Ubuntu

Virus found?

Asked by Richard A Bevis

Virus Scanner says, Viruses Found: 1. Scanning Results Window says, Possible email file - please manually quarantine or delete it. File: /home/richard/.mozilla/firefox-3.5/pu16zd0t.default/Cache/D5B33542d01. Status: PUA.Script.Packed-2. Right clicking the file from the Scanning Results Window doesn't let me q or d. Searching for the file in file browser or google yields nothing. Is this file really a virus, and if so, how do I get rid of it? Thank you for your time and attention.

Richard

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Tom
Solved:
Last query:
Last reply:
Revision history for this message
Best Tom (tom6) said : 		#1

Hi

https://help.ubuntu.com/community/Antivirus

It's worth bearing in mind that false-positives are more likely than a real virus in a linux system and even if you do have a linux virus it's unlikely to be able to do anything unless you run it with root privileges
https://help.ubuntu.com/community/RootSudo

Windows viruses can not affect a linux system, well there's 1 but it's been dead for a few years and i doubt your system is that out-of-date.

Probably the easiest thing to try is to move the file into a new folder called "Quarantine" - i would make this folder in your "Documents" folder. That should be enough to stop it being run by whichever program uses it.

If it was an infected linux file then run a "fix broken packages" to pull in an uninfected replacement, if it was a vital file. However, it looks as though it was not a system file so probably "Fix broken packages" will find no need to pull any replacements in.

You can find the file itself by opening a terminal/command window/console
https://help.ubuntu.com/community/UsingTheTerminal
and type in

cd /home/richard/.mozilla/firefox-3.5/pu16zd0t.default/Cache/
ls

The "ls" command is a lower-case "LS" and shows a LiSt of what's in the folder. Then just move it with

mv DodgyFileName /home/richard/Documents/Quarantine
ls

If this 2nd "ls" shows the file is still there then just delete it. Doing

cd /home/richard/Documents/Quarantine
ls

should show the quarantined file in there

Good luck and regards from
Tom :)

Revision history for this message
Richard A Bevis (ra-bevis) said : 		#2

Hello Tom,

Thank you for your quick response. I checked synaptic package manager and no packages are broken. Before that however I simply typed "rm /home/richard/.mozilla/firefox-3.5/etc...named file in the terminal. Then when I ran a Virus Scan again it said no viruses were found. So, whatever it was, is gone. Recently coming from that other OS the only experience with commands I have is "CHKDSK." Therefore, I am extremely appreciative of your help with the terminal and the incredible support from the community in general. Have a great day.

Richard

Revision history for this message
Richard A Bevis (ra-bevis) said : 		#3

Thanks Tom, that solved my question.

Revision history for this message
Tom (tom6) said : 		#4

Hi :)

Yes it's a huge relief to be so much safer just by using a different OS. I would have kept a copy of the potentially infected file just to be able to show it off, and perhaps also to show it to the ClamAv people just in case it was a new virus - although that's unlikely when people get far more kudos from developing apps & cool widgets.

There's a handy guide for looking up odd thing now and then
https://help.ubuntu.com/community/SwitchingToUbuntu/FromWindows
and you might want to poke around in your preferences by going to the "Edit" menu in Firefox. Also the Add-on "Adblock Plus" in the "Tools" menu helps by eliminating pop-ups, if you ever get those ;)

This link could help sort out all your multimedia if you haven't already :)
https://help.ubuntu.com/community/Medibuntu
it's good to have a step-by-step guide like that for sorting all that out.

Good luck and regards from
Tom :)