Can't Update/Scanned/Exploit/Trojan.Xored-1

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
pampickle1
Level 1
Level 1
Posts: 2
Joined: Wed Dec 04, 2019 3:25 pm

Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by pampickle1 » Wed Dec 04, 2019 4:39 pm

Hello,

I'm sorry to have to explain so much and ask so much, but an acquaintance loaded Linux (Mint 19.1 Cinnamon 4.0.10 4.15.o-70-generic) onto an old Windows computer and I don't know anything about how to help myself out of this problem.

I tried to Update my computer and it won't work. I got this message (and made a print-screen):

W:Failed to fetch http://security.ubuntu.com/ubuntu/pool/ ... _amd64.deb
Could not resolve 'ftp.utexas.edu'

and there are others that all make reference to ftp.Utexas.edu.

There are also multiple lines from a Virus Scan (I have a print-screen) that say:

PUA.Win.Exploit.CVE_2012_1461-1.

and at least two that say: PUA.Win.Trojan.Xored-1.

There are many PUA listings for: LibreOfficeMacros, also.

I quarantined everything found in the Virus scan I ran, but I still can't update.

There are some files in the System Files folder that are NOT inside folders and because of that, I tried to delete them (intrd.img, intrd.img.old, swapfile, vmlinuz, vmlinuz.old). A pop up says: Unable to trash file. Permission denied.

After the problems started, I went to change my password on my Motorola MG-7315 modem and learned there that it had been hijacked on 11/15/19. I'm assuming whoever took control of it is responsible for this. I now have a new ASUS router with virus protection included in it.

My questions:

Can the computer with Linux be cleaned and repaired?
Can the files be saved?
Are my files infected? Can I transfer them to a thumb drive and to another computer without infecting the drive and PC?

Thanks very much for reading this. I don't even know if I'm giving the right information or asking the right questions, but surely would appreciate any help coming my way. I am an elder and use computers like regular people--I don't know code or anything like that, so you might think it's ridiculous that I'm trying to use Linux. I started using it after my PC (with antivirus software) was infected by a trojan horse that destroyed the hard drive when I clicked on "Return to Factory Settings." I sent the computer under warranty to HP and they sent me back another. The warranty has now expired...and I was hoping to use Linux.

Thank you.

Pam B

User avatar
Moem
Level 19
Level 19
Posts: 9753
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by Moem » Wed Dec 04, 2019 5:02 pm

pampickle1 wrote:
Wed Dec 04, 2019 4:39 pm
There are some files in the System Files folder that are NOT inside folders and because of that, I tried to delete them (intrd.img, intrd.img.old, swapfile, vmlinuz, vmlinuz.old). A pop up says: Unable to trash file. Permission denied.
Never do that. There is a reason why that was not allowed. You would have broken the OS.
Sorry for being terse, have cat on lap. More later.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
karlchen
Level 20
Level 20
Posts: 11548
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by karlchen » Wed Dec 04, 2019 5:37 pm

Hello, pampickle1.

A note on the PUA warnings:

PUA means "possibly unwanted application". The PUA warnings suggest to me that you use ClamAV in order to check your Linux Mint system for malware, and search for PUA is on.
Never do this. ClamAV is notorious for flagging lots of harmless files as PUA for no good reason at all.

Quaranting anything, flagged by ClamAV as PUA or as Windows malware, is a pretty efficient way of rendering your system pretty useless in a short period of time. :shock:

About fiddling around with and removing system files:

Fiddling around with and removing Linux Mint system file, just because you do not which purpose they serve, is a great way of rendering your system pretty useless in a short period of time. :shock:


In case you should have caused substantial damage to your system, then you boot your machine from the Linux Mint 19.2 live system and re-install from scratch.
Linux Mint Installation Guide

And in future you should make it a habit to report problems here in order to learn how to deal with them, before you start breaking things. :wink:

Regards,
Karl
Image
Linux Mint 19.2 64-bit Cinnamon, Total Commander 9.22a 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

User avatar
karlchen
Level 20
Level 20
Posts: 11548
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by karlchen » Wed Dec 04, 2019 5:48 pm

pampickle1 wrote:
Wed Dec 04, 2019 4:39 pm
Can the computer with Linux be cleaned and repaired?
More likely than not, there is no malware on your Linux Mint system and there is no need to clean anything.
But I am not omniscient and can give no warranty based on your story only.
Can the files be saved?
In case "the files" means your documents, yes, use a Linux Mint live system to boot your machine and copy all documents to an external medium.
Are my files infected?
Almost the same answer as to your first question.
In case your files have been created under Linux Mint using Linux provided applications, then they will be clean. (Extremely likely, they will.)
In case you had copied document files from an infected Windows system onto your Linux Mint system, then any document file, infected by Windows malware, will still be infected.
You might upload any suspicious document file to Virustotal and check whether it is infected really or not.

In case you absolutely must check your documents using ClamAV, then switch off PUA testing. It is crap.
Image
Linux Mint 19.2 64-bit Cinnamon, Total Commander 9.22a 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

User avatar
zcot
Level 5
Level 5
Posts: 596
Joined: Wed Oct 19, 2016 6:08 pm

Re: Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by zcot » Thu Dec 05, 2019 12:08 am

karlchen wrote:
Wed Dec 04, 2019 5:48 pm
In case you had copied document files from an infected Windows system onto your Linux Mint system, then any document file, infected by Windows malware, will still be infected.
Just to add, a Windows virus/malware/whatever doesn't function the same way under Linux. There's plenty of discussion about the vast detail implementation possibility and effects of said file(s), but in other words, I'm just saying that doesn't mean that Linux is now infected and you're in trouble. -it doesn't work that way.

Could not resolve 'ftp.utexas.edu' seems like it would point to an issue with dns. If you can visit that link in your browser then you know it's getting resolved to the end ip, otherwise not.

pampickle1
Level 1
Level 1
Posts: 2
Joined: Wed Dec 04, 2019 3:25 pm

Re: Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by pampickle1 » Thu Dec 05, 2019 3:49 am

Thank you all for your responses.
I will check here first from now on.
Could someone please advise me about where to look for why I can’t use the Update feature? I assumed it wasn’t working because my computer was infected (there is a Trojan horse on the computer), but if that’s not it, how can I get Updating to work again? That’s so important, and I’m stuck.
Thanks very much for your time and trouble to help me. I appreciate it very much.
Pam Bickell

User avatar
Moem
Level 19
Level 19
Posts: 9753
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Can't Update/Scanned/Exploit/Trojan.Xored-1

Post by Moem » Thu Dec 05, 2019 5:31 am

pampickle1 wrote:
Thu Dec 05, 2019 3:49 am
there is a Trojan horse on the computer
Is there, though? Was Linux Mint intalled next to Windows, or instead of it?
You can scan any files that you are worries about, using an online service such as mentioned by Karlchen.

As for updating, your machine seems to be querying 'ftp.utexas.edu' and seems to have trouble connecting to it. Maybe that mirror server is having problems. Open Software Sources, choose different mirrors on the Official Repositories tab, and see if that helps.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

Post Reply

Return to “Newbie Questions”