Results 1 to 7 of 7

Thread: Clam TK found a possible infection

  1. #1
    Join Date
    Nov 2009
    Location
    Seattle
    Beans
    57
    Distro
    Xubuntu 10.04 Lucid Lynx

    Clam TK found a possible infection

    I just ran into my first possible virus in Ubuntu with Clam TK. It is in my Mozilla Firefox Cache. Status is: "PUA.Script.Packed-1"
    What does this mean?
    Quarantine or delete this?
    "Human beings see oppression vividly when they're the victims. Otherwise they victimize blindly and without a thought." -Isaac Bashev

  2. #2
    Join Date
    Feb 2010
    Location
    Summerwind
    Beans
    11,918
    Distro
    Ubuntu Development Release

    Re: Clam TK found a possible infection

    Hi,

    PUA : Private Use Area -( Unicode Context ) I don't know if it's a threat.
    PUA : Possibly Unwanted Application Klam states that it is a false positve.

    See http://clamav.net/sendviruses.cqt
    Last edited by Frogs Hair; March 13th, 2010 at 09:29 PM.

  3. #3
    Join Date
    May 2008
    Beans
    2,526

    Re: Clam TK found a possible infection

    Quote Originally Posted by Chris_cur View Post
    I just ran into my first possible virus in Ubuntu with Clam TK. It is in my Mozilla Firefox Cache. Status is: "PUA.Script.Packed-1"
    What does this mean?
    Quarantine or delete this?
    Going to Edit > Preferences > Advanced tab > Network tab
    and clicking on Clear Now under Offline Storage in firefox will clear your offline content and should get rid of it. I think that's how you clear the cache.

    It's not like it can do anything in ubuntu anyway if it is something you got while browsing the web.
    Last edited by 2hot6ft2; March 13th, 2010 at 09:03 PM.
    Ultimate Edition Links

  4. #4
    Join Date
    Aug 2006
    Beans
    12,968
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Clam TK found a possible infection

    PUA = Potentially Unwanted Application. The name and location you posted indicate it is a script, which has nothing to do with virus infection. Just empty Firefox's cache and it's gone, and if you are worried about scripting, turn off java scripts in Firefox.

  5. #5
    Join Date
    Jan 2010
    Location
    Kentucky
    Beans
    79

    Re: Clam TK found a possible infection

    Plus it would be a virus targeted towards a Windows box anyway. I am not aware of any Linux based malware definitions in the Clam AV database ( jump in anyone if you know otherwise ). Also the PUA while that is potentialy unwanted Ap, the script packed usually means it was packed using something which causes AV alerts due to the method used to package the software for install. Hundreds of small developers get the laughable "you gave my PC a virus email" simply because they decide to use a packer to build their install.

    Rest easy,

    Mark

  6. #6
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Clam TK found a possible infection

    Packers get used in a couple of different ways. Some use it everywhere, to obscure their source code and things. This is not necessarily malicious, but it does suggest that not having people be able to read (and presumably copy?) the code is more important to the author than letting end users examine it to see what it does. The other major use is to hide the commands in a web-based script from network based security tools that might otherwise block it before it gets where it's going. That's obviously not something that someone on the up-and-up would do. However, since it is packed, there's no way to determine which type it is, so AV software vendors prefer to err on the side of caution. In this case, if it's malicious it would likely only affect Windows, and at this point won't get out of the cache anyway. If it's not malicious, it was obviously not necessary, either, because you didn't miss out on anything for not running it.

    If you want, you can always follow the path and check the file name when these detections come up. There might be some kind of identifier that can tell you where it came from, and you can judge its intentions that way.

  7. #7
    Join Date
    Nov 2009
    Location
    Seattle
    Beans
    57
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Clam TK found a possible infection

    Thanks every one! I knew it would probably not effect Ubuntu, I was just so shocked. Your information was great!

    @mikewhatever: I love your Linux is NOT Windows link! I am reading it now. I never bought Legos for the figurative "car inside", or if I did I quickly decided I didn't like the Yugo I bought and built a Ferrari!! mwahahaha
    "Human beings see oppression vividly when they're the victims. Otherwise they victimize blindly and without a thought." -Isaac Bashev

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •