Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • Please log in to reply
11 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:10 AM

Posted 21 February 2015 - 06:35 PM

Hey guys, I tried to fix this issue on my own but have had no luck.  Mostly I cannot log into my email, and I keep getting these Error's and Warnings that Flash is out of date, I will post the screenshots.  I can use email in XP but KDE is all messed up.  I also tried FireFox with no luck.

 

Don't now what I did except for running Testdisk and dowloading some mp3 files from Amazon.  I ran ClamTk but don't know if this is the best for removing virus's.  I will post the Threats but I was only able to Quarantine the first two.  I understand they are only PUA's but something is messing me up bad.

  Found 14 possible threats (420264 files scanned).

 
/home/chris/.cache/google-chrome/Default/Cache/f_001576                                                                                    PUA.JS.Xored                           
/home/chris/.cache/google-chrome/Default/Cache/f_001567                                                                                    PUA.Script.Packed-1                    
/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js                                                             PUA.Script.Packed-1                    
/usr/lib/linuxmint/mintWifi/drivers/i386/Dell_bcmwl5/bcmwl5.sys                                                                            PUA.Win32.Packer.PrivateExeProte-7     
/usr/lib/linuxmint/mintWifi/drivers/i386/WUSB54Gv4/rt2500usb.sys                                                                           PUA.Win32.Packer.NspackDotnetNor-1     
/usr/lib/linuxmint/mintWifi/drivers/i386/Broadcom4318_Dell1390/bcmwl5.sys                                                                  PUA.Win32.Packer.PrivateExeProte-7     
/home/timeshift/snapshots/.sync/localhost/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js                    PUA.Script.Packed-1                    
/home/timeshift/snapshots/.sync/localhost/usr/lib/linuxmint/mintWifi/drivers/i386/WUSB54Gv4/rt2500usb.sys                                  PUA.Win32.Packer.NspackDotnetNor-1     
/home/timeshift/snapshots/.sync/localhost/usr/lib/linuxmint/mintWifi/drivers/i386/Broadcom4318_Dell1390/bcmwl5.sys                         PUA.Win32.Packer.PrivateExeProte-7     
/home/timeshift/snapshots/.sync/localhost/usr/lib/linuxmint/mintWifi/drivers/i386/Dell_bcmwl5/bcmwl5.sys                                   PUA.Win32.Packer.PrivateExeProte-7     
/home/timeshift/snapshots/2015-02-16_19-38-50/localhost/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js      PUA.Script.Packed-1                    
/home/timeshift/snapshots/2015-02-16_19-38-50/localhost/usr/lib/linuxmint/mintWifi/drivers/i386/WUSB54Gv4/rt2500usb.sys                    PUA.Win32.Packer.NspackDotnetNor-1     
/home/timeshift/snapshots/2015-02-16_19-38-50/localhost/usr/lib/linuxmint/mintWifi/drivers/i386/Broadcom4318_Dell1390/bcmwl5.sys           PUA.Win32.Packer.PrivateExeProte-7     
/home/timeshift/snapshots/2015-02-16_19-38-50/localhost/usr/lib/linuxmint/mintWifi/drivers/i386/Dell_bcmwl5/bcmwl5.sys                     PUA.Win32.Packer.PrivateExeProte-7     

 

I guess I could just revert to Timeshift backup, but, would also like to try and fix this.  I tried to install Apparmor via S.Manager but don't know how to access it, it's not like in Mate.  O, I forgot to go to their site for directions.

1zx8twn.png

2m6ploy.png

257qb02.png

154amhd.png

29pvker.png

 

 


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


m

#2 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:10 AM

Posted 21 February 2015 - 06:49 PM

Not getting any Updates today either, which is not normal IMO.  I get them every day and sometimes twice a day.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:10 AM

Posted 21 February 2015 - 06:58 PM

This is what happened when I tried to Refresh the Update Manager.

21lnx36.png


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 AM

Posted 21 February 2015 - 08:07 PM

Do you have BleachBit installed? If not, install it. If you need help deciding what to allow to clean, just ask and I will give you my settings.

 

Try resetting Google Chrome.

 

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 February 2015 - 09:21 PM

/home/chris/.cache/google-chrome/Default/Cache/f_001576:
- Not sure what this is, I don't have Google Chrome.

/home/chris/.cache/google-chrome/Default/Cache/f_001567
- Not sure what this is, I don't have Google Chrome.

/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js:
- This file is installed when Ruby is installed. It should be safe.
- SHA-512 (from my Linux Mint 17.1 - Cinnamon): 65b9d6515905737f7b082b79cb1186635d21fadc9dc1c1429b1e54a09ace1a8f3f27eec02692af540bbdf74e016528f9d48f7c471f20b9ecbf45afd556d479e5

/usr/lib/linuxmint/mintWifi/drivers/i386/Dell_bcmwl5/bcmwl5.sys:
- This is a pre-installed wifi driver. It should be safe.
- SHA-512 (from my Linux Mint 17.1 - Cinnamon): e3160bdf44477461a3c6a1a6181a3739049df5bab4b946a5e1c68e66574cb305b645e3f3385d6eb10df3aa2916dc655ec881bc412a023bbd1b9e6285662836a0

/usr/lib/linuxmint/mintWifi/drivers/i386/WUSB54Gv4/rt2500usb.sys:
- This is a pre-installed wifi driver. It should be safe.
- SHA-512 (from my Linux Mint 17.1 - Cinnamon): c07eefa3e7155c4140dbd87d0508b60287aaa7056673892e26b7916328ca567e71e099004c2bfdf1ec261ea52128ea5f478cbc569fa640e2837056179b408b5d

/usr/lib/linuxmint/mintWifi/drivers/i386/Broadcom4318_Dell1390/bcmwl5.sys:
- This is a pre-installed wifi driver. It should be safe.
- SHA-512 (from my Linux Mint 17.1 - Cinnamon): 2ca85d10a44a9d8a605267e7cf30ca3c47f3b49ee835b11fb6e6ba54d2f0e6e467d46c5644f359522e4999d92e28479e8cfb249bc3a1569b37cd206f06f0ac9b

I've never used TimeShift, but to me it looks like the other files are just the same ones again, except stored in a TimeShift backup, so they should also be safe.

I was only able to Quarantine the first two.


The first 2 entries are under /home/chris (your user folder), but the rest aren't. Since you are running ClamTK under your user account it doesn't have permission to delete files from the other folders. However as stated above the other files should be safe.

 

#6 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida

Posted 21 February 2015 - 11:01 PM

buddy215

I believe that "Reset Settings" would also "Clear Browsing Data", but, I cleared browsing data first as I remember having to do this for another browser issue.  Either way it worked in Chrome.  I also searched the Google Error and there were many varying opinions.  

 

I researched and installed Bleachbit and it looks very good and yes I would love to know your settings.  This is a new install so I will take it slow, let's not be too aggressive.  

 

I was really freaked out at first as the errors seemed to be saying someone was trying to get my info or something lol, whew!

 

I think this had to do with the Public Library I was using, it don't like https sites, and some of the search info was speaking of this, along with some of the errors.  Wonder if it had anything to do with how I shutdown, I'll pay closer attention to this next time.

 

Thanks!


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:10 AM

Posted 21 February 2015 - 11:11 PM

hollowface

Thanks! what do I do with the quarantined files, un-quarantine them?

 

And, if I needed too, how would I quarantine those files, run clamav from the terminal? and what would be the command for that?

 

Still an't got no Updates yet, hope they come tomorrow.


Edited by pcpunk, 21 February 2015 - 11:12 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:10 AM

Posted 22 February 2015 - 05:59 AM

Are you still seeing the Flash Player Pro ad? It should be gone when you reset Chrome.

 

I would not bother using Clam AV. Unless you recklessly download a program from an untrusted source and give it permission to install, you

have nothing to worry about. Just uninstall Clam which will delete the two cache files it quarantined.

 

You should install Adblock Plus in your Firefox and Chrome browsers. Block Third Party cookies from installing in both. Install NoScript in Firefox

and one of the script blockers offered in Chrome. I don't use Chrome and it won't allow NoScript to be used. I suspect Google doesn't like it because

it interferes with their ad placing and tracking. Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

Always use the Firefox and Chrome official download sites for add-ons and check what other users have to say about the add-ons...reviews.

Once you have Adblock Plus installed, click on it's icon and choose filter preferences. Uncheck the box at the bottom that allows too many ads if not unchecked.

 

I'll send you recommendations for BleachBit.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 AM

Posted 22 February 2015 - 06:49 AM

Below are screenshots of my settings for BleachBit in the system I'm on now. You will see other programs, etc on your system. When you

click on an item in BleachBit it will give you a brief description of that item.

 

Non Admin One

Screenshot_1.png?t=1424519012

 

Non Admin Two

Screenshot-1.png?t=1424519166

 

As Admin...Root

As%20Administrator.png?t=1424518548


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 22 February 2015 - 05:21 PM


what do I do with the quarantined files, un-quarantine them?

 

The 2 files you quarantined were the ones in "/home/chris/.cache/google-chrome/Default/Cache/", correct? I don't have Google Chrome so I'm not sure what those files are, given they are PUA they may be safe, but I would NOT advise unquarantining them unless someone can shed more light on what they are.

 


if I needed too, how would I quarantine those files

 

I assume you are refering to the ones you couldn't quarantine? You could run Clam as root, which would give it the necessary permissions to quarantine those files, but I would NOT advise going that route as it would give Clam the power to quarantine anything, including important system files, which could cripple the system. It would be safer to delete the files manually using "sudo rm /location/of/the/file/example.file". (Replace "/location/of/the/file/example.file" with the file path.) Bear in mind that rm doesn't quarantine files, it deletes them forever (they will not appear in your trash can, they are gone). Alternatively you could put the files into individual TAR archives, then delete the original files. This would prevent the files from being used (unless they are un-archived first), but make it possible to restore the files if you needed to. You would need to tell TAR to preserve the file permissions to avoid issues when restoring. However the files in question should be safe, so I would not recommend that you delete (or TAR archive) them.



#11 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:10 AM

Posted 23 February 2015 - 08:31 PM

Okay guys thanks, I already had add-block plus.  I will leave the rest alone and take a good look at Bleacherbit.  Me thinks this is a clitch with the library I was at, their system doesn't even let you log on via https.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#12 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee

Posted 23 February 2015 - 08:58 PM

You should ask the library why they do that if that is the case. I can't think of a reason for doing that...except they want to prevent its Wifi users from doing things like

banking because of the risk....but that is just a guess.

 

BleachBit and CCleaner are similar programs. I've used it for years. Safe to use BB on Linux and Windows.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users