I got this in windows xp, how come it is working in Linux? How do I get rid of this virus?

Thanks
Jim the infected.:confused:

Huh?
Linux doesnt get malware, unless you are having a hardware issue of some type...
what are you experiencing issues with?

Could you please explain a bit more? Your post does not give any details about what malware it is, or what problem it is causing.

It takes over my computer and demands that I let it look for spyware and adware opens windows and is hard to close.

It takes over my computer and demands that I let it look for spyware and adware opens windows and is hard to close.

Do you mean like a popup? Or do you have a Linux antivirus program installed? Seriously, Linux doesn't have any malware in the wild. Are you running as root, or did you give sudo access to weird files or programs recently?

What are the exact errors and programs running? And what do you think the name of this malware is when you look through the running processes in System Manager?

Does this spyware pop up while you are booted into windows?

Yes it does. I ran symantic and it went away

thanks jim

Are you running Ubuntu in a windows virtual machine or wubi?

It sounds like you installed ubuntu under Windows. If this is the case, it's windows giving you the malware bs.

If not, then you probably don't have your popup blocker in firefox turned on and you are just getting web popups.

You DON'T have any malware installed under Linux. It's just not happening...

I agree. I would go out on a limb and say you have Ubuntu installed in wubi. Since that's like a virtual machine, the popups are from Windows. that's why a Windows antivirus program fixed the problem.

Sorry if this is too stale a thread to reply to, but my folks' machine has a problem something like what was described above, running the Gutsy I installed from CD (not in Wubi).

A bogus "spyware" or "malware" warning box (or both, stacked) will appear, sometimes mentioning "Vista,"even without any other app (like Firefox) running. Close 'em and they come back. On this same installation, I had months ago occasionally found a porn-site popup of some sort and wondered how it got there (knowing all the main users, though there are a lot of guests). I wonder why the gap of inactivity, if the two kinds of popups are related.

Anyway, I had them switch to a different user account until I could see about doing away with the problem for good--like by a fresh Hardy install.

Still, something funny is going on--if I assume the machine is infected, how would I detect it? Clam?

Do you have these popups in Ubuntu?

this is a scam. the people that are wreaking havok on your machine are trying to sell you the cure at the same time. This happened to me with windows when I first got my computer and went to a shady site. So what I did was buy the cure, then called the company and demanded my money back. They paid back with no problem

JoshuaRL, yes, I get them in Ubuntu (7.10). There's no Windows software running, & no virtual machine is even installed. I can't remember whether Wine is installed, but no app is running that would implicate it.

(That's an interesting thought: Can malware in any way take advantage of a Wine-installed Windows api/etc. that it would normally take advantage of in a native Windows environment? I'm not predicting that that's what's happening here, necessarily, though.)

Adamogardner, yeah, it's mean to sucker in folks who might be aware enough to worry about malware but aren't proficient enough to be sure what's bogus and what's real. Grr. I'm sure not gonna let any $ out of my control, though. :)

call the company whos ad is popping up on your computer and ask them to stop trying so hard, esp. if it's a company for removing malware. If they can give me a refund I'm sure the can remove they're ad without payment. Oh and these people are a-holes so lean into em if they resist.

I don't really get what the problem is.

You have some pop-ups, right?
They appear in Windows?
They appear in Ubuntu?

Can you make screen shots of them and attach them here?

Yes, I do have popups; they occur in Ubuntu, but I can't tell you whether they occur in Windows, because I am not running Windows at all.

The popups appear to be targeted at Windows (Vista in particular), and they seem to presume that I'm running Windows, but apparently the malware author found a way to script popups that's independent of the OS and/or doesn't care whether folks running Linux get the popups.

I'm not where I can provide a screenshot just now, but the popups might be about 320x200 or so, and they're styled more as colorful antivirus, antispyware, etc. advertisements than as OS-themed warning boxes.

Oh, and good grief: I forgot one important thing: Two icons with similar themes (colorful icon, w/label like "Vista Antivirus") have been placed on the Ubuntu desktop, as if some piece of software had been installed.

I think the user is wise enough not to click anything dangerous most of the time, but it's possible he got duped by one. I just don't have enough understanding to know how "far" a Windows installer can "get" in a Linux user's account. Surely the malware wasn't targeted at Linux, 'cause why would anyone write something for it advertising Windows anti-malware apps? So like I said above, maybe it was a Python or Perl or other thing, that would have enough OS independence to still work.

I tend to think those are just flash popups.... install the noscript addon in FF.

Agree with hyper_ch, on rare occassions I've had pop-ups similar to what you describe claiming windows system files or whatever are infected by some nasties (impossible when using linux). They're just graphics trying to dupe unsuspecting (windows) people into buying some type of antivirus/malware program by simulating that their computer is under attack.

Got screenshots? I've only seen anything remotely similar to that when running a browser whose popup blocker fails. Those idiots are too dumb/lazy to open Visual Studio and make a mock GUI that remotely resembles anything real... But one time when I was installing Sabayon, during the Live CD i got a popup message over and over again about some IP address trying to control my system. It was not a popup because it was using the all the native Qt widgets and fonts and Konqueror wasn't running. Of course, I clicked "Deny" each time but that was really weird.

root kit?

what the...


im extreamly interested in finding out what is happening and where this problem is originating


could anyone please provide a screenshot?

I am guessing its one of those fake malware scanners that runs on java script and pops up a windows showing your c: drive being scanned.

I have had them pop up on Linux if your not using no script and watched it "scan" my C: drive listing all kinds of Windows files I had infected on my computer.

Then it asks you to buy their product to clean it up.

I'm afraid I mooted the issue: clean Hardy installation.

I'd like to have gotten to the bottom of it too, esp. if it rears its ugly head again due to something the user does that neither he nor I realize opens up a vulnerability.

But I didn't know about the noscript addon for Firefox, so thank you for mentioning it! Thanks for your help thinking about the problem, too; forewarned is forearmed (wait, I've always had forearms . . .).

I had something like what you are talking about. I think the following is its web address: antivirus2008scanner.com