Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

info is needed on scan results


  • Please log in to reply
5 replies to this topic

#1 ineuw

ineuw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:58 AM

Posted 25 July 2015 - 01:55 PM

A new installation of Linux Xubuntu 14.04 is the only OS on my laptop and I scanned everything for viruses using ClamAV. The following viruses were reported and I am not sure if they are really viruses or false positives.

 

/usr/share/mime/mime.cache: PUA.Win.Exploit.CVE_2012_0110 FOUND
/usr/lib/shim/shim.efi.signed: PUA.Win32.Packer.PrivateExeProte-7 FOUND
/usr/lib/shim/shim.efi: PUA.Win32.Packer.PrivateExeProte-7 FOUND
/usr/lib/shim/MokManager.efi.signed: PUA.Win32.Packer.PrivateExeProte-7 FOUND
/boot/efi/EFI/ubuntu/shimx64.efi: PUA.Win32.Packer.PrivateExeProte-7 FOUND
/boot/efi/EFI/ubuntu/MokManager.efi: PUA.Win32.Packer.PrivateExeProte-7 FOUND

 

My thanks for any help

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:58 PM

Posted 25 July 2015 - 02:04 PM

The first entry appears to be a file that an exploit kit drops on your system to check if it can exploit your system to put malware on it. Since the overwhelming majority of exploit kits only contains Windows exploits, it will fail when querying a Linux system.

The other five are archives (packed files). Antivirus solutions do not like scanning in archives very much, so malware authors liked to pack their "products" in order to escape AV detection.

If you can verify that the last five files are legit, I'd say they are false positives. I do not use Linux unfortunately, so I cannot speak with certainty whether they are legit or not.

#3 ineuw

ineuw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:58 AM

Posted 25 July 2015 - 03:57 PM

Thanks for your help, everything makes sense and I will try to verify the files.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:58 AM

Posted 25 July 2015 - 04:19 PM

To expand on what Alex said...it is not unusual for an anti-virus or anti-malware scanner to have problems with or be suspicious of compressed, archived, .cab, .rar, .jar, .iso, and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files or just ignore (skip) them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ineuw

ineuw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:58 AM

Posted 25 July 2015 - 05:13 PM

Thanks again for the comments.

 

My desktop computer is a dual boot Win 7 and Xubuntu 14.04. I do a complete scan with Microsoft Security and regular scans with Malwarebytes. Both report no problems, but now I will initiate a complete scan from Linux as well.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:58 AM

Posted 25 July 2015 - 05:14 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users