[ltp] Spyware - my Intrepid under attack?

Daniel Castro linux-thinkpad@linux-thinkpad.org
Sat, 12 Sep 2009 20:06:42 +0100 

--000325556f5a1771ca047366229f
Content-Type: text/plain; charset=ISO-8859-1

I've been using Ubuntu for 2 years and this would be the first time I hear
something like spyware or virus on it. If that's what happened, which
really, I don't think. I hope.
Anyway, there are a few antivirus you can try, ClamAV, AVG and Avast for
example. Go to Ubuntu forums, they are great, people is very helpful and am
pretty sure you'll find answers and solutions.
If you post a thread there reply back here with the link.

Also see inline...

2009/9/12 Andrea Levin <andrea.b.levin@gmail.com>

> I am pretty new to Ubuntu (Intrepid), finding my way around, practicing
> clumsily with the command line,reading Keir Thomas...and I may have been
> complacent about the risk of spyware. I hadn't even installed Mozilla
> NoScript (till a minute ago!). I've updated faithfully when prompted.
>
> On Firefox a half hour ago, I noticed things a bit...slow. Then a bit
> 'freezy'.  First attributed this to the measly RAM quotient on this 2003
> Dell 5100 (which I believe is 256 megs. Still not sure where to find system
> info - that's how new I am!) A Firefox update process  required restart of
> FF, and so I thought it might have been the resource demands of this
> process. All of a sudden - a classic sense of 'takeover': suddenly, my
> monitor looks like a Windows machine,

do you mean the whole desktop now looks like windows desktop?

> showing me my 'My Computer', 'C drive', 'My Documents', etc,

that is weird

> all tagged with red warnings, a pop-up tells me I am under attack,

sounds like something triggered from your browser... probably only visually
bad for you but harmless in reality as most of that kinda' crap is meant to
mess windows up

> do run-don't-walk to this antivirus site, etc. In my panic (I don't yet
> know the equivalent of CTRL-ALT-DEL) I pulled the plug and the battery to
> abort.
>
well sever options instead of that...
ctrl+alt+del sorta' works, it'll reboot your computer. but you can also do
ctrl+alt+del which only restarts X, so that's your GUI, so it kills all
programs runnins and you go back to your login screen, think of it as a
quick reboot... you said you're on Intrepid, then this works, on Jaunty it
dosen't out-of-the-box, it has to be enabled.
other option is ctrl+alt+F1 (or anything from Fq to F6) and you go to a
terminal screen. there you could login and kill firefox for example... with:
killall firefox
any many other options...

>
> I had ... downloaded a spreadsheet from the New York Times site on costing
> out home-buying.  Uh-oh! (Actually, I'd assumed I was about to simply open a
> new tab, not download a document.)  Deleted this at the terminal.
>
> So: how to scan for spyware, viruses?

don't even think there is spyware software as such.... maybe there is.
dunno.

> Or: is this necessary?

i'd say no

> How would I know I'm infected?

trust.

>   Etc.!
>

> Usually I check forums before posting threads - but I'm pretty rattled!
> I use ESET Nod32 on my Windoze machines.
>
> Thanks in advance!
>
> --
> This email and any files transmitted with it may be confidential and
> legally privileged. They are intended solely for the use of the individual
> or entity to whom they are addressed. If you have received this email in
> error, please notify the sender by return email immediately, and then delete
> and destroy this message and its
> attachments.
>



-- 
________________________

Daniel Castro, M.Sc.
+353 083-318-2058
dancasmo@gmail.com
castromd@tcd.ie
________________________

--000325556f5a1771ca047366229f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I&#39;ve been using Ubuntu for 2 years and this would be the first time I h=
ear something like spyware or virus on it. If that&#39;s what happened, whi=
ch really, I don&#39;t think. I hope.<br>Anyway, there are a few antivirus =
you can try, ClamAV, AVG and Avast for example. Go to Ubuntu forums, they a=
re great, people is very helpful and am pretty sure you&#39;ll find answers=
 and solutions.<br>
If you post a thread there reply back here with the link.<br><br>Also see i=
nline...<br><br><div class=3D"gmail_quote">2009/9/12 Andrea Levin <span dir=
=3D"ltr">&lt;<a href=3D"mailto:andrea.b.levin@gmail.com">andrea.b.levin@gma=
il.com</a>&gt;</span><br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I am pretty new t=
o Ubuntu (Intrepid), finding my way around, practicing clumsily with the co=
mmand line,reading Keir Thomas...and I may have been complacent about the r=
isk of spyware. I hadn&#39;t even installed Mozilla NoScript (till a minute=
 ago!). I&#39;ve updated faithfully when prompted. <br>

<br>On Firefox a half hour ago, I noticed things a bit...slow. Then a bit &=
#39;freezy&#39;.=A0 First attributed this to the measly RAM quotient on thi=
s 2003 Dell 5100 (which I believe is 256 megs. Still not sure where to find=
 system info - that&#39;s how new I am!) A Firefox update process=A0 requir=
ed restart of FF, and so I thought it might have been the resource demands =
of this process. All of a sudden - a classic sense of &#39;takeover&#39;: s=
uddenly, my monitor looks like a Windows machine,</blockquote>
<div>do you mean the whole desktop now looks like windows desktop? <br></di=
v><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204=
, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> showing me my =
&#39;My Computer&#39;, &#39;C drive&#39;, &#39;My Documents&#39;, etc,</blo=
ckquote>
<div>that is weird <br></div><blockquote class=3D"gmail_quote" style=3D"bor=
der-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-=
left: 1ex;"> all tagged with red warnings, a pop-up tells me I am under att=
ack,</blockquote>
<div>sounds like something triggered from your browser... probably only vis=
ually bad for you but harmless in reality as most of that kinda&#39; crap i=
s meant to mess windows up <br></div><blockquote class=3D"gmail_quote" styl=
e=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; =
padding-left: 1ex;">
 do run-don&#39;t-walk to this antivirus site, etc. In my panic (I don&#39;=
t yet know the equivalent of CTRL-ALT-DEL) I pulled the plug and the batter=
y to abort.<br></blockquote><div>well sever options instead of that...<br>
ctrl+alt+del sorta&#39; works, it&#39;ll reboot your computer. but you can =
also do ctrl+alt+del which only restarts X, so that&#39;s your GUI, so it k=
ills all programs runnins and you go back to your login screen, think of it=
 as a quick reboot... you said you&#39;re on Intrepid, then this works, on =
Jaunty it dosen&#39;t out-of-the-box, it has to be enabled.<br>
other option is ctrl+alt+F1 (or anything from Fq to F6) and you go to a ter=
minal screen. there you could login and kill firefox for example... with: k=
illall firefox<br>any many other options...<br></div><blockquote class=3D"g=
mail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt=
 0pt 0pt 0.8ex; padding-left: 1ex;">

<br>I had ... downloaded a spreadsheet from the New York Times site on cost=
ing out home-buying.=A0 Uh-oh! (Actually, I&#39;d assumed I was about to si=
mply open a new tab, not download a document.)=A0 Deleted this at the termi=
nal.<br>

<br>So: how to scan for spyware, viruses?</blockquote><div>don&#39;t even t=
hink there is spyware software as such.... maybe there is. dunno. <br></div=
><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204,=
 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
 Or: is this necessary?</blockquote><div>i&#39;d say no <br></div><blockquo=
te class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204)=
; margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> How would I know I&#39;m =
infected?</blockquote>
<div>trust. <br></div><blockquote class=3D"gmail_quote" style=3D"border-lef=
t: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1=
ex;">=A0 Etc.!<br></blockquote><blockquote class=3D"gmail_quote" style=3D"b=
order-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; paddin=
g-left: 1ex;">
<br>Usually I check forums before posting threads - but I&#39;m pretty ratt=
led!<br>I use ESET Nod32 on my Windoze machines.=A0 <br>
<br>Thanks in advance!<br clear=3D"all"><font color=3D"#888888"><br>-- <br>=
This email and any files transmitted with it may be confidential and legall=
y privileged. They are intended solely for the use of the individual or ent=
ity to whom they are addressed. If you have received this email in error, p=
lease notify the sender by return email immediately, and then delete and de=
stroy this message and its<br>

attachments.<br>
</font></blockquote></div><br><br clear=3D"all"><br>-- <br>________________=
________<br><br>Daniel Castro, M.Sc.<br>+353 083-318-2058<br><a href=3D"mai=
lto:dancasmo@gmail.com">dancasmo@gmail.com</a><br><a href=3D"mailto:castrom=
d@tcd.ie">castromd@tcd.ie</a><br>
________________________<br>

--000325556f5a1771ca047366229f--