Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: browser virus like symptoms seamonkey

  1. #11
    Join Date
    Sep 2009
    Beans
    8,874
    Distro
    Ubuntu Development Release

    Re: browser virus like symptoms seamonkey

    Quote Originally Posted by yyyyyyyyyyz View Post
    Thanks for the good answer willy nilly.
    So it's name is FF? (or something bigger?)
    I despise firefox and it thinks it's cache is cleaned/ this is why I refrain from using it.

    Re the 2 attacks, bought this laptop august 2011 and was in process of downloading patches to the linuxcentral ubuntu disk I was using, so yes concerned with above.
    I did chkrootkit, rkhunter and unhide, they dont find anything
    The one in the above was called phalanx or something like this.
    However, couldnt a rootkit change its name to avoid detection in all the time gone by?
    Very sucky to be experiencing this in linux after all the learning to use the system and be safe.

    Have a good holiday
    I will answer just to say I really have no idea. I install so often and use a variety of OS's and keep all my stuff on externals. So if I felt I was compromised I would just wipe it and reinstall. I also clone all my setups generally and backup the homes.

    I'm so used to installing I just weigh the time to fix against a reinstall, and which ever is faster I do. I rarely have had to reinstall due to any problems though. Although I'm running the Ubuntu development and did a upgrade that included blocked stuff for a partial upgrade, and lost the gnome-shell desktop. The clone took about ten minutes to load, and another five minutes to get the home caught up.

    FF is a acronym for Firefox.

    So we were posting simultaneously, lol was it as good for you as me. It looks like you have fixed it.
    Last edited by wilee-nilee; May 28th, 2012 at 09:37 AM.





  2. #12
    Join Date
    Sep 2011
    Beans
    1,531

    Re: This is a false positive, right?

    Quote Originally Posted by yyyyyyyyyyz View Post
    It is foolish to figure "no one is targeting linux, hence we need nothing". I do believe that to be wrong now. Especially with the upped linux popularity.
    It's not that we don't need anything. It's that the tools available today will not protect us from a theoretical attack. See this for more info:

    http://ubuntuforums.org/showthread.php?p=11513653

  3. #13
    Join Date
    Jul 2007
    Location
    Magic City of the Plains
    Beans
    Hidden!
    Distro
    Xubuntu 14.10 Utopic Unicorn

    Re: browser virus like symptoms seamonkey

    Threads merged. Please don't hijack other people's threads.

  4. #14
    Join Date
    May 2012
    Beans
    9

    Virus Browser symptoms & more on linux

    Hello
    Ubuntu 10.04 on amd64 -
    System displaying symptoms of browser virus; seamonkey used for amd64 has limited updates as is a custom-job from seamonkey page, not maintained.
    Still preferred to firefox as ff cache doesnt clear the way it should.
    Avast4workstation today found in windows partition while scanning in linux, "win32:small-HUF.Trj in system pagefile". Windows partition has been reformatted today to get rid of.
    In linux, even if this was on the windows side, dont understand what seamonkey is doing:
    religiously clear all cookies and cache with each use including form data;
    scroll bar on webpages going rapidly up/down all by self;
    clicking other night (audio sound) on one webpage
    Avast4workstation yesterday found some old firefox cache files, about 12, "decompression bombs" - since erased.
    Clock is repeatedly not the right time, tho I correct it frequently when spotted.
    lsof -i shows clock 2023 port despite banning on UFW, connected to IP address beginning with "a", deploy.akamaitechnologies.com
    Since clock is not keeping time correctly, and 2023 port is used by ratripper etc different trojans, how to change this in UFW to successfully ban clock-app from connecting? Tried a zillion ways from ufw man page and no success. Port 2023 says xinuexpansion3, what on earth is that and why no info on google? (already know akamai etc is MIT, but I should be the permission giver for it to connect or not).

    my updates to new linux system were done in Aug. 2011/Sept. 2011/Oct 2011 over slow dialup, so concerned as that is the exact time pkg files were hacked on kernel.org

    Thanks
    (Yes I know it's not good to use seamonkey as it's less than updated all the time (amd64 stinks) -- but could this small-HUF thing in memory on windows side, have downloaded linux hack tools?? Firefox doesnt do what I tell it to do re clearing cache which is why I unprefer it. BTW, windows side of computer wasnt allowed on internet except in rare cases where formage wouldnt work with linux - and is gone now)

  5. #15
    Join Date
    Oct 2006
    Location
    Ayrshire
    Beans
    40,060
    Distro
    Ubuntu Development Release

    Re: browser virus like symptoms seamonkey

    Threads merged (again).

    Please do not post duplicates.

  6. #16
    Join Date
    May 2012
    Beans
    9

    Re: browser virus like symptoms seamonkey

    Oldos2er--
    went to bookmark, saw thread is in same place (could not find NEW TOPIC BUTTON, posted in similar thread asking for help to do same)

    bookmark led to very same (someone elses thread), tho couldda swore after finding forums main page, it's own thread/question was done already last night (it was, you moved it)

    the note you moved it, was NOT on my bookmark, that's why I did it again

    so is it now still part of someone else's thread or by the title I gave it/new question?????

    Thanks
    Dont hijack, thank you
    And when someone spells out they CANT find the new post button, why did you write that? Didnt read it??

  7. #17
    Join Date
    Sep 2011
    Beans
    1,531

    Re: browser virus like symptoms seamonkey

    OK, first of all to start a new thread see the screenshot attached.
    Security Discussions - Ubuntu Forums - Mozilla Firefox_009.jpg

  8. #18
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Virus Browser symptoms & more on linux

    Quote Originally Posted by yyyyyyyyyyz View Post
    Hello Ubuntu 10.04 on amd64 -
    System displaying symptoms of browser virus; seamonkey used for amd64 has limited updates as is a custom-job from seamonkey page, not maintained.
    And now for this part. You can choose other browsers if you're not happy with seamonkey and firefox. Choice is one of the very beautiful things about Linux. You could install opera or chrome to name two. Those would be better maintained. I'm not sure I fully understand the problems you're having with seamonkey, but perhaps one of these other browsers will solve the problem.

    Quote Originally Posted by yyyyyyyyyyz View Post
    Clock is repeatedly not the right time, tho I correct it frequently when spotted.
    lsof -i shows clock 2023 port despite banning on UFW, connected to IP address beginning with "a", deploy.akamaitechnologies.com
    Since clock is not keeping time correctly, and 2023 port is used by ratripper etc different trojans, how to change this in UFW to successfully ban clock-app from connecting? Tried a zillion ways from ufw man page and no success. Port 2023 says xinuexpansion3, what on earth is that and why no info on google? (already know akamai etc is MIT, but I should be the permission giver for it to connect or not).

    my updates to new linux system were done in Aug. 2011/Sept. 2011/Oct 2011 over slow dialup, so concerned as that is the exact time pkg files were hacked on kernel.org
    Again I'm not sure I'm understanding the problem fully, but perhaps your BIOS battery is dead and that's why you're not maintaining time?

    When I run lsof -i, I do not see the port number associated with the connection, so I'm not sure how you determined what port was being used. Try
    Code:
    sudo watch netstat -anlp
    That will give you the port number of active connections. Post the results, which will also help us sort out the suspicious connection you're seeing.

  9. #19
    Join Date
    Aug 2006
    Beans
    Hidden!

    Re: browser virus like symptoms seamonkey

    Could the clock be trying to sync with a time server? If the firewall is blocking the clock then that could explain the outbound connections being blocked and the time being wrong.

  10. #20
    Join Date
    Dec 2011
    Location
    Manchester, UK
    Beans
    356
    Distro
    Ubuntu

    Re: browser virus like symptoms seamonkey

    This sounds strongly like a problem with Seamonkey. I seriously doubt you have Linux malware, because currently it's all proof of concept. I recommend you listen to Daisy and use a different browser like Chrome/Chromium, Opera or Midori (sudo add-apt-repository ppa:midori/ppa, sudo apt-get update, sudo apt-get install midori). I have used Seamonkey before, and the issues you're describing are pretty normal for it. So is crashing constantly, and pretty much any other bug you can think of.

    PS: I think OP not being able to see post new thread may be a result from using an unsupported browser, and nothing to do with the site itself.
    Read my technology blog at: http://penguincampaigner.wordpress.com

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •