got a trojan /?????/////

Asked by GREG T. on 2010-02-16

the trojan came by email ,, marked as junk to delete it ,[ before i opened it ]closed thunderbird to delete all trash ; then did a virus scan the virus/trojan was still found .. the trojan was mailed as ups unable to deliver message.. i got this before had to re install 9.10 to get ride of it ,this was about two weeks ago,, and now it is back !!!!

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
GREG T.
Solved:
2010-02-16
Last query:
2010-02-16
Last reply:
2010-02-16
GREG T. (ubuntuer) said : #1

just wanted that i have a single install of ubuntu 9.10

Ryan Dwyer (ryandwyer) said : #2

It's likely a Windows trojan and isn't actually running. It's just a Windows file sitting there. Virus scanners for Ubuntu scan for Windows viruses which is why it's flagging it.

Just delete the file.

GREG T. (ubuntuer) said : #3

 i marked as junk to delete it, then closed thunderbird to empty trash / delete it ... but i can not delete at virus scanner it still show s up even after restarting my pc

Are you running a virus scanner on your Linux box? This is probably not needed. You could just manually delete it instead of leaving it up to closing thunderbird hooks to manage it.

GREG T. (ubuntuer) said : #5

ok ! i have thunderbird set so if i mark as junk it deletes it,, then when i close thunderbird it empties the trash. i have clam av installed '' " just because !!! SO ! how do i find it in system log or email log to delete it ??

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remove ClamAV. Also, please use proper English with proper punctuation.
As stated, you should just manually delete it instead of letting
Thunderbird do it. More the message to the trash, go into the trash and
delete it from there.

On Tue, 16 Feb 2010 15:21:33 -0000
greg toler <email address hidden> wrote:

> Question #101275 on Ubuntu changed:
> https://answers.edge.launchpad.net/ubuntu/+question/101275
>
> Status: Answered => Open
>
> greg toler is still having a problem:
> ok ! i have thunderbird set so if i mark as junk it deletes it,, then
> when i close thunderbird it empties the trash. i have clam av installed
> '' " just because !!! SO ! how do i find it in system log or email
> log to delete it ??
>

- --
Michael Lustfield
Kalliki Software

Network and Systems Administrator
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkt6ue8ACgkQ3y7Nst6YLGWNcwCfXljBVX6uvDscR7IpMLELXfxr
Ol8AoKWTmIdnL+xN+MKm1NPDUUhsIFqM
=l8f+
-----END PGP SIGNATURE-----

GREG T. (ubuntuer) said : #7

 HOW MADE YOU GOD OF U.S. ENGLISH MICHEAL ?? if you don`t like the way people address launchpad then stay out of it.,.....

i still have the problem how to find it and where.

It is good to use proper punctuation and language as it makes the solution and flow easier to follow for non-native english speakers having the same issue. If you type or express issues and effects in a weird way then it may confuse users.

Chill out.

You can use file searches to try and find the file and maybe manually delete it.

GREG T. (ubuntuer) said : #9

actionparsnip wrote:
> Your question #101275 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/101275
>
> Chill out.
>
> You can use file searches to try and find the file and maybe manually
> delete it.
>
> i have tried to find it ,just not sure where to look . i have thunderbird set when i mark as junk it is deleted and also to empty trash when closeing thunderbird. i did call my isp ,they found the email i got and put it in there systems block list . so some good did come out of this. my problem is that some of the people that try to answer questions on launchpad know less than i do. my frist ubuntu install was 7.10 and i have the book how to do everything ubuntu . but in this case it does not help .besides where to look can you tell me if there is a ubuntu team close to sedalia missouri USA . i have tried to contact the one listed for missouri but got no answer. that was a while back about three months ago.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think you should see this site:
http://www.ubuntu.com/community/conduct/

You've been asked to follow correct english. This is because it's
extremely hard to understand what you are asking. It is also very hard
to follow the responses you are providing.

If you're using POP3 (downloading the messages for local handling),
then you will find the messages at ~/.mozilla-thunderbird/.

There is an active Missouri LoCo Team:
https://edge.launchpad.net/~ubuntu-missouri

In the future, please be more respectful to those that are trying to
help you.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkt7CRwACgkQ3y7Nst6YLGXu6QCgpg473+4qHgeeuIThijmii9Tn
PLsAniilwDdasyhfquFB7wQESEGB9D3L
=o3r/
-----END PGP SIGNATURE-----

If you want to search for the file, just search your $HOME which is where your emails are stored (in some hidden folder someplace)

Should help. If you have told thunderbord to leave emails on the server you could create a new profile and redownload the mails less the virus' file. If not then you can always create a pst of the current mials to transfer to a new profile

I'd see if any better solutions crop up, if the virus is a windows virus then you have no worries.

GREG T. (ubuntuer) said : #12

problem solved by myself deleted ubuntu 9.10. used gpart live.. then reinstalled ,and tweaked to my liken..........................................................

Seth Arnold (seth-arnold) said : #13

I hope you do not reinstall every time you get a windows virus in the mail.

When a database-backed mail program 'deletes' a mail, it may just mark the mail as deleted in its databases. It might not actually reclaim the drive space until another email comes in, or a few hundred emails come in, or ever. (Compacting databases can take a long time and doesn't provide huge benefits. Some programs schedule their database cleanings weekly or monthly.)

I'm not sure what Thunderbird does, but it might offer a 'compact database' menu entry somewhere, so that you can run the compaction manually. It might be marked 'garbage collection' or 'cleanup' or who knows what. :)

GREG T. (ubuntuer) said : #14

 this was the second windows virus , in over two years of using ubuntu and both were from the same place[[ ups unable to deliver ]] .. thunderbird has a lot of security settings ,and i have learned to set all of them thanks to isp tech supports . i also use HOWTO: Cleaning up all those unnecessary junk files... http://ubuntuforums.org/showthread.php?t=140920 when ever i just want to. i am disabled so i spend 6-8 hr a day every day in front of my ubuntu pc. getting pretty good at typing one handed. if that virus was left on my pc it could not be found . but even after reinstalling virus scanner it still showed that a virus had been found.. and that is why i reinstalled ubuntu !! ...

GREG T. (ubuntuer) said : #15

if you want to check for trojan or virus use sudo apt-get install chkrootkit THEN RUN IT sudo chkrootkit . you will get a nice read out !!!!