Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: FBI moneypack virus on Ubuntu

  1. #1
    Join Date
    Aug 2013
    Beans
    1

    FBI moneypack virus on Ubuntu

    but somehow i have managed to get the FBI moneypack virus on my HP Pavillion running ubuntu 12.04lts. amd even stranger is that im on the infected machine right now! my browser is chromium. and the FBI page , that would cripple windurs, is on another tab. i cant close it but it has not denied me service, and i have restarted twice already. i have beat variants of this before. pretty easily too. but i dont have a clue where it might hide in ubuntu. has anyone else ever heard of this happening before??? i could not find any thing about it on google, but it has happened on a mac ,now,too. this is the exploit that demands $450. in 24 hours or huge fine and 10 or 20 years in jail. i just cant believe that this machine is functioning at all. i hope somebody can shed some light on this, because it looks like we will be seeing more of this sort of thing. and i cant be the first one to get this virus on linux, can I??? im still laffing, i like fixing stuff. i could easily just reload the os, but that would be too easy. and of course , i have never backed anything up. but not too much to lose on this box. i have only had linux running on this one for a month or 2. even if its the hard way, id rather fix it right,than overwrite it . thanks

  2. #2
    Join Date
    Aug 2013
    Location
    Planet Earth
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: you may find this hard to believe...

    That sure is interesting.
    Could you maybe make a screenshot of the 'ransom' screen? There appear to be many versions going around and they don't all work the same way.
    That this would appear on ubuntu is something new to me.
    Don't forget to mark you thread as 'solved' once you're content with it.

  3. #3
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: you may find this hard to believe...

    Subscribed.
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests by PM, thanks |

  4. #4
    Join Date
    Dec 2005
    Location
    Western Australia
    Beans
    11,443
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: you may find this hard to believe...

    What if you create a new user account and log in via that? It's probably not the actual malware, but just a website that's managed to change Chromium's settings to open that page in a new tab. Not the same as actually having malware running on your system - Chromium is nicely sandboxed.
    I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.

  5. #5
    Join Date
    Jul 2010
    Location
    ozarks, Arkansas, USA
    Beans
    6,085
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: you may find this hard to believe...

    Had that - or a similar occurrence on the wife's machine, took it as a hijacking from "FaceBook".
    Was able to close out the browser, restart and have to this time seen no adverse effects.

    Now that there is another report of that incidence in the light of a virus, I will pay more attention to what might happen now.

    just goes to show, never can tell
    THE current(cy) in Documentation:
    https://help.ubuntu.com/community/PopularPages

    Happy ubutu'n !

  6. #6
    Join Date
    Oct 2013
    Beans
    3

    Re: you may find this hard to believe...

    Hard to beleive? Not on your life! I'm also running the 64bt. Ubuntu 12.04 lts., and guess what? I got the FBI virus too....no windows...but I do run Wine.

    First I got the pop-up and it wouldn't let go of my browser...it had it locked up. So I shut the system down, gave it a few minuits and rebooted.

    Things looked good, I was able to run system settings so I removed Firefox, restarted again and reinstalled it to see how that would work. As soon as I opened it up the pop-up came back.

    Now, I was angry. My 12.04 lts install was fairly new so I decided to clean house. I repartitioned and installed from a dvd. I fired it back up and it all looked good ...no more pop-up! The next day I'm on one of my forums and my curser starts moving around on it's own!!! You ever fight with someone over control of your own machine? I won, and gave it a rest.

    That night I received a phonecall. Whoever it was.. seemed unsure of themselves, like a new telemarketer on their first call. He mumbled something I couldn't understand, and then I heard him say as his voice got louder (it sounded as if someone was prompting him) "You have a computer..a Windows computer?" I said "no" He said "you have a Windows computer, a Windows compuer, it doesn't run good. I can give you the comands to make it run better." I said "What the h*ll are you talking about? I don't want your commands!" and I hung up.

    The next thing I did was to get Clam TK running. I found 4 files and I deleated them. They were within /home/c/.wine/drive_c/program files (x86)/ This disabled Wine. So I reinstalled Wine. I was back on a forum writing a lenthy post and then my text started to disappear, the same way as if the backspace key on the board were stuck. I returned to my desktop and opened a junk text file I had laying around, and it started to disappear too. Now when I run Clam TK It shows up again.

    I've also noticed that my spell checker has stopped working. Is there a section on this forum where I can get help?

  7. #7
    Join Date
    Jul 2010
    Location
    ozarks, Arkansas, USA
    Beans
    6,085
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: you may find this hard to believe...

    Sailfrog; Hey ,

    Your post is the only other mention I have seen in this respect. Would not hurt a thing if you were to carry this concern to the "security discussion" sub forum.

    shared info for shared solutions
    THE current(cy) in Documentation:
    https://help.ubuntu.com/community/PopularPages

    Happy ubutu'n !

  8. #8
    Join Date
    Oct 2009
    Location
    Reykjavík, Ísland
    Beans
    9,267
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: FBI moneypack virus on Ubuntu

    The 'support' phone calls are a well-known scam and happens on a regular basis. There's no proof that the trick is connected to malware, it is only about social engineering.
    About problems due to upgrading
    Bringing old hardware back to life.
    Please visit Quick Links -> Unanswered Posts

  9. #9
    Join Date
    Feb 2010
    Location
    WI USA
    Beans
    9,827
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: FBI moneypack virus on Ubuntu

    If it is a browser exploit and not a virus no operating system would be immune.
    Infinite diversity in infinite combination.

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Manual

  10. #10
    Join Date
    Apr 2011
    Location
    3rd Rock from the Sun
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: FBI moneypack virus on Ubuntu

    Interesting. What happens if .browser (like .mozilla or .chromium) is deleted? Do these 'infected' machines have functional 'iptables' or 'UFW' running? What kind of Browser security addons/extensions were being used?
    Subscribed.
    "Evolution is Nature's way of issuing upgrades."

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •