type of exploit existing.
- Pjotr
- Level 24
- Posts: 20117
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Windows virus still does SOME damage in Linux
Thanks for your compliment.Penn wrote:This seems out of character for you. What makes your site so good is you include detailed step by step instructions on how to do things coupled with easy to understand but informative explanations of why take those steps and what they mean in the eyes of those who don't understand such terminology as "reset your browser".Pjotr wrote:Don't shout. And assume responsibility for your own clear mistake. I'm not a babysitter.
There's a difference though, between my website and my advice on this forum.... I can afford the one-time investment of time and effort in creating elaborate step-by-step how-to's on my website, but not so for my forum advice.
Because the latter is repetitive and would require more time and effort than I have to spare (at least when I can't give a link to a how-to on my website). So my forum advice is usually not so elaborate.
Last edited by Pjotr on Fri Nov 10, 2017 6:19 pm, edited 2 times in total.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
- Pjotr
- Level 24
- Posts: 20117
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Windows virus still does SOME damage in Linux
Apology accepted. Good luck with getting things running again.vintagepen wrote:Sorry for that, - and I do acknowledge that your advice was correctPjotr wrote:Don't shout.
I've noticed that in the meantime, a mod (karlchen?) has undone the shouting.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.