Results 1 to 8 of 8

Thread: virus found in usr folder

  1. #1
    Join Date
    Sep 2010
    Beans
    13

    virus found in usr folder

    Have run clam on whole system and multiple instances of PUA.Win32.Packer.Upolyx-5 FOUND in /usr/lib/mono

    Looking further I find that /usr/lib/mono appears to be full of MS type files / executables and all appear to be owned by ROOT.

    What's going on?

  2. #2
    Join Date
    Feb 2010
    Location
    White Plume Mountain
    Beans
    8,116
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: virus found in usr folder

    Moved to Security Discussions
    "I want a dumb phone that allows me to decide just how smart it can be." ~me



  3. #3
    Join Date
    Mar 2011
    Beans
    668

    Re: virus found in usr folder

    Probably false positives. I have .exe's and .dll's in my Mono folder as well.

  4. #4
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: virus found in usr folder

    Packers are not necessarily malicious. They are the tools that compress/decompress the files included in a "pack"age "pack"ed for installation.

    I would still recommend researching that particular one, since packers can be malicious. It probably won't be any problem for you on your Linux machine, but you could unwittingly cause a Windows user some grief.

    You might even see if you can find a Mono forum and ask there.

  5. #5
    anewguy is offline I Ubuntu, Therefore, I Am
    Join Date
    Jun 2007
    Location
    Sometimes I visit earth
    Beans
    5,440
    Distro
    Ubuntu 12.04 Precise Pangolin

    Wink Re: virus found in usr folder

    You may want to check this site. As already mentioned, unless you are running Wine, or running a VM with Windows in it, and this file is found in the .wine folder or in the VM folder, chances are extremely high it won't do a thing - it's not for linux. As also mentioned, the danger comes if you email someone or give them some other media that has the file on it.

    Dave

  6. #6
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: virus found in usr folder

    Couple things: the prefix PUA stands for "potentially unwanted application," a designation which tends to be made for things that are at worst annoying but not specifically malicious, and which tend to have been put there by the user. In this specific case the most likely reason for the files being detected as PUA is because they are packed or otherwise compressed in a way that the Clam engine is unable to determine what's in them, thus it's pointing them out but not removing them (as they might be perfectly fine).

    Also, one of the main purposes of Mono is to enable compatibility with certain Microsoft languages and platforms, so it's likely that's why those files are there.

    These detections are almost certainly false positives.

  7. #7
    Join Date
    Aug 2009
    Location
    Under the stairs.
    Beans
    1,408
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: virus found in usr folder

    Quote Originally Posted by OpSecShellshock View Post
    Couple things: the prefix PUA stands for "potentially unwanted application," a designation which tends to be made for things that are at worst annoying but not specifically malicious, and which tend to have been put there by the user. In this specific case the most likely reason for the files being detected as PUA is because they are packed or otherwise compressed in a way that the Clam engine is unable to determine what's in them, thus it's pointing them out but not removing them (as they might be perfectly fine).

    Also, one of the main purposes of Mono is to enable compatibility with certain Microsoft languages and platforms, so it's likely that's why those files are there.

    These detections are almost certainly false positives.
    +1 Nothing to be alarmed about.
    Dell Inspiron 1764 Laptop, Intel CoreTM i5 520M), 4GB Shared Dual Channel DDR3 at 1066MHz, 512MB ATI Mobility RadeonTM HD4330 Integrated Intel HD.

  8. #8
    Join Date
    Sep 2010
    Beans
    13

    Re: virus found in usr folder

    Thanks for all the feedback. Recent scans using clam have not identified any threats in the mono folder. I assume this is due to changes in the clam virus signature list.

    Have now upgraded to 12.04 and no threats reported.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •