Ubuntu

recurrent virus problem

Asked by Benjamin

For the second time now, I have had a virus. The way that the virus operates is that it occupies more and more system memory until the computer becomes useless.

It seems that somewhere out there someone has got hold of my IP address, and is going to continue doing this now, because it gives them some kind of kick.

ClamAV does not help for two reasons. 1) It cannot actually PREVENT infection, and 2) it cannot scan system areas because of "Access Denied". AVG does not work at all because of "Permission Denied".

Is there any way at all that I can stop this happening, or should I just accept that Ubuntu allows outside people to install malicious software on my machine?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
GREG T.
Solved:
Last query:
Last reply:
Revision history for this message
François Tissandier (baloo) said : 		#1

A virus eating all your memory? Seems weird. Are you sure it's not simply a memory leak in one application? There are very very few viruses on Ubuntu, and unless your computer is connected directly to the Internet (no router), it's quite hard to attack it from the outside.

As you know your memory is getting full, can you check which process is doing that? (in the system monitor)

Revision history for this message
Benjamin (skivvy51) said : 		#2

Hi :)

The system monitor does not show any process that is using that much memory, and the problem occurs even when no applications are running.

As soon as the computer starts up, RAM usage is already close to maximum and the SWAP file starts increasing, by about 100MB every minute, until the computer is useless.

This is why I am wondering whether someone is installing a process somewhere "behind the scenes"?

Revision history for this message
Benjamin (skivvy51) said : 		#3

Hi :)

The system monitor does not show any process that is using that much memory, and the problem occurs even when no applications are running.

As soon as the computer starts up, RAM usage is already close to maximum and the SWAP file starts increasing, by about 100MB every minute, until the computer is useless.

This is why I am wondering whether someone is installing a process somewhere "behind the scenes"?

Revision history for this message
GREG T. (ubuntuer) said : 		#4

 the last time you posted about a virus , the virus was one that attacks routers . is this correct ? how is your internet provider ? is it a desktop or laptop ? do you use wireless or hardwire ?

Revision history for this message
François Tissandier (baloo) said : 		#5

Ouch, never heard anything like that.
How much Ram do you have ?
And I think the process should appear in one of the tools...
If you install htop (run this in a terminal: "sudo apt-get install htop"), run it (open a terminal, type htop), sort the processes by memory (press F6, down arrow, enter, it should select "MEM" as the sort criteria), do you see anything eating all your memory ?

Revision history for this message
GREG T. (ubuntuer) said : 		#6

 shut down disconnect internet then restart and check system monitor see what it says .

Revision history for this message
oocevin (ccct007) said : 		#7

Are you running Ubuntu only or are you running
dual boot with windows as one of your OS?

Like Greg advised that the virus could be in your
wireless!!!

Revision history for this message
Benjamin (skivvy51) said : 		#8

I connect to the internet using a router, only using a cable. The wireless connection on the router is permanently switched off, so it is unlikely to be coming through there.

I am only running Ubuntu, nothing else. As if I would use Windows........... :-)

I have 1GB of RAM and the SWAP file is 2.7GB. Usually when the system has started up and no apps are running, the memory usage is about 270MB, which is nice. Even with several apps open, the memory usage never goes past about 600MB.

The problem occurs without being connected to the internet. It happens when the computer starts up.

However, at the moment the problem is gone because I have re-installed Ubuntu. I have found that re-installation gets rid of the problem. This is obviously not so convenient, but it works.

So I have decided on the following course of action. I will install htop, and next time the problem occurs I will check on what is using all the memory.

Thank-you all!

Revision history for this message
GREG T. (ubuntuer) said : 		#9

now that you have done a reinstall go to synaptic package manager and remove remote desktop access and remote desktop viewer .

Revision history for this message
GREG T. (ubuntuer) said : 		#10

after you remove remote access , install firestarter fire wall from software center .

Revision history for this message
Best GREG T. (ubuntuer) said : 		#11

 after finding a new bug i found this and suggest if you have a problem with ram usage again that you re download then burn and then install and update .
 this is what i found http://www.ubuntu.com/usn/usn-1000-1

Revision history for this message
Benjamin (skivvy51) said : 		#12

After some weeks have passed there has been only one recurrence of the problem, which mysteriously went away without re-installation. It looks like it was a bug in the operating system after all. Many thanks for your assistance!

Revision history for this message
Benjamin (skivvy51) said : 		#13

Thanks GREG T., that solved my question.