GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,163
Rep:
Using Linux to clean up a Xp hard drive.
A friend, running XP SP3, clicked on a link in an e-mail from a "friend" and now has infected his computer with, "Trojan.RootKit.ZAccess."
I tried several things while at his keyboard, but nothing reported the trojan and anything I tried to install to find it was not allowed to run. I used the
AVG emergency boot disk, based a linux distribution, and it did not fine the trojan.
Finally, I took the drive out of his case, put it in a external USB case and plugged it into my Slackware Linux box. I ran ClamAV on it and it reported the Trojan.RootKit.ZAccess as mentioned above. I've found the infected file and all references to it, BUT even in Linux I cannot delete anything from the drive. Doesn't manner if I on as root or user. It won't even let me change the permissions.
Any ideas would be greatly appreciated (other than reformatting the drive).
Blame that friend for not securing his computer, not for sending the email. If his computer is infected, the virus will email itself to all his contact list without him knowing about it
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,163
Original Poster
Rep:
Quote:
Originally Posted by Latios
Blame that friend for not securing his computer, not for sending the email. If his computer is infected, the virus will email itself to all his contact list without him knowing about it
After Googling that rootkit, I have found that it happens to be a variant of the Agent.nsf Trojan, am I right? Definitely sounds like the email from a "friend" had to have really been an email from the Trojan itself as it resided on the friend's computer. To me, that sounds like the Trojan is trying to play botnet on your friend. The only way to stop the spread of the Trojan, unfortunately, is to format your friend's hard drive.
Fortunately, you can easily do this from a Linux Live CD, specifically an Ubuntu, Fedora, Debian, or Mint (or anything with a desktop environment that can run GParted) one. If the Live CD has GParted (which I'm sure Ubuntu does) then try the following:
Launch GParted (System -> Admin -> GParted on Ubuntu or anything GNOME-based). When GParted launches, select the drive to partition, but instead of partitioning it, select "Create partition table" from the Device menu. This will completely erase anything on the drive. After this, then you can create a new partition (ext4 is a good file system to use) that takes up the entire disk, and apply the changes. Then, use the Live CD's installer to install Linux to the drive.
But please, teach your friend how to use Linux if he doesn't know. If he learns all the open source alternatives to proprietary apps, that's great. If not, and he's more comfortable with Windows XP, then he can easily reinstall it (provided he has the XP CD).
The only way to stop the spread of the Trojan, unfortunately, is to format your friend's hard drive.
Definitely wrong.
Quote:
Launch GParted (System -> Admin -> GParted on Ubuntu or anything GNOME-based). When GParted launches, select the drive to partition, but instead of partitioning it, select "Create partition table" from the Device menu. This will completely erase anything on the drive.
Also wrong, it will erase nothing but the partition table. Also, I would consider this a malicious advice without pointing out to make a backup of valuable/important data first.
Quote:
After this, then you can create a new partition (ext4 is a good file system to use) that takes up the entire disk, and apply the changes.
Windows XP will not run on ext4.
Quote:
Then, use the Live CD's installer to install Linux to the drive.
But please, teach your friend how to use Linux if he doesn't know. If he learns all the open source alternatives to proprietary apps, that's great. If not, and he's more comfortable with Windows XP, then he can easily reinstall it (provided he has the XP CD).
What is the point with this? The owner of the computer is using Windows XP, not Linux. So what use has it to install Linux first (are you again trying to force people to Linux?) and after that reinstall XP? It would be a better advice to install XP, and let him use dual-boot or Virtualbox to get comfortable with Linux, without taking away the environment he is used to. You also seem to forget that their are still applications that have no compatible FOSS counterpart and will even not run with wine. People who have the need to use them have no benefit from running a Linux only machine.
I wonder why you still don't get that forcing people to FOSS is not the appropriate way.
I agree that the nuke and boot approach to handling a virus or trojan is excessive. Typically malwarebytes does a very good job of removing these types of infections. One needs to download it using a clean system and put it on a memory stick under a non assuming name, copy it to the target system and run it under an assumed name. If this fails, there are other programs that can be effective such as hijack-this, but dangerous to use unless you know what you are doing.
If you need or would like help with Windows malware, I highly recommend this other forum. Some of the most knowledgeable experts in Windows malware that I have seen hang out there.
What is the point with this? The owner of the computer is using Windows XP, not Linux. So what use has it to install Linux first (are you again trying to force people to Linux?) and after that reinstall XP? It would be a better advice to install XP, and let him use dual-boot or Virtualbox to get comfortable with Linux, without taking away the environment he is used to. You also seem to forget that their are still applications that have no compatible FOSS counterpart and will even not run with wine. People who have the need to use them have no benefit from running a Linux only machine.
I wonder why you still don't get that forcing people to FOSS is not the appropriate way.
What's wrong with suggesting him to use Linux? At least show him a live CD, it can't hurt anything.
First time i installed Linux in a PC was because I was enough pissed off to nuke and boot xp away... because of Virus and Malware... never turned back...
What's wrong with suggesting him to use Linux? At least show him a live CD, it can't hurt anything.
Nothing is wrong with suggesting Linux. As I said, I would recommend to use dual-boot or Virtualbox, before nuking the Windows and take his used environment away from the owner of the PC. Of course a Live-CD will also work.
But that wasn't that what Kenny said, he didn't want to suggest Linux, he wanted the OP to erase the whole drive and just install Linux on a PC that even isn't his own:
Quote:
This will completely erase anything on the drive. After this, then you can create a new partition (ext4 is a good file system to use) that takes up the entire disk, and apply the changes. Then, use the Live CD's installer to install Linux to the drive.
That is in no way suggesting, that is forcing. And as I said before, a bad advice without mentioning to make a backup because of the complete data loss that is caused by this action.
Or in short: Suggestion is OK, forcing is not.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.