Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: VIRUS (Windows) on Sourceforge site

  1. #1
    Join Date
    Feb 2005
    Beans
    99
    Distro
    Ubuntu 12.04 Precise Pangolin

    VIRUS (Windows) on Sourceforge site

    Hi all I hope this is the right place to post this warning and I hope that some one can notify someone who is in a position to do something about it. I was trying to burn Ubuntu 12.04 to a DVD but it wouldn't let me it seemed it wanted to burn it to a CD and then overburn it so I did a search and found this page http://www.ubuntu.com/download/deskt...dvd-on-windows and part way down in the WinXP section item 1. of the page it offers a free burner "Infra recorder" I clicked that link and it took me to the Infra Recorder page and part way down on the right I clicked the link Instant FTP download that took me to a download page where I clicked on the green free download button and I downloaded the .exe file which I started to install, I didn't get to finish the install because my Zone Alarm antivirus stopped it and said about the "Melondrea Virus" it didn't remove it and the virus disabled my keyboard. I couldn't even get into safe mode because of my keyboard so I downloaded Malwarebytes on another computer and installed it with a USB stick and that found about 23 files and my computer appeared to be fixed. I checked my file system after Malwarebytes did it's thing and I found a folder in the root of C: called "Avenger" it had a file called "updatemelondrea.exe" which I deleted and as I have an image of XP I am now going to restore the image and later do a dual boot of XP and Ubuntu.

  2. #2
    Join Date
    Jul 2006
    Beans
    190
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: VIRUS (Windows) on Ubuntu site

    You downloaded a virus linked from a page that was linked from an ad on a page linked to from the Ubuntu install instructions.

    That's hardly "VIRUS on Ubuntu site"

  3. #3
    Join Date
    Jan 2009
    Location
    Santander, Spain
    Beans
    1,822
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: VIRUS (Windows) on Ubuntu site

    Are you actually using ubuntu 9.04 jaunty jackalope?, this is certainly a security risk since it is a very long unsupported release.

  4. #4
    Join Date
    Jan 2010
    Location
    Hyperborea
    Beans
    1,469
    Distro
    Ubuntu

    Re: VIRUS (Windows) on Ubuntu site

    You clicked an advert! Shame on you!
    I run AdBlockPlus all the time, try it.

    Edit: AdBlockPlus is a Firefox add-on. Use Tools>Add-ons to get and install it.
    Last edited by coldraven; March 10th, 2014 at 08:17 AM.

  5. #5
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: VIRUS (Windows) on Ubuntu site

    For what it's worth, I stand by ImgBurn for burning discs XP/Vista/7

    I see that crap happen quite often on download pages, where they'll have an ad that looks like a legitimate download for the software you are looking for but it isn't. UltraVNC does that and hides their download link at the bottom of the page while displaying a huge banner with a big download button for some other software..

    Be careful what you download and if you have doubts, do not run the program.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  6. #6
    Join Date
    Feb 2005
    Beans
    99
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: VIRUS (Windows) on Ubuntu site

    Quote Originally Posted by Jhongy View Post
    You downloaded a virus linked from a page that was linked from an ad on a page linked to from the Ubuntu install instructions.

    That's hardly "VIRUS on Ubuntu site"
    I'm sorry but you have not understood me so I will try to make it clearer with a screen dump of the web page. You can see the ubuntu.com URL and they are actually providing instruction to download and install Infra recorder and they provide a link to it and they provide five steps on how to install Infra recorder. I didn't click on an add, the link took me to Infra Recorders page and the link to download Infra recorder takes you to the download page. It is all the intended path and it is Infra Recorder I downloaded and it comes with a virus. I probably confused the issue in my first post with the steps I took and the description of the links but it was to provide some detail so that hopefully someone will follow it up and rectify the situation because I'm sure Ubuntu would not like a link that they have intentionally put on their page to lead to a virus. Perhaps I could have worded the the title a bit better but what I would like is if some one can bring this to the attention of someone who can do something about it.



    Quote Originally Posted by claracc View Post
    Are you actually using ubuntu 9.04 jaunty jackalope?, this is certainly a security risk since it is a very long unsupported release.
    I'm sorry claracc I should have updated my signature. I haven't had Ubuntu for a while and with XP going out I'm going to use that box for Ubuntu 12.04 I have deleted my signature and when I install Ubuntu I will bring my signature up to date.
    Last edited by sandman55; March 10th, 2014 at 01:55 PM.

  7. #7
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: VIRUS (Windows) on Ubuntu site

    I don't see anything but what I would expect to see at the download page there.

    Attached Images Attached Images

  8. #8
    Join Date
    Feb 2005
    Beans
    99
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: VIRUS (Windows) on Ubuntu site

    Quote Originally Posted by Elfy View Post
    I don't see anything but what I would expect to see at the download page there.


    It looks like they might have cleaned it up but It was a sizeable square link in the space above Archives on the right. It is interesting that my post has a gap on the right where yours doesn't because that was where the link was. Perhaps that is how my cache remembers it.

    Attached Images Attached Images

  9. #9
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: VIRUS (Windows) on Sourceforge site

    I've edited the title.

  10. #10
    Join Date
    Mar 2014
    Beans
    40
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: VIRUS (Windows) on Sourceforge site

    There are two obvious links on the InfraRecorder page, both using GoogleAdServices. Here's the text of the one that looks the most legit, the one that was above "Archives":

    Code:
    Download366.com/infrarecorder%3Futm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_campaign%3D336_Display-USA-
    Otros%26utm_term%3Dinfrarecorder%26utm_content%3DInfraRecorder_366_JaviGoogle_US_K%3Dinfrarecorder_CP%3D336_Display-USA-
    Otros%26placement%3Dinfrarecorder.org%26target%3D%26adposition%3Dnone&nm=31&mb=2&bg=!A0TAtUeecM460QIAAAAjUgAAABYqAOGVZCtPzvUiWHRWxbq0A48wWoxRt1nM-DdmuR_4x32tCkvaDAx-
    ftxAGbBp1kCUfH96idIOxDal6atvrcy1hWLoyTn_A0CWha7m8QQw8PKMIo30s2bSED7PEQOipCeOZjB0SFtFhJkbGn8H5Iy8q8rrzeRx9AU9t185N9yox0SxBdClHzEFrMPq2ADQADD2KI7oVSaepsc2l2Vw2hypYK_Un21FMzU
    Upw1JSrPUSur0O5cl2Y-tf92x72iqJUKKIK6aPRqblstKTB5Aqfh7WQfCKk-Q2gbNUZNLCoySFcfk0z4"]googleadservices.com/pagead/aclk?sa=L&ai=CWAZlEUQeU6GrLJP1-
    QP4gYGgC8H7svgEoanLj2GlqYmVKRABIJDSqhBQjqiXmQVgybb4i8ykiBmgAb-ev8MDyAEBqQLHMzOtsES3PqgDAcgDwwSqBHZP0CJQplJGRtMQivjFmHmAUGiqR7XnIekz7WZmG-
    NnxOX30xH_QzmwFAXdchqWro8GfVVwz3KQkb79y1lagsuLD6c9qHNEubm73Ljdi6m6gFIlXglrm0VKkF6QZSN-oBf6NrrCc06LU_FWbb-
    g8k0SHHwm3rWoiAYBgAep4cA8&num=1&cid=5GjA5GifNPma0NJ21HYKYWgC&sig=AOD64_0O-FEVR4-ljezw6HER2kN6SXEHhQ&client=ca-pub-
    9542645594546542&adurl=http://www.Download366.com/infrarecorder%3Futm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_campaign%3D336_Display-USA-
    Otros%26utm_term%3Dinfrarecorder%26utm_content%3DInfraRecorder_366_JaviGoogle_US_K%3Dinfrarecorder_CP%3D336_Display-USA-
    Otros%26placement%3Dinfrarecorder.org%26target%3D%26adposition%3Dnone&nm=31&mb=2&bg=!A0TAtUeecM460QIAAAAjUgAAABYqAOGVZCtPzvUiWHRWxbq0A48wWoxRt1nM-DdmuR_4x32tCkvaDAx-
    ftxAGbBp1kCUfH96idIOxDal6atvrcy1hWLoyTn_A0CWha7m8QQw8PKMIo30s2bSED7PEQOipCeOZjB0SFtFhJkbGn8H5Iy8q8rrzeRx9AU9t185N9yox
    0SxBdClHzEFrMPq2ADQADD2KI7oVSaepsc2l2Vw2hypYK_Un21FMzUUpw1JSrPUSur0O5cl2Y-tf92x72iqJUKKIK6aPRqblstKTB5Aqfh7WQfCKk-Q2gbNUZNLCoySFcfk0z4
    That's nasty, and obviously put together to hide the real payload. The real download link is one page farther in. You have to click the small text link that says "Downloads". On that page is a link to the SourceForge file:

    Code:
    sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download
    Are you sure which one you clicked?

    Incidentally, back in the day I used InfraRecorder sometimes. It was a good enough program.
    Last edited by PondPuppy; March 11th, 2014 at 01:07 AM. Reason: long text, put in line-breaks

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •