No Internet connection after being forced to a malware site

[brutto07]

Hi, I have been using Linux Mint for a couple of years (that is, a relative newbie). All has worked just fine until now. My problem is that I can't connect to Internet anymore. The background is as follows: Using Mint 18.3 and Firefox I occasionally visited a web site which sent me to another (malware?) site having a popup window taking command of the whole screen and demanding me to reinstall Firefox (their version). As there were no way to leave that site I eventually had to force a shutdown of the computer. After restarting the computer the Internet connection was gone. I'm using a router and wifi and have tried a cable connection without any result. I have also tried another computer with Mint 17.3 installed, a Windows 10 computer, and my Android cellphone, without any problems connecting to internet via wifi. The router seems to work without any flaws.

I really have no clue what to do. I have heard and read that Linux is relatively secure when it comes to virus and malware. So perhaps it is something other?
Thanks in advance for any answer!

[Pjotr]

Can you send me a PM with the URL of the malware site? I'd like to take a look.

[coffee412]

When your on the problem computer can you do these things:

1. Open a term window and type in "ifconfig" and post the output.

2. See if you can ping 8.8.8.8 and get a reply. The command is "ping 8.8.8.8"

Lets see what it shows

[brutto07]

Many thanks!
I have sent a PM with the URL and some details to Pjotr!

I have already tried to Ping and that seems to work.
I will run "ipconfig" in the terminal and post the output when I have transfered it from the computer with no internet to this one. But if it's ok it will take some hours because it is in the middle in the night here (03.00), so really don't know for sure what I'm doing.

[Mute Ant]

If you were running as a normal user, firefox can only damage that user's environment. It's relatively easy to make a new user account and start fresh.
o If your GUI is set to auto-login, switch that off.
o Log out of the GUI.
o Ctrl+Alt+F1 to switch to text console TTY1.
o Log in and think of a new user name... one word in lower case letters... johndoe
o Enter sudo adduser johndoe and answer the questions.
o Give your new user sudo powers... sudo adduser johndoe sudo
o Switch back to the GUI greeter with Alt+LeftArrow and log in as johndoe.

[trytip]

does another browser work?

[Pepi]

Would it had helped if the poster was using FIreJail

[brutto07]

Here's the output from ifconfig (second try):

Code: Select all

enp8s0    Link encap:Ethernet  HWaddr 7c:05:07:26:d9:85  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2076 (2.0 KB)  TX bytes:2076 (2.0 KB)

wlp7s0    Link encap:Ethernet  HWaddr a8:54:b2:96:aa:b4  
          inet addr:192.168.1.142  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::3c48:3c17:1fc5:bad7/64 Scope:Link
          inet6 addr: fd5a:b95b:8aae:0:59d:4e1d:ee4c:4e40/64 Scope:Global
          inet6 addr: fd5a:b95b:8aae:0:27aa:2e26:2ac9:bb00/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:125155 (125.1 KB)  TX bytes:163414 (163.4 KB)

I will test if it works making a new user. Another browser doesn't work. Internet is down for everything on the computer (my email, the update manager etc). Firejail is something new for me. But doesn't that already presuppose an Internet connection?

[brutto07]

Making and using a new user account didn't work

[Pepi]

I was just wondering if something installed on your computer when you hit that bad webpage. I think FireJail would have stopped this from happening ... I think

[Pjotr]

I have sent a PM with the URL and some details to Pjotr!

I received nothing....

[coffee412]

Here's the output from ifconfig (second try):

Code: Select all

enp8s0    Link encap:Ethernet  HWaddr 7c:05:07:26:d9:85  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2076 (2.0 KB)  TX bytes:2076 (2.0 KB)

wlp7s0    Link encap:Ethernet  HWaddr a8:54:b2:96:aa:b4  
          inet addr:192.168.1.142  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::3c48:3c17:1fc5:bad7/64 Scope:Link
          inet6 addr: fd5a:b95b:8aae:0:59d:4e1d:ee4c:4e40/64 Scope:Global
          inet6 addr: fd5a:b95b:8aae:0:27aa:2e26:2ac9:bb00/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:125155 (125.1 KB)  TX bytes:163414 (163.4 KB)

I will test if it works making a new user. Another browser doesn't work. Internet is down for everything on the computer (my email, the update manager etc). Firejail is something new for me. But doesn't that already presuppose an Internet connection?

Ok. That looks good. Now post the output of your /etc/resolv.conf file

Like this:

Code: Select all

cat /etc/resolv.conf

paste it.

[WharfRat]

I occasionally visited a web site which sent me to another (malware?) site having a popup window taking command of the whole screen and demanding me to reinstall Firefox (their version).

Can you pm me with the link and also Pjotr said he didn't get anything.

[trytip]

delete your internet connection and connect again. simplest way i can suggest is rightclick on network tray icon > edit connections > select your wifi and delete
i've not heard a browser hijack that could cause this so severe that connecting in linux is broken. a better troubleshoot is this . wireless info run the script and post it here in CODE https://github.com/UbuntuForums/wireless-info

[Pjotr]

I repeat: please PM me the link, because in spite of wat you said, this still hasn't occurred. When this doesn't happen, I'll have to consider your message as a hoax.

[Pjotr]

OK, I received the required information from the OP (thank you for that!).

I followed the same click path as the OP did, but this didn't lead to anything unusual. So I'm sorry to say that I can't reproduce his problem.

It has been mentioned already in this thread by others: you might want to increase the security of your web browser by running it inside a secured sandbox. This is how:
https://sites.google.com/site/easylinux ... ct/sandbox

[brutto07]

To Pepi: I really don't know if something was installed. But with my limited knowledge of Linux something like that isn't possible without username and password to my computer?

To Trytip: Have already tried that. Shall try to use the script you mention (if it is safe?)

To WharfRat: Hopefully you got my PM

To Coffee412: Here's the output from cat /etc/resolv.conf:

# Generated by Eddie v2.13.6 | https://eddie.website

nameserver 10.4.0.1

(My Comment: Eddie is a client used by AirVPN (airvpn.org). It was inactivated when generating the output but active when I visited the site where all seems to have started.)

[coffee412]

To Pepi: I really don't know if something was installed. But with my limited knowledge of Linux something like that isn't possible without username and password to my computer?

To Trytip: Have already tried that. Shall try to use the script you mention (if it is safe?)

To WharfRat: Hopefully you got my PM

To Coffee412: Here's the output from cat /etc/resolv.conf:

# Generated by Eddie v2.13.6 | https://eddie.website

nameserver 10.4.0.1

(My Comment: Eddie is a client used by AirVPN (airvpn.org). It was inactivated when generating the output but active when I visited the site where all seems to have started.)

Your resolv.conf file is the only thing probably wrong. The reason you cannot find sites on the internet is because your Name server is set to 10.4.0.1 which is a private address.

Fix that in Network manager and you will be all set

[WharfRat]

brutto07,

I went to the site, found the book you mentioned and tried the download, nothing to report.

I didn't register to complete the download, but to that point nothing unusual happened.

[brutto07]

To Coffee412: Now that looks promising! But I have a maybe typical newbie (and dumb) question: how do I fix that in Network Manager and how do I know what name server to use, that is, what address to use?