Virus on Ubuntu

Asked by gavoby on 2009-02-17

My computer was freezing on me so I ran a scan with clam. It reported 7 viruses. How do I remove them? thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu clamav Edit question
Assignee:
No assignee Edit question
Solved by:
gavoby
Solved:
2009-02-17
Last query:
2009-02-17
Last reply:
2009-02-17
gavoby (gavobyrne) said : #1

the virus was Adware.Onestep-13

Tom (tom6) said : #2

Wow, i didn't know any viruses existed for linux. You almost deserve a prize for having found some. To get rid of them try going up to the top task-bar and click on

Applications - Accessories - Terminal

Into the terminal/command window/console try typing

clamscan --help

note the double - sign. This should give a handy-hints help-file on how to use clam to do a great variety of things. Usually the list is just a few lines long but for clam it's quite a few lines and i didn't have time to fully explore - sorry

Good luck and regards from
Tom :)

gavoby (gavobyrne) said : #3

cool I'll try it cheers

Tom (tom6) said : #4

I think the best option is

clamscan --move=/home/Quarantine

looks best although you might have to set up the Quarantine folder first. Good luck with this and please let me know how you get on. I set up "Adblock Plus" in firefox extensions off the Tools menu as it seems to speed up surfing anyway.

As before
Good luck and regards from
Tom :)

gavoby (gavobyrne) said : #5

I found out how to do it thanks for your help,

Philip Wyett (philwyett) said : #6

Please see:

https://help.ubuntu.com/community/ClamAV

Can you tell us where this infection is located i.e. the file and location? Can you also give more information of how and when the system locks up?

I doubt this is a Linux virus at all but a malformed file that has come from and external source!

Regards

Phil

Tom (tom6) said : #7

You're welcome, nicely done :)

Regards from
Tom :)

gavoby (gavobyrne) said : #8

It had something to do with update cab if i remember correctly, as to when it was freezing it waas at random times, i dont even know yet if the computer freezing was linked to this virus but i will let you know if it happens again
sorry but i'm far from an expert on any computers hence the lack of info

Tom (tom6) said : #9

It's ok, sometimes people give toooo much info so it's best to ask just as you did and let people decide what extra info they need. In this case you were able to follow through what most people would describe as very technical and solved the problem yourself really. Nicely done :)

I like the command-line for having "predictive text" or "autocomplete", just press Tab a few times while typing in a command or path name and you'll soon see what i mean. Doing a double-click with the Tab key can be useful too.

Good luck and regards from
Tom :)

gavoby (gavobyrne) said : #10

Thanks Tom much appreciated

W. Prins (wprins) said : #11

To be clear: This is __not__ a Linux virus, or even a Windows virus, but in fact Windows malware/adware. The only way your Linux system can possibly be directly operationally affected by this, is if you're running WINE and somehow get it installed on your WINE installation. It will of course only affect your WINE installation then, and removing/cleaning up WINE will remove the problem, which compared to cleaning up a full Windows installation is trivial. For reference, see: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2

peter (peter-neuweiler) said : #12

Hi gavoby

How did you find out that the virus is part of Ubuntu? Thanks.
Peter

Tom (tom6) said : #13

lol, this is a solved problem - no need for drama or excitment.  In Windoze a drop in performance would have had me defragmenting (especially the pagefile.sys) and doing "Scan-disk" and of course a virus scan - usually that's enough to fix it but if not then i'd admit defeat and install linux and/or get some more ram.  I supect the virus was a Windoze one looking a bit lost and sheepish in linux but whatever it was it's good to know it's gone now.  If the drop in performance remains after a reboot now then it'd be good to see that posted as a new question.

Good luck and have fun all :)
Regards from
Tom :)

Tom (tom6) said : #14

lol, i've just been reading up on the link someone here kindly gave about lnux virus(es) and they both sound very funny.  I prefer blis which was initially available as an 'alpha' release but then made it as far as a 'beta'.  I like the command line option it has built in, something like "bliss-uninstall-please" which actually does uninstall bliss from all the prgrams it infected.  It even keeps a log of which programs it infected so you can check for yourself.  Rofls, what an amazing virus! :))