Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advice on clamav discovered items.


  • Please log in to reply
36 replies to this topic

#1 bwrighttwo

bwrighttwo

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 15 July 2014 - 10:32 PM

Win.Worm.Chir-553  

Win.Worm.Chir-551

media/sr0/boot/mhdd/mhdd.gz

I have read the Microsoft links on the first two items.

Herre is an interesting link on the last item.   http://superuser.com/questions/341708/how-to-set-default-permissions-for-all-applications-to-a-windows-7-image


Edited by hamluis, 16 July 2014 - 06:42 AM.
Moved from Linux to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:05 PM

Posted 15 July 2014 - 10:58 PM

This is a Windows issue. What has Microsoft got to do with Linux?

 

You would have to talk to the Malware Response Team.

 

 

You need to go to  Am I infected? What do I do?

 

 We are not Trained Malware removal experts.


Edited by NickAu1, 15 July 2014 - 11:28 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#3 alvarnell

alvarnell

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 15 July 2014 - 11:04 PM

Actually it's a bit bigger than that. It identifies to files that are part of every OS X since at least 2010 that are part of Python 2.6 and 2.7.  

 

I've submitted them as FP's and posted the question on clamav-users e-mail list.



#4 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 15 July 2014 - 11:10 PM

Actually it's a bit bigger than that. It identifies to files that are part of every OS X since at least 2010 that are part of Python 2.6 and 2.7.  

 

I've submitted them as FP's and posted the question on clamav-users e-mail list.

Not sure what FP's are.



#5 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 15 July 2014 - 11:15 PM

Does that mean that I have finally hit the right combination that shows I actually have an issue?



#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:05 PM

Posted 15 July 2014 - 11:17 PM

Did you use Clam AV  In Linux to scan Windows?

 

Malware Response Team Member PM'ed for advice.


Edited by NickAu1, 16 July 2014 - 12:04 AM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#7 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 16 July 2014 - 12:16 AM

This also seems to have relavance.

 

 

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Faccess.redhat.com%2Fdocumentation%2Fen-US%2FRed_Hat_Enterprise_Linux%2F5-Beta%2Fpdf%2FInstallation_Guide%2FRed_Hat_Enterprise_Linux-5-Beta-Installation_Guide-en-US.pdf&ei=iwnGU8vQGYWlyASI6ILIBQ&usg=AFQjCNFbzD7VsLa8EP0l2Q6M922A_ychcQ&bvm=bv.71126742,d.aWw&cad=rja



#8 Al1000

Al1000

  • Global Moderator
  • 7,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 16 July 2014 - 12:21 AM

Not sure what FP's are.


''False Positives.'' Clam AV is notorious for reporting them.

What disc did you have in your CD/DVD drive when you performed the scan?

#9 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 16 July 2014 - 12:21 AM

Did you use Clam AV  In Linux to scan Windows?

 

Malware Response Team Member PM'ed for advice.

Yes i am running a live disk. I scanned directory/filesystem  and also root.



#10 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 16 July 2014 - 12:23 AM

 

Not sure what FP's are.


''False Positives.'' Clam AV is notorious for reporting them.

What disc did you have in your CD/DVD drive when you performed the scan?

 

Parted magic



#11 Al1000

Al1000

  • Global Moderator
  • 7,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 16 July 2014 - 12:30 AM

Parted magic


That's what the 3rd result concerns.

#12 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:05 PM

Posted 16 July 2014 - 12:31 AM

 

Did you use Clam AV  In Linux to scan Windows?

Yes i am running a live disk. I scanned directory/filesystem  and also root.

Yes I figured that.  This is a Windows issue.  You would have to talk to the Malware Response Team.
 
 
You need to go to  Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Without trained help just using ClamAV to remove suspected dirty files from Windows could Damage the OS making it unbootable. And It may not be effective anyway.

 

In future if you use a Live Linux disk to scan windows please do not post questions in the Linux section, Post them in the correct Windows section so you can get help.

 

Most of the time the Malware Response Team do not even come into this section.

 

And the Moderators only come here to keep me inline.

 

.


Edited by NickAu1, 16 July 2014 - 04:50 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#13 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 16 July 2014 - 09:38 AM

 

 

Did you use Clam AV  In Linux to scan Windows?

Yes i am running a live disk. I scanned directory/filesystem  and also root.

Yes I figured that.  This is a Windows issue.  You would have to talk to the Malware Response Team.
 
 
You need to go to  Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Without trained help just using ClamAV to remove suspected dirty files from Windows could Damage the OS making it unbootable. And It may not be effective anyway.

 

In future if you use a Live Linux disk to scan windows please do not post questions here, Post them in the correct Windows section so you can get help.

 

Most of the time the Malware Response Team do not even come into this section.

 

And the Moderators only come here to keep me inline.

 

.

 

Have you looked at my past content.  I will try again though.
 Thanks for your time.

 

Looks like someone already moved it to "Am I Infected"


Edited by bwrighttwo, 16 July 2014 - 09:44 AM.


#14 oicTech

oicTech

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 16 July 2014 - 10:03 AM

Actually it's a bit bigger than that. It identifies to files that are part of every OS X since at least 2010 that are part of Python 2.6 and 2.7.  

 

I've submitted them as FP's and posted the question on clamav-users e-mail list.

 

hey alvarnell,

 

nicnac from clamav forum here. We have hit this one as well, the malware reported in this thread and I found it by doing a google search. Will be interested to hear what you guys find.

 

(I'll also reply about the Citi issue in that forum)



#15 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:05 AM

Posted 16 July 2014 - 11:46 PM

 

 

Without trained help just using ClamAV to remove suspected dirty files from Windows could Damage the OS making it unbootable. And It may not be effective anyway.

+1! :thumbup2:

 

I learned this the hard way, about 2 months back. ClamAV (&TK) are for Linux scanning only. These sees most all ".exe" files as malicious, because they don't belong on a Linux system, unless one is running WINE. If one cleans these files, with no professional assistance, then the Windows install will surely be unbootable & can vouch for it. Over 2,000 "malicious files" were found, I deleted only the few that looked out of the ordinary & was left with an unbootable Windows 7 Pro. 

 

Fortunately, I had a backup image taken just two days earlier to fall back on, as my computers are backed up on a schedule, afterwards the external drive is disconnected. This prevents a Crypto type of infection from also encrypting my backups, making these useless. I also alternate backup drives, not hinging all of my trust on one hard drive. Backup or external drives are also prone to failure. Though many times with retail pre-assembled backup drives, it's the connectors or possibly the cable that goes bad. Normally I can carefully crack one of these open & the drive will work as good or better in a docking station. 

 

There is a separate ClamAV for Windows, that's designed to work with that OS. 

 

One cannot believe everything that's posted on the Internet in regards to cleaning Windows with Linux Live install media. However one can retrieve files (folders that contains irreplaceable data) from a badly corrupted Windows using this option, there are tutorials on how to perform this safely. 

 

If one's Windows install is infected, then as Nick noted above, then create a topic in the "Am I Infected" section of the Forum. 

 

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

 

This section gets many requests for assistance, so if your need is immediate, such as a work/school computer, it would be best to go to a reputable IT repair service. And by that, I don't mean the Geek Squad at Best Buy or other places that offers the service. I strongly advise all who reads this to steer clear of their service, as I've repaired some of their shoddy work. 

 

Should one post for assistance in the section above, patience is a virtue. The Malware Response Team is very busy & when you get contacted, be sure to promptly respond. Be sure to monitor your email associated with the forum 2-3 times daily & be prepared to follow any instructions given. If there's anything that's not understood, ask immediately. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users