Puppy 4.3.1. Invaded by Windows Virus ??????? [SOLVED]

For discussions about security.
Message
Author
User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Puppy 4.3.1. Invaded by Windows Virus ??????? [SOLVED]

#1 Post by Sky Aisling »

Whoa!
I was searching Ubuntu Forums tonight when this popped up on my screen!
What the heck is going on????????
see attachments.


Here is the computer and OS I am using:
Toshiba Satellite 2805-S401
OS Puppy 4.3.1 (installed yesterday using CD from Linux Format I'll send the thread of the install procedure in a minute).

I know this is a Windows Virus. And, no, I did not download the attachment.

Sky Aisling
Attachments
screenshot2WINDOWSSecurity.png
(144.17 KiB) Downloaded 818 times
screenshot1WINDOWSSecurity.png
(155.78 KiB) Downloaded 742 times
Last edited by Sky Aisling on Fri 27 May 2011, 04:39, edited 1 time in total.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#2 Post by Sky Aisling »

Here is the install we did yesterday. It was a tricky install.

http://www.murga-linux.com/puppy/viewtopic.php?t=62583

User avatar
Dingo
Posts: 1437
Joined: Tue 11 Dec 2007, 17:48
Location: somewhere at the end of rainbow...
Contact:

#3 Post by Dingo »

these apps are so-called ROGUE ANTISPYWARE, since are false antispyware (really virus) showing a FALSE warning about infection and proposing download of a program that is a spyware or virus

your puppy is is not INVADED

don't warry, it is a windows spyware, not for linux, in future, use noscript and adblock other to mvpshosts
replace .co.cc with .info to get access to stuff I posted in forum
dropbox 2GB free
OpenOffice for Puppy Linux

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#4 Post by noryb009 »

It's like a video showing a false virus report, so people would want to download and run the real virus.

It's kind of funny when it happens in linux, showing an XP style.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#5 Post by Sky Aisling »

So, the Puppy 4.3.1 that we installed on the Toshiba 2805 over the last couple of days is not infected? The system isn't toast? It's ok to open up the machine and use it? I'll make sure pop ups are blocked.

Most importantly, please assure me that I haven't infected this Forum or the other two forums I visited last night which are Mozilla and Ubuntu?

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#6 Post by Sky Aisling »

Did you notice on the screenshots of the popup that the time stamp in the lower right hand corner of the system tray said 'disabled'. That worm must come in through the system firmware?

User avatar
puppyluvr
Posts: 3470
Joined: Sun 06 Jan 2008, 23:14
Location: Chickasha Oklahoma
Contact:

#7 Post by puppyluvr »

:D Hello,
LOL, its funny to see "Windows" security pop up on a Linux box..
That should have been your first clue...
You are safe, as is the forum...

Ive even seen them pop up in an "Internet Explorer" window..
LOL...
Tip....Generally, bad spelling/grammar is a big hint...
At least real M$ programmers can spell...

Pop up blocker....
Close the Windows, and open your eyes, to a whole new world
I am Lead Dog of the
Puppy Linux Users Group on Facebook
Join us!

Puppy since 2.15CE...

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#8 Post by Sky Aisling »

I'm looking at Sea Monkey *preferences* and *tools* now on this 4.2.1 system. Where is the switch to stop all pop ups?

Firefox has a detailed control box for managing pop ups. Sea Monkey doesn't seem to? There is place under *tools* to allow pop ups on specific sites but not to stop them all together.
Sky Aisling
COMPAQ Presario 1200 circa 2000
Processor: Celeron (Coppermine)
RAM:Less than 200 mg Total Size of machine 4 gb
Puppy 4.2.1 Running Like A Champ!

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#9 Post by obxjerry »

I'm running 4.2.1. retro. The SeaMonkey that came with it (1.1.15) has the popup blocker to the right of Home on the top toolbar. It looks like a white rectangle with a blue header. If popups are allowed it has a red circle with a red line through it. If popups are blocked it has a check. You can also click tools and put the cursor on Popup manager, then click About Popup Blocking on the menu.

I'm surprised no one has offered to take the virus laden machines off your hands. Since they didn't I won't either. The thing about being a Puppy user, computers are pretty easy to come by. You can dig an old one out of the closet, buy one at a yard sale, shucks people will even give you computers that will run Puppy just fine.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#10 Post by RetroTechGuy »

Sky Aisling wrote:Did you notice on the screenshots of the popup that the time stamp in the lower right hand corner of the system tray said 'disabled'. That worm must come in through the system firmware?
Those were hysterical! I particularly liked the "Windows" appearance to the whole screen... "My Documents"... "My Network Places"... Hahaha...

There is a whole range of stuff like this, ranging from "scare ware" (messages designed to convince people to buy unneeded software) to viruses pretending to antivirus software.
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#11 Post by Sky Aisling »

Finally found the Adblock button on Sea Monkey running with Puppy 4.3.1.
It's down in the right hand corner right above the system time.
On my screenshots it says, 'disabled'. It now says 'Adblock'.

@obxjerry - where do you sail in Kentucky?

love the dragons and katchup....

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#12 Post by obxjerry »

@obxjerry - where do you sail in Kentucky?
I don't sail much anymore. My wife and I got interested in sailing when we saw sailboats in harbors when we went on a Caribbean cruise. The cruising life seemed like a good dream to chase. Neither of us had ever been on a sailboat. The author of the book I borrowed at the library said he couldn't teach me to sail by reading what he wrote. I had to get on a boat; begged, borrowed, built or bought. We chose bought and on a cold April day went sailing for the first time on a 741 acre lake 50 miles north of Louisville.