debian 8 virus

[Azonix]

http://i1221.photobucket.com/albums/dd4 ... _virus.png


A TWO DAY OLD INSTALL OF DEBIAN 8 and i got's me a VIRUS !!!

Who said it couldn't be done....all you ney sayer's out there that reckon your safe as houses behind your ext4fs..........

Ain't computer geekin' fun.......now if only it would run away and do some damage, i would love to see the results........Shame it isn't any harm, it's just a PUA, a "POTENTIALLY" unwanted application, it's actually a pop up installer, and unlocks an additional radio box in the installer, you have to click it to run it, it's dormant otherwise, and the secondary application is not required for the file to install and work, so you leave it unchecked and the key can't be added, so it wont harm a Windows PC either, but at least ClamAV caught it, shows they're using the right method for PUP's and PUA's at least anyway.

***** For those still reading, it came up after installing Virtualbox, i assume as i can't find it on any other PC in my network( 3 SRV, 7 WSN, 4 Laptop), it came down in a package from a repo.

ClamAV scan results showed :
file : /usr/share/mime.cache PUA.WinExploit.CVE_2012_0110

Shame it wont run , i would like to see what it tries to do.....on linux i mean, i KNOW what it does on Windows...it's harmless, just annoying.

[arochester]

https://askubuntu.com/questions/611291/ ... 0110-found

[dasein]

A TWO DAY OLD INSTALL OF DEBIAN 8 and i got's me a VIRUS !!!

No, what you "gots" there is a false positive.

But thanks for self-identifying as a troll in your very first post. http://forums.debian.net/ucp.php?i=zebr ... add=Azonix

[GarryRicketson]

I don't think any body is going to look at you photbucket link, I would advise not too.
Also if you think you have really found a real virus, using clamav, then this is where you should report it, http://www.clamav.net/contact.html Not here.

by Azonix »:Ain't computer geekin' fun.......now if only it would run away and do some damage, i would love to see the results........Shame it isn't any harm,

So,is that what you think of as "fun" going around trying to do damage, to sites, and peoples systems ? You need a good psychiatrist.
It is nothing new, most people are aware that windows viruses can be "carried" on a linux machine.
But for those that want to learn more, this is a good place to start:
https://www.debian.org/doc/manuals/secu ... ls.en.html
This guy does not know much about what he is talking about, that is clear, does not even know how to use the img tags correctly so people can see the image, without follow links to photo bucket,

by Azonix »:Shame it wont run , i would like to see what it tries to do.....on linux i mean

Also quite clear he just wants to cause problems, for others, if Azonix wants to see what it does on linux, why does he/she not try it, on thier own computer, using linux ?

by dasein:
But thanks for self-identifying as a troll in your very first post. ucp.php?i=zebra&mode=foes&add=Azonix

+1

[v&n]

I don't think any body is going to look at you photbucket link

I did. I always do, as long as the linked site is familiar and I don't have speed problems.

Maybe the OP was having problem with attaching the image, as can be assumed from their first post : http://forums.debian.net/viewtopic.php?f=10&t=123145

While your suspicion about the OP may be correct, I really don't see anything so much 'Obviously' wrong with the post, or the 'fun' mentioned. I've seen that kind of sentences (often puns or jokes) used by most loyal and hardcore FOSS users.

[GarryRicketson]

Postby v&n »: Maybe the OP was having problem with attaching the image, as can be assumed from their first post :

Yea, I saw those too,
So any way, guess I could explain ,

Code: Select all

 [img]put the image url here;  [/img] 

is the way to get the image to display.
Like this,

But also it should be pointed out, it is not a "debian 8 virus", nor a "linux" virus,
it is a "windows virus", ..

I found the same "virus" on my "wheezy" when I first installed that, and I removed it,
even though it is not really even a "virus", but a "false positive"

https://askubuntu.com/questions/611291/ ... 0110-found

[thanatos_incarnate]

Who said it couldn't be done....all you ney sayer's out there that reckon your safe as houses behind your ext4fs..

But also it should be pointed out, it is not a "debian 8 virus", nor a "linux" virus,
it is a "windows virus", ..

1. Who are those naysayers who said you couldn't spread a virus on Linux undetected that will harm Windows? That is not true. This is also mostly the only reason why you would use ClamAV: you are probably within a network with other Win users or share a lot of files with them.

2. Windows malware should mostly be a Windows binary, so unless you're using Wine and enable the system to run Windows binaries without your permission (which in Debian is not the case), how could that code do you any harm?

3. Who ever said that ext4, which is a file system, saves you from malware? This makes no sense whatsoever.

[GarryRicketson]

debian 8 virus
Postby Azonix » 2015-06-23 07:25
http://i1221.photobucket.com/albums/dd4 ... _virus.png
A TWO DAY OLD INSTALL OF DEBIAN 8 and i got's me a VIRUS !!!
Who said it couldn't be done....all you ney sayer's out there that reckon your safe as houses behind your ext4fs..........

I did not say this,

Who said it couldn't be done....all you ney sayer's out there that reckon your safe as houses behind your ext4fs..

It is the OP that said it,
I do not like that you post another quote saying:

by thanatos_incarnate » 2015-06-23 10:28
GarryRicketson wrote: Who said it couldn't be done....all you ney sayer's out there that reckon your safe as houses behind your ext4fs..

Please make sure you quote the correct author, I did not say that. I did quote the OP, but never even quoted that line.
Not sure why you are doing that. You cut the text, from the OP's original post, then pasted it into a quote box, saying that I wrote that, Why ?

[thanatos_incarnate]

Sorry Garry, that was a mistake. I misread that.
But my questions still stand and are aimed at OP.

[GarryRicketson]

Ok, well , we all make mistakes sometimes, that is why we have the option to edit our posts.
no big deal.

[Azonix]

Wow, i had no idea that would happen......

All i posted was something i hadn't seen before, for the INTEREST of others, not as a harmful thing in anyway.
Some over-reactions to say the least.

Anyone that read the post, would see i KNOW ITS A WINDOWS file, what i found interesting is that it was found inside the linux one....it might only be a a notification but i had not seen ANY virus result in ANY scanner on a ' nix machine before.
I thought it was INTERESTING.

As to posting the pic, THIS was the ONLY way the board would allow the post AT ALL, after 15-20 attempts to attach the file and being re-directed to a sytem error page with the forum admin's email address on it for notification, i gave up and added the link. That at least allowed me to post. Sorry if i offended anyone by using a public forum in this manner.

[v&n]

what i found interesting is that it was found inside the linux one....it might only be a a notification but i had not seen ANY virus result in ANY scanner on a ' nix machine before.

In case you missed arochester's post (the one immediately after your first one), I recommend you follow the askubuntu link posted in it. It explains a possible (most probable) reason very well.

[thanatos_incarnate]

Wow, i had no idea that would happen......

All i posted was something i hadn't seen before, for the INTEREST of others, not as a harmful thing in anyway.
Some over-reactions to say the least.

Anyone that read the post, would see i KNOW ITS A WINDOWS file, what i found interesting is that it was found inside the linux one....it might only be a a notification but i had not seen ANY virus result in ANY scanner on a ' nix machine before.
I thought it was INTERESTING.

As to posting the pic, THIS was the ONLY way the board would allow the post AT ALL, after 15-20 attempts to attach the file and being re-directed to a sytem error page with the forum admin's email address on it for notification, i gave up and added the link. That at least allowed me to post. Sorry if i offended anyone by using a public forum in this manner.

Well, sorry if it came off too harsh, but you did have a somewhat arrogant tone.

[steve_v]

Mwahahaha, DFN provides my daily amusement again.
I'm feeling that perhaps there's some link between those who capitalise whole words, and those who freak out for no real reason...

It's in the mimetype cache? who cares, just nuke it if it concerns you so much. Of course, since it's a false positive you could always just ignore it.

[somebodyelse]

Maybe you're RIGHT.

[Azonix]

Well, sorry if it came off too harsh, but you did have a somewhat arrogant tone.

Accepted, and apologies, perhap's the title of the post was somewhat bad too,

In my defence though, this ISN'T the original post as typed, the ORIGINAL had all the links and a different title, but as the board wasn't allowing me to post, i was cutting and pasting to try to get it through. I posted the incorrect text document.

The title was " debian 8 virus.....REALLY ?? " , not much better i admit, but would have stopped a few negatives i think....

The other lines in the post, especially about the ext4fs were all linked to a collection of news articles about this and other things, but i lost the bloody link. I was doing all the post on my tails laptop, its running from SD card with no persistance, so i can't get the original typed post back. Unfortunately. The links were hilarious.

[michaelg81]

I have the identical virus identified on a new installation of debian. Been getting set up and just ran the first full file system scan of ClamTK. Will it damage anything to delete mime.cache?

[Starborn]

I don't know much about viruses ("viri"?), since in all these 25+ years I only got one, and I remember it just ruined a dozen or so text files, mp3 files and whatnot.

But back in 1997/1998, when we ran UNIX (AIX 4.3) at work, we once got an e-mail with some (kind of) Windows virus in it. Nothing happened, of course, but it was fun - "Hey look, we have a computer virus!"

Once, for about year or so, I had an antivirus program ("Panda"), back in Windows ME. I have two other computers, running Windows (that being good ole Vista), and I am 99.9 % certain (hey, it is Windows) that they are clean.