Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How to know if i've got a virus?

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

How to know if i've got a virus?

#1 Post by bester69 »

I know there arent almost any virus for linux, but I was wondering several questions:

1- How can i know if a .deb file brings inside some kind of virus?,
2- Linux virus, does they need to infect kernel, to be consider a virus?
3- How can figure it out if i've been infected?, Do i have to query for a extrange user, process or activity behavior?
4- Can upgrades kill or get away with the virus eventually?
5- Is there any antivirus technology available that detects virus in linux system?
--
Do anyone know something :?: :?: :?
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: How to know if i've got a virus?

#2 Post by Bulkley »

6. Does FrankenDebian have risks?

rkhunter, chkrootkit, clamav, xbill.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: How to know if i've got a virus?

#3 Post by GarryRicketson »

Hmm, actually this is a pretty good question, and even though it is rare that one encounters "viruses" that affect linux, they do exist and also there is all ways the possibility of "malicious code" being embedded in files down loaded from almost any where.
Taking it one question at a time:
1- How can i know if a .deb file brings inside some kind of virus?
One thing, I use is this:
https://www.virustotal.com/
You can scan the file either before, or after you down load it.
Not trying to be a "smart alec" but :
How can i know if a .deb file brings inside some kind of virus?
Rather then posting all the links that go into this, it is easier to just post the "lmspthy" link, there are many interesting results. I have to run now.
================= edited================
Something to keep in mind, especially if you are running a "Dual Boot" or multi boot situation and Windows is part of it.
Linux, in general might not, or is not effected by "windows" virus, however a linux system can "carry" them, and they can easily spread from the linux partition to your windows partition, thus infecting the windows partition. This is also a important factor when connected to a network that is shared with windows users/systems.
====================================================
It is worth taking the time to become familiar with these: http://www.tecmint.com/10-most-dangerou ... -on-linux/
They are not "viruses" per say, but if you download any scripts, or programs, or copy paste some script , it is important to look at the source code, and if there are any lines that even look suspicious, better to get some advice before running the script.
Some scripts do require "root" privileges to perform the tasks they are intended to
perform, it is important that you understand what they actually will do, before allowing them to run .
The commands listed in the above link, would not be detected as "viruses", and can easily be placed some where in a install script, where root or sudo privileges are needed, the unwitting victim, downloads and runs the script, or copies/pastes it into the terminal, and next thing they know they have lost a bunch of essential files, or sometime later their system "freezes", or who knows what else,
Last edited by GarryRicketson on 2016-05-04 16:38, edited 2 times in total.

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: How to know if i've got a virus?

#4 Post by dasein »

Bulkley wrote:6. Does FrankenDebian have risks?
Not to mention "is WINE malware-compatible?" (since a substantial number of the OP's favorite "Linux" apps are actually Windows apps) Or perhaps the OP is about to learn that his opinion regarding Linux's invulnerability is, y'know, WRONG.
Image
Schadenfreude moment

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How to know if i've got a virus?

#5 Post by bester69 »

dasein wrote:
Bulkley wrote:6. Does FrankenDebian have risks?
Not to mention "is WINE malware-compatible?" (since half the OP's favorite "Linux" apps are Windows running in WINE) Or perhaps the OP is about to learn that his opinion regarding Linux's invulnerability is, y'know, WRONG.
Image
Schadenfreude moment
well, i dont care about wine viruses as they are sandboxing, and cant infect my system, let's say i dont care that all my wine windows viruses go out for a walk as long as i can do my job, once finished i exec a killexe script so all of them come back to jails. :lol: unless i hope so :mrgreen:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How to know if i've got a virus?

#6 Post by bester69 »

Bulkley wrote:6. Does FrankenDebian have risks?

rkhunter, chkrootkit, clamav, xbill.

rkhunter,chkrootkit <<.. Interesting, This is what i was looking for.. :) , i wasnt sure if it was some technology for linux


fukk, ive passed chkrootkit and ive got a virus, whats this?? :shock: :shock:
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... Warning: /sbin/init INFECTED
...
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: How to know if i've got a virus?

#7 Post by GarryRicketson »

bester69 wrote:
dasein wrote:
Bulkley wrote:6. Does FrankenDebian have risks?
Not to mention "is WINE malware-compatible?" (since half the OP's favorite "Linux" apps are Windows running in WINE) Or perhaps the OP is about to learn that his opinion regarding Linux's invulnerability is, y'know, WRONG.

Schadenfreude moment
well, i dont care about wine viruses as they are sandboxing, and cant infect my system, let's say i dont care that all my wine windows viruses go out for a walk as long as i can do my job, once finished i exec a killexe script so all of them come back to jails. :lol: unless i hope so :mrgreen:
"Can't infect my system"
I wouldn't be so sure, in a closed source program, I could, (not that I would, but there are people that would) , hide something that is very capable of escaping a "sandbox'
Something to think about: The people at Microsoft, are not NICE people, there are some that would go to the extremes of embedding malicious code, intended to cause problems on a linux system, Why ? Linux is a genuine threat to their profits.
ive passed chkrootkit and ive got a virus, whats this?? :shock: :shock:
Because of your arrogance, and blatant disregard for the advice people try to give you,
Have fun with your "toy", it will be a good learning experience for you to figure out how to clean up the mess.
Hope fully this may help you:
How to get rid of a "root kit" on linux
--------------------
1 of many: http://www.techrepublic.com/blog/five-a ... -rootkits/
A long time ago,when you arrogantly insisted no viruses can get into a linux system, I did try to tell you about "root kits", I learned the hard way , as well,(actually because I am a slow learner , it happened twice) they are real.
Also I remember not to long ago in a post you made promoting some software,
http://forums.debian.net/viewtopic.php? ... 90#p613030
I checked the site, and it was infected. But you choose to ignore, or make fun of advice, intended to try to help you and others as well. "root kits" are not easy to get rid of.
Honestly, it is easiest to just wipe the HD and do a fresh install. Even the "back ups" that you may have made could be infected.
Last edited by GarryRicketson on 2016-05-05 01:15, edited 2 times in total.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How to know if i've got a virus?

#8 Post by bester69 »

GarryRicketson wrote: Because of your arrogance, and blatant disregard for the advice people try to give you,
Have fun with your "toy", it will be a good learning experience for you to figure out how to clean up the mess.
:mrgreen: :mrgreen:
Image
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: How to know if i've got a virus?

#9 Post by stevepusser »

Sigh...just Google that "detection" message, and you'll find that it's most likely a false positive.

You're more likely to get bit by a Trojan than a real virus in Linux, anyway.
MX Linux packager and developer

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How to know if i've got a virus?

#10 Post by bester69 »

stevepusser wrote:Sigh...just Google that "detection" message, and you'll find that it's most likely a false positive.

You're more likely to get bit by a Trojan than a real virus in Linux, anyway.
i saw it's a false positive, weall know none has ever get infected in linux :lol:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: How to know if i've got a virus?

#11 Post by GarryRicketson »

stevepusser wrote:Sigh...just Google that "detection" message, and you'll find that it's most likely a false positive.

You're more likely to get bit by a Trojan than a real virus in Linux, anyway.
I was going to mention that, to check first, to make sure it is not a "false positive",
but I got interrupted,..
Any way, back to :
If it was or is a real root kit, and I mentioned I was hit twice with one,..
myself: Honestly, it is easiest to just wipe the HD and do a fresh install. Even the "back ups" that you may have made could be infected.
That is what happened, when I tried putting some of what I had backed up back in, I got infected again.
So now the OP is back to same arrogance:
i saw it's a false positive, we all know none has ever get infected in linux
That simply is not true but any way, this has become pointless , just like all the other topics the OP starts, and
NOT, worth the time wasted.

=================================================
Last edited by GarryRicketson on 2016-05-04 18:51, edited 2 times in total.

User avatar
HuangLao
Posts: 485
Joined: 2015-01-27 01:31
Been thanked: 1 time

Re: How to know if i've got a virus?

#12 Post by HuangLao »

as steve noted it is probably a false positive if it was found with chkrootkit. Run rkhunter in cli and see if it finds suckit. If not then it is a false positive. chkrootkit is primarily for servers so DE's and such can throw up false flags. pun not really intended.

Its also a reminder of the risk with installing scripts and programs from outside the repos. unless it is from a trusted 3rd party source like MX repos aka steve. Even then, most people would be advised to stay within the repos.


