omg a virus in linux? - Page 3
FedoraForum.org - Fedora Support Forums and Community
Page 3 of 3 FirstFirst 1 2 3
Results 31 to 33 of 33
  1. #31
    Join Date
    Jan 2010
    Posts
    892

    Re: omg a virus in linux?

    YUM told you to use */tsk or *bin/tsk.
    Warning: 3.0.x versions of yum would erroneously match against filenames.
    You can use "*/tsk" and/or "*bin/tsk" to get that behaviour
    No Matches found
    So if you try:
    yum provides */tsk

    or maybe

    yum provides */tsk*
    it should work.

  2. #32
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Re: omg a virus in linux?

    thanks
    ok so heres what i did
    Code:
    [root@localhost robert]# yum provides */tsk* 
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    google-chrome                                            |  951 B     00:00     
    rpmfusion-free-updates                                   | 2.8 kB     00:00     
    updates/metalink                                         |  18 kB     00:00     
    fedora/filelists_db                                      |  15 MB     00:24     
    google-chrome/filelists                                  |  10 kB     00:00     
    rpmfusion-free/filelists_db                              | 336 kB     00:00     
    rpmfusion-free-updates/filelists_db                      | 228 kB     00:00     
    updates/filelists_db                                     | 7.1 MB     00:11     
    sleuthkit-3.0.1-3.fc12.i686 : The Sleuth Kit (TSK)
    Repo        : fedora
    Matched from:
    Filename    : /usr/share/tsk3/sorter/images.sort
    Filename    : /usr/share/tsk3/sorter/windows.sort
    Filename    : /usr/share/tsk3/sorter/default.sort
    Filename    : /usr/share/tsk3/sorter/linux.sort
    Filename    : /usr/share/tsk3
    Filename    : /usr/share/tsk3/sorter/solaris.sort
    Filename    : /usr/share/tsk3/sorter
    Filename    : /usr/share/tsk3/sorter/freebsd.sort
    Filename    : /usr/share/tsk3/sorter/openbsd.sort
    
    
    
    sleuthkit-devel-3.0.1-3.fc12.i686 : Development files for sleuthkit
    Repo        : fedora
    Matched from:
    Filename    : /usr/include/tsk3/fs/tsk_iso9660.h
    Filename    : /usr/include/tsk3/fs/tsk_ext2fs.h
    Filename    : /usr/include/tsk3/fs/tsk_hfs.h
    Filename    : /usr/include/tsk3
    Filename    : /usr/include/tsk3/tsk_incs.h
    Filename    : /usr/include/tsk3/vs/tsk_mac.h
    Filename    : /usr/include/tsk3/fs/tsk_fs.h
    Filename    : /usr/include/tsk3/hashdb
    Filename    : /usr/include/tsk3/fs
    Filename    : /usr/include/tsk3/vs/tsk_bsd.h
    Filename    : /usr/include/tsk3/img/tsk_img.h
    Filename    : /usr/include/tsk3/hashdb/tsk_hashdb.h
    Filename    : /usr/include/tsk3/vs
    Filename    : /usr/include/tsk3/img
    Filename    : /usr/include/tsk3/vs/tsk_sun.h
    Filename    : /usr/include/tsk3/base/tsk_base.h
    Filename    : /usr/include/tsk3/fs/tsk_ffs.h
    Filename    : /usr/include/tsk3/base
    Filename    : /usr/include/tsk3/vs/tsk_dos.h
    Filename    : /usr/include/tsk3/libtsk.h
    Filename    : /usr/include/tsk3/vs/tsk_vs.h
    Filename    : /usr/include/tsk3/vs/tsk_gpt.h
    Filename    : /usr/include/tsk3/fs/tsk_ntfs.h
    Filename    : /usr/include/tsk3/fs/tsk_fatfs.h
    Filename    : /usr/include/tsk3/base/tsk_os.h
    
    
    
    [root@localhost robert]# yum reinstall tsk3
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    Setting up Reinstall Process
    No Match for argument: tsk3
    Nothing to do
    [root@localhost robert]# yum reinstall sleuthkit
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    Setting up Reinstall Process
    No Match for argument: sleuthkit
    Package(s) sleuthkit available, but not installed.
    Nothing to do
    [root@localhost robert]# yum install sleuthkit
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    Setting up Install Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package sleuthkit.i686 0:3.0.1-3.fc12 set to be updated
    --> Processing Dependency: sleuthkit-libs = 3.0.1-3.fc12 for package: sleuthkit-3.0.1-3.fc12.i686
    --> Processing Dependency: mac-robber for package: sleuthkit-3.0.1-3.fc12.i686
    --> Processing Dependency: libtsk3.so.3 for package: sleuthkit-3.0.1-3.fc12.i686
    --> Processing Dependency: libafflib.so.0 for package: sleuthkit-3.0.1-3.fc12.i686
    --> Processing Dependency: libewf.so.1 for package: sleuthkit-3.0.1-3.fc12.i686
    --> Running transaction check
    ---> Package afflib.i686 0:3.4.1-1.fc12 set to be updated
    ---> Package libewf.i686 0:20080501-9.fc12 set to be updated
    ---> Package mac-robber.i686 0:1.00-3.fc12 set to be updated
    ---> Package sleuthkit-libs.i686 0:3.0.1-3.fc12 set to be updated
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package               Arch        Version                  Repository     Size
    ================================================================================
    Installing:
     sleuthkit             i686        3.0.1-3.fc12             fedora        136 k
    Installing for dependencies:
     afflib                i686        3.4.1-1.fc12             fedora        127 k
     libewf                i686        20080501-9.fc12          fedora         75 k
     mac-robber            i686        1.00-3.fc12              fedora         15 k
     sleuthkit-libs        i686        3.0.1-3.fc12             fedora        183 k
    
    Transaction Summary
    ================================================================================
    Install       5 Package(s)
    Upgrade       0 Package(s)
    
    Total download size: 537 k
    Installed size: 1.5 M
    Is this ok [y/N]: y
    Downloading Packages:
    Setting up and reading Presto delta metadata
    fedora/prestodelta                                       | 1.3 kB     00:00     
    Processing delta metadata
    Package(s) data still to download: 537 k
    (1/5): afflib-3.4.1-1.fc12.i686.rpm                      | 127 kB     00:00     
    (2/5): libewf-20080501-9.fc12.i686.rpm                   |  75 kB     00:00     
    (3/5): mac-robber-1.00-3.fc12.i686.rpm                   |  15 kB     00:00     
    (4/5): sleuthkit-3.0.1-3.fc12.i686.rpm                   | 136 kB     00:00     
    (5/5): sleuthkit-libs-3.0.1-3.fc12.i686.rpm              | 183 kB     00:00     
    --------------------------------------------------------------------------------
    Total                                           237 kB/s | 537 kB     00:02     
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
      Installing     : libewf-20080501-9.fc12.i686                              1/5 
      Installing     : afflib-3.4.1-1.fc12.i686                                 2/5 
      Installing     : sleuthkit-libs-3.0.1-3.fc12.i686                         3/5 
      Installing     : mac-robber-1.00-3.fc12.i686                              4/5 
      Installing     : sleuthkit-3.0.1-3.fc12.i686                              5/5 
    
    Installed:
      sleuthkit.i686 0:3.0.1-3.fc12                                                 
    
    Dependency Installed:
      afflib.i686 0:3.4.1-1.fc12           libewf.i686 0:20080501-9.fc12            
      mac-robber.i686 0:1.00-3.fc12        sleuthkit-libs.i686 0:3.0.1-3.fc12       
    
    Complete!
    [root@localhost robert]# yum install sleuthkit-devel
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    Setting up Install Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package sleuthkit-devel.i686 0:3.0.1-3.fc12 set to be updated
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package                 Arch         Version              Repository      Size
    ================================================================================
    Installing:
     sleuthkit-devel         i686         3.0.1-3.fc12         fedora          46 k
    
    Transaction Summary
    ================================================================================
    Install       1 Package(s)
    Upgrade       0 Package(s)
    
    Total download size: 46 k
    Installed size: 185 k
    Is this ok [y/N]: y
    Downloading Packages:
    Setting up and reading Presto delta metadata
    Processing delta metadata
    Package(s) data still to download: 46 k
    sleuthkit-devel-3.0.1-3.fc12.i686.rpm                    |  46 kB     00:00     
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
      Installing     : sleuthkit-devel-3.0.1-3.fc12.i686                        1/1 
    
    Installed:
      sleuthkit-devel.i686 0:3.0.1-3.fc12                                           
    
    Complete!
    i did also try the others that it told me but all it said was nothing found
    Last edited by noobusinglinux; 24th April 2010 at 08:04 PM.

  3. #33
    Join Date
    Oct 2009
    Posts
    824

    Re: omg a virus in linux?

    Quote Originally Posted by noobusinglinux
    hi guys
    ok so my friend had some a a game need for speed carbon that he gave me to play in wine on feoora 12 it was shortly after that i started to notice things like blender weren't working i thaught i could jus be coincidental but then i started to notice the files thumbs.db and desktop. ini witch i know to be virus components so i erased them from his portable drive by using trash and permanently deleting them then the files that couldnt be erased it said no sutch fil or directory i deleted the folder for trash that was on the drive and emailed him to let him know about the fies so he ran a scan on his computer and the antivirus software in windows crashed when scanning the entire disk so when i go home i searched for thumbs.db and desktop.ini and i found one in a chess game that ive now removed "chess" and desktop.ini<nothing found>
    so naturally i ran a full scan of my computer using klamav and found about 90 encrypted zips under libraries and i also found that a few games in wine that i got from his hard disk were categorized as trojan-downloaders there were 4 and so when it was done i quite blindly highlighted all of them right click and quarantined
    not realizing that al the libs are in there it quarentined every second file on the list and it only deleted one of the trojan downloaders
    i also removed all of wine and its components
    and now he current symptoms of my computer are
    various icons are missing Klamav wont run the clock for gnome is gone and i cant add it to the panel all files in desktop are still there but there's no icons a and the file browser doesn't work
    here is screen-shots
    so can anyone tel me how to get klamav up and running again so i can restore the libraries
    i also curious to know if there is a way to delete from the unix terminal
    I am finding this thread and YOUR ACTIONS in particular, to be quite comical.

    First off, despite some of the claims, a windoze virus certainly CAN affect Linux, specifically because WINE is able to run windoze nonsense (one of the reasons why I don't use wine).

    Now although the more sophisticated viruses won't work since they depend on certain non-existent windoze components, they can still wreak havoc by breaking any kind of files to which YOU have GRANTED THEM WRITE ACCESS.

    And of course, the WAY you granted them write access is by running said windoze virus/process as some user who happens to have certain write access to the system.

    Now goes like this: If you run the windoze virus/process AS ROOT, then there is no limit to the havoc it can cause! As a windoze-conditioned user, you are used to running EVERYTHING as root because virtually NOTHING works withOUT root privileges in windoze.

    If you run the windoze virus/process as a limited user, then the scope of the damage it can cause is to that user's home directory.

    SPECIFICALLY, when running windoze nonsense, KNOWING the chances that it could be a virus, you should create yourself a SPECIAL WINDOZE-ONLY USER for running windoze nonsense and "sudo -u windozeuser possiblevirusprocess" to run it!! This will be able to even protect your primary linux user account from the potentially damaging effects of a windoze process.

    Now here's the thing.... because you let it go through your whole system, it has basically done all kinds of nasty damage that is beyond your ability to clean. I therefore suggest that you wipe and start over, keeping in mind all suggestions to isolate your potentially dangerous processes by user permissions for the future. In other words, don't do that again! If your windoze-user account gets damaged by virii, simply delete that account and create a new one.

Page 3 of 3 FirstFirst 1 2 3

Similar Threads

  1. Can Linux get a Virus? YES!
    By Magickman in forum Security and Privacy
    Replies: 60
    Last Post: 8th June 2009, 03:41 AM
  2. Replies: 0
    Last Post: 22nd September 2008, 06:48 AM
  3. Virus in Linux?
    By offcenter77 in forum Linux Chat
    Replies: 14
    Last Post: 14th May 2007, 02:20 AM
  4. Virus Scanner for Linux
    By tamilian in forum Using Fedora
    Replies: 11
    Last Post: 25th July 2004, 12:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •