Re: browser virus like symptoms seamonkey
Quote:
Originally Posted by
yyyyyyyyyyz
Thanks for the good answer willy nilly. :)
So it's name is FF? (or something bigger?)
I despise firefox and it thinks it's cache is cleaned/ this is why I refrain from using it.
Re the 2 attacks, bought this laptop august 2011 and was in process of downloading patches to the linuxcentral ubuntu disk I was using, so yes concerned with above.
I did chkrootkit, rkhunter and unhide, they dont find anything
The one in the above was called phalanx or something like this.
However, couldnt a rootkit change its name to avoid detection in all the time gone by?
Very sucky to be experiencing this in linux after all the learning to use the system and be safe.
Have a good holiday
I will answer just to say I really have no idea. I install so often and use a variety of OS's and keep all my stuff on externals. So if I felt I was compromised I would just wipe it and reinstall. I also clone all my setups generally and backup the homes.
I'm so used to installing I just weigh the time to fix against a reinstall, and which ever is faster I do. I rarely have had to reinstall due to any problems though. Although I'm running the Ubuntu development and did a upgrade that included blocked stuff for a partial upgrade, and lost the gnome-shell desktop. The clone took about ten minutes to load, and another five minutes to get the home caught up.
FF is a acronym for Firefox.
So we were posting simultaneously, lol was it as good for you as me. It looks like you have fixed it. :)
Re: This is a false positive, right?
Quote:
Originally Posted by
yyyyyyyyyyz
It is foolish to figure "no one is targeting linux, hence we need nothing". I do believe that to be wrong now. :) Especially with the upped linux popularity.
It's not that we don't need anything. It's that the tools available today will not protect us from a theoretical attack. See this for more info:
http://ubuntuforums.org/showthread.php?p=11513653
Re: browser virus like symptoms seamonkey
Threads merged. Please don't hijack other people's threads.
Virus Browser symptoms & more on linux
Hello
Ubuntu 10.04 on amd64 -
System displaying symptoms of browser virus; seamonkey used for amd64 has limited updates as is a custom-job from seamonkey page, not maintained.
Still preferred to firefox as ff cache doesnt clear the way it should.
Avast4workstation today found in windows partition while scanning in linux, "win32:small-HUF.Trj in system pagefile". Windows partition has been reformatted today to get rid of.
In linux, even if this was on the windows side, dont understand what seamonkey is doing:
religiously clear all cookies and cache with each use including form data;
scroll bar on webpages going rapidly up/down all by self;
clicking other night (audio sound) on one webpage
Avast4workstation yesterday found some old firefox cache files, about 12, "decompression bombs" - since erased.
Clock is repeatedly not the right time, tho I correct it frequently when spotted.
lsof -i shows clock 2023 port despite banning on UFW, connected to IP address beginning with "a", deploy.akamaitechnologies.com
Since clock is not keeping time correctly, and 2023 port is used by ratripper etc different trojans, how to change this in UFW to successfully ban clock-app from connecting? Tried a zillion ways from ufw man page and no success. Port 2023 says xinuexpansion3, what on earth is that and why no info on google? (already know akamai etc is MIT, but I should be the permission giver for it to connect or not).
my updates to new linux system were done in Aug. 2011/Sept. 2011/Oct 2011 over slow dialup, so concerned as that is the exact time pkg files were hacked on kernel.org
Thanks
(Yes I know it's not good to use seamonkey as it's less than updated all the time (amd64 stinks) -- but could this small-HUF thing in memory on windows side, have downloaded linux hack tools?? Firefox doesnt do what I tell it to do re clearing cache which is why I unprefer it. BTW, windows side of computer wasnt allowed on internet except in rare cases where formage wouldnt work with linux - and is gone now)
Re: browser virus like symptoms seamonkey
Threads merged (again).
Please do not post duplicates.
Re: browser virus like symptoms seamonkey
Oldos2er--
went to bookmark, saw thread is in same place (could not find NEW TOPIC BUTTON, posted in similar thread asking for help to do same)
bookmark led to very same (someone elses thread), tho couldda swore after finding forums main page, it's own thread/question was done already last night (it was, you moved it)
the note you moved it, was NOT on my bookmark, that's why I did it again
so is it now still part of someone else's thread or by the title I gave it/new question?????
Thanks
Dont hijack, thank you
And when someone spells out they CANT find the new post button, why did you write that? Didnt read it??
1 Attachment(s)
Re: browser virus like symptoms seamonkey
OK, first of all to start a new thread see the screenshot attached.
Attachment 218891
Re: Virus Browser symptoms & more on linux
Quote:
Originally Posted by
yyyyyyyyyyz
Hello Ubuntu 10.04 on amd64 -
System displaying symptoms of browser virus; seamonkey used for amd64 has limited updates as is a custom-job from seamonkey page, not maintained.
And now for this part. You can choose other browsers if you're not happy with seamonkey and firefox. Choice is one of the very beautiful things about Linux. You could install opera or chrome to name two. Those would be better maintained. I'm not sure I fully understand the problems you're having with seamonkey, but perhaps one of these other browsers will solve the problem.
Quote:
Originally Posted by
yyyyyyyyyyz
Clock is repeatedly not the right time, tho I correct it frequently when spotted.
lsof -i shows clock 2023 port despite banning on UFW, connected to IP address beginning with "a", deploy.akamaitechnologies.com
Since clock is not keeping time correctly, and 2023 port is used by ratripper etc different trojans, how to change this in UFW to successfully ban clock-app from connecting? Tried a zillion ways from ufw man page and no success. Port 2023 says xinuexpansion3, what on earth is that and why no info on google? (already know akamai etc is MIT, but I should be the permission giver for it to connect or not).
my updates to new linux system were done in Aug. 2011/Sept. 2011/Oct 2011 over slow dialup, so concerned as that is the exact time pkg files were hacked on kernel.org
Again I'm not sure I'm understanding the problem fully, but perhaps your BIOS battery is dead and that's why you're not maintaining time?
When I run lsof -i, I do not see the port number associated with the connection, so I'm not sure how you determined what port was being used. Try
Code:
sudo watch netstat -anlp
That will give you the port number of active connections. Post the results, which will also help us sort out the suspicious connection you're seeing.
Re: browser virus like symptoms seamonkey
Could the clock be trying to sync with a time server? If the firewall is blocking the clock then that could explain the outbound connections being blocked and the time being wrong.
Re: browser virus like symptoms seamonkey
This sounds strongly like a problem with Seamonkey. I seriously doubt you have Linux malware, because currently it's all proof of concept. I recommend you listen to Daisy and use a different browser like Chrome/Chromium, Opera or Midori (sudo add-apt-repository ppa:midori/ppa, sudo apt-get update, sudo apt-get install midori). I have used Seamonkey before, and the issues you're describing are pretty normal for it. So is crashing constantly, and pretty much any other bug you can think of.
PS: I think OP not being able to see post new thread may be a result from using an unsupported browser, and nothing to do with the site itself.