PS: Garry posted the same at same time :wink:

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: How to know if i've got a virus?

#13 Post by GarryRicketson »

For the benefit of others, that might seriously want to know , these are some viruses known to linux,
http://www.unixmen.com/meet-linux-viruses/
Most are not very serious, but they do exist.
http://www.neowin.net/news/a-history-of ... s-on-linux

fred barclay
Posts: 124
Joined: 2015-01-24 03:10

Re: How to know if i've got a virus?

#14 Post by fred barclay »

Thank you Gary. :)
It's good to see, that a single web page can summarise all the Linux viruses that are known. :)

Could you elaborate more on that rootkit you had, Gary?
Back when I started with Linux, I had chkrootkit, rkhunter, clamav, AVG for Linux, signed my system with tripwire and checked it multiple times daily... I was a nervous wreck! :lol: Of course I immediately found "threats" (usually with chkrootkit) and reinstalled, only to find the same threats on a clean system and worry that some attacker had hacked my network and was serving me malicious Linux Mint .iso's! It took me a few days and countless reinstalls to realise that false positives are nasty. :)

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: How to know if i've got a virus?

#15 Post by Head_on_a_Stick »

fred barclay wrote:worry that some attacker had hacked my network and was serving me malicious Linux Mint .iso's!
Ah, the delicious irony...
:mrgreen:
deadbang

fred barclay
Posts: 124
Joined: 2015-01-24 03:10

Re: How to know if i've got a virus?

#16 Post by fred barclay »

Head_on_a_Stick wrote: Ah, the delicious irony...
:mrgreen:
Well, yeah, but this was before then, back when linux .iso's were invincible!
Wait, what am I saying??? :mrgreen:

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: How to know if i've got a virus?

#17 Post by GarryRicketson »

Your welcome,
fred barclay »Could you elaborate more on that rootkit you had, Gary?
It was a really long time ago, there are a lot of details I do not remember,
I think some people may think I made that up, but I didn't,..how ever , unlike you,
Back when I started with Linux, I had chkrootkit, rkhunter, clamav, AVG for Linux, signed my system with tripwire and checked it multiple times daily... I was a nervous wreck!
When I first started with linux, I asked about that on another forum, for another distro, and because several people mis informed me, saying, "Oh no, you don't need to worry, there are no viruses that can get in Linux",..or things to that extent,...I took their word for it, and was not doing anything or using anything to check my system.
Then I got some e-mail, from some friends, advising me they had received spam from my e-mail address, they knew me, and knew I am not a e-mail spammer.
So the first thing I did was change my e-mail password, but then the same thing started again, shortly after, ..
So also started using a different e-mail service, at the same time I did that, I was looking at my system and noticed weird files, in my:
/usr/bin directory and the /usr/sbin .
I also was finding files that I had not created, in other directories, so that is when I decided it would be a good idea to make a backup, and re-install the OS, at that time it was "Xubuntu", with a fresh install, and also a new e-mail service , thing seemed fine for some time, but shortly after I started putting back some of the data I had backed up,
, well no problem with the e-mail, however another site/ forum, that I am a member, when I tried to connect, and log in, I was blocked, and it said the reason was my computer was infected, . So another fresh install, this time I did not even bother with a back up, I just started over.
I never did actually isolate the "root kit", nor did it occur to me that that was probably what had happened, some others advised me, when I learned a little more, later when reading the article in this link: (posted before)
http://www.techrepublic.com/blog/five-a ... -rootkits/
When I read that, it occurred to me, probably that is what I had, there were also other things going on, like in my logs, they showed connections being made , to unknown sites, and when I was on line, getting re-directed to sites. It was a mess and had me baffled.
After I knew better, I started using , several methods to check my system, and continue to do so regular, they include methods all ready mentioned above,
Bulkley wrote:6. Does FrankenDebian have risks?

rkhunter, chkrootkit, clamav, xbill.
in previous posts,..
and the same, when I first started using , them... the false/positives, are annoying,
but actually , these days, for over a year now, I do not even get any "false positives".
Well maybe some are, I just remove the junk when ever it shows up,
Of course I immediately found "threats"
In addition , to what Bulkley mentions, I use "Bleach bit" a lot, especially to clean the
browser caches, and that is where the "garbage" usually shows up first,
I do agree , with linux, there is not much to worry about, but I do often find
"windows viruses" in the caches, and not all of them are "false positives",
this occurs most often , when I check links, that were in "spamposts", to see if
they are spammer or not, quite often after looking at those sites, I find some
garbage in my cache. I have to go now.
==========edited=======
So any way, I never really found out for sure if it really was a "root kit", but I am pretty sure that is what it was. Keeping a closer eye on my system, and using some really simple tools, keeping it clean, maintained , etc. seems to prevent the same thing from occurring again.
Last edited by GarryRicketson on 2016-05-04 22:28, edited 1 time in total.

fred barclay
Posts: 124
Joined: 2015-01-24 03:10

Re: How to know if i've got a virus?

#18 Post by fred barclay »

GarryRicketson wrote: In addition , to what Bulkley mentions, I use "Bleach bit" a lot, especially to clean the
browser caches, and that is where the "garbage" usually shows up first,
I do agree , with linux, there is not much to worry about, but I do often find
"windows viruses" in the caches, and not all of them are "false positives",
this occurs most often , when I check links, that were in "spamposts", to see if
they are spammer or not, quite often after looking at those sites, I find some
garbage in my cache. I have to go now.
I've torn my system up a few times with BleachBit--I stay as far away as possible from it now!

Finding Windows malware in my system wouldn't concern me as I don't use Wine and don't have any Windows computers (besides a few VMs that I do run antivirus on). I'd remove them out of courtesy if I find 'em, but I don't worry about 'em otherwise.

Personally speaking, Linux viruses don't worry me greatly, as they're few and far between. I've personally never heard of someone getting a true Linux virus, though they obviously do exist. I only install software from known good sources (the official repos and a few other sources) and it would be difficult for one to infect my system.

Besides, it's been pointed out that antivirus is an emerging target for hackers since it's usually inadequately guarded and runs with relatively high permissions. Being hacked through my antivirus... now that would be ironic! Assuming the antivirus would even be able to find a Linux virus... every one I tried (in my antivirus-on-Linux days) scanned only for Windows viruses. A waste of precious system resources and disk space, IMHO.

What does worry me are rootkits and other malware, browser hijacking, and dedicated attackers. I use rkhunter for the rootkits, sandbox my browsers via firejail, and tripwire/fail2ban will (hopefully) make it more difficult to hack me and alert me immediately if I am. My bad habit is that I rarely backup (I know, I know!). I'd use clonezilla but I don't have the space on my external hard drive, and I absolutely refuse to rsync or otherwise backup to a remote "cloud" server, encryption or no encryption! :lol:

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: How to know if i've got a virus?

#19 Post by GarryRicketson »

My bad habit is that I rarely backup (I know, I know!).
I have mixed feelings on the "back ups", the thing of it is, if there is something
in your system that is going to cause problems,but has not yet started causing
any problems, and you make a 100% mirror, as a back up.
Then later when something goes wrong, and you can't fix it. "Oh , no big deal,
I have my "back up", well that is good, but it is quite possible the back up, has the
same things in it , that caused the problem ,
How ever, I do make copies of all the data that is important to me.
I've torn my system up a few times with BleachBit--I stay as far away as possible from it now!
I have seen some others say the same thing, so far I have never had a problem with it.
Mostly I just use it to clean the browser caches,
Linux viruses don't worry me greatly, as they're few and far between.
It also appears most of the known ones are not really all that dangerous either, I don't worry about it that much either, one thing is, with most of that is is so easy to spot them or detect them, it is pretty much almost like the only way one would get infected with one is if they allow it to, or download and install it their self,...
I've personally never heard of someone getting a true Linux virus
I think one reason we never hear of it, many or even most system administrators
might not want to admit it, or tell anyone, because it would be some what embarrassing, to admit that due to poor administration, they allowed a virus to get in.
If that makes sense ? It does to me.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: How to know if i've got a virus?

#20 Post by Head_on_a_Stick »

fred barclay wrote:I absolutely refuse to rsync or otherwise backup to a remote "cloud" server, encryption or no encryption! :lol:
Have you seen TarSnap?
https://www.tarsnap.com/
deadbang

Post Reply