Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

  1. #1
    Join Date
    Jan 2008
    Beans
    2

    Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Okay, I know the reaction mention of a virus is likely to provoke but please, hear me out. To set the scene, I am primarily a Windows Sys Admin of 11 years with a smattering of *nix knowledge garnered over the years. At home, I only have Ubunutu and OSX.

    Now, I know I won't get any sympathy for my transport method for having received what I believe was a virus, as it must have been encapsulated in a zip/rar file containing mp3s downloaded from the internet.

    I was using an 8GB flash drive to transfer said files from Ubuntu to Mac. After transferring the files I noticed, all of a sudden, that the root of the flash drive had started to fill up with files with nonsensical alphanumeric names and three letter file extensions (all extensions were different for each "file"). I pulled the drive and moved it back to Ubuntu. Not only was it full of these files (sorry, I cannot provide a screenshot but I was panicking as the drive contained sensitive, important data) but the sizes attributed to them by Ubuntu were nonsensical as it appeared to have more than the max 8GB. I was also unable to delete any of these files - they were greyed out and right clicking on them produced no context sensitive menu whatsoever. I moved my important files off and formatted, which solved the issue but it harked back to the "I Love You" virus of days of yore which, to my memory renamed all files as .VBS files (on Windows obviously), but whatever anomoly occured in this instance did appear to be renaming files and folders of its own accord.

    The files in question had not been extracted from a zip/rar archive to my knowledge, but appeared after the fact. I scanned my Mac with iAntiVirus afterwards, which found no traces of virus. I have not yet scanned the Linux laptop, though I know already it will find nothing.

    If nothing else, it is unusual, so I thought I would report it, like one does to the police for minor incidents that may later prove part of a larger case file. I would be interested to know if anything liek this has ocurred before to anyone's knowledge?

  2. #2
    Join Date
    Dec 2007
    Location
    Shepperton, UK.
    Beans
    2,489
    Distro
    Ubuntu Development Release

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Sounds to me like file allocation table corruption rather than a virus. How old is the flash drive ? It may be on the way out.
    Intel E5700 G41 8Gb Xubuntu 13.10, Ubuntu 13.4, WinXP.
    Revo R3610 Win7 Pro, Ubuntu 13.04

    Absolute Beginners Compiz-fusion wiki Local Weather

  3. #3
    Join Date
    Jan 2008
    Beans
    2

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    I hear you. The drive is only 18 months old and a good make. I had only recently reformatted it using Windows a few months ago. I just ran a check disk utility on it there in Windows and it showed no errors. Like you, I am inclined to disbelieve it could be a virus (the same way I am inclined not to believe someone could create a perpetual motion machine). I will report back with any other developments should they come to light.

  4. #4
    Join Date
    Jun 2008
    Location
    Tampico,Mexico
    Beans
    1,395
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Put something else on the drive. Then on another drive download the same thing. That should tell you if it was the download or the drive.

  5. #5
    Join Date
    Apr 2005
    Location
    London.ca
    Beans
    560

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Did you yank the drive out without ejecting it first?

  6. #6
    Join Date
    Dec 2007
    Location
    Shepperton, UK.
    Beans
    2,489
    Distro
    Ubuntu Development Release

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Seq. Don't you mean unmounting it first ? You can do this by right-clicking on the drive icon and select unmount from the drop-down menu.
    Even though the drive is a well known make, it could still be on the way out especially if it's in regular use (I had one that failed after just a year, by which time I had trouble reading and writing to it). A format only briefly resolved the problem.
    Intel E5700 G41 8Gb Xubuntu 13.10, Ubuntu 13.4, WinXP.
    Revo R3610 Win7 Pro, Ubuntu 13.04

    Absolute Beginners Compiz-fusion wiki Local Weather

  7. #7
    Join Date
    Oct 2009
    Location
    Amman, Jordan
    Beans
    93
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Quote Originally Posted by Jonzer View Post
    I just ran a check disk utility on it there in Windows and it showed no errors.
    I wouldn't trust such tool/utility. Probably a bad section/sector.
    Jordan Open Source Association | E-mail
    Macbook (late 2008) - 2.4Ghz Core2Duo - 4GB RAM - nVidia 9400 - 250GB HDD

  8. #8
    Join Date
    Dec 2007
    Location
    Shepperton, UK.
    Beans
    2,489
    Distro
    Ubuntu Development Release

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Good point saif_held. Please take a look at this article. With hard disks you can get badblocks showing up when you shut down the linux system (including any FAT partitions) but Windows chkdsk -v may not find them.
    Intel E5700 G41 8Gb Xubuntu 13.10, Ubuntu 13.4, WinXP.
    Revo R3610 Win7 Pro, Ubuntu 13.04

    Absolute Beginners Compiz-fusion wiki Local Weather

  9. #9
    Join Date
    Oct 2009
    Location
    Amman, Jordan
    Beans
    93
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Kevbert, I just read it. I hope the issue is fixed. If not wonder if there's a fix.
    Jordan Open Source Association | E-mail
    Macbook (late 2008) - 2.4Ghz Core2Duo - 4GB RAM - nVidia 9400 - 250GB HDD

  10. #10
    Join Date
    Dec 2007
    Location
    Shepperton, UK.
    Beans
    2,489
    Distro
    Ubuntu Development Release

    Re: Could This Be a Virus? (I Know, I Know, But Hear Me Out)

    Saif_held. Unfortunately when you get badblocks showing, it normally is terminal, as it means the disk drive is on the way out.
    I see your from Amman, Jordan. Nice place, very friendly people. I've done the grand tour of Jordan. As well as Petra I've been to Jerash, Aqaba, Amman among other places and thoroughly enjoyed the place and hospitality.
    Intel E5700 G41 8Gb Xubuntu 13.10, Ubuntu 13.4, WinXP.
    Revo R3610 Win7 Pro, Ubuntu 13.04

    Absolute Beginners Compiz-fusion wiki Local Weather

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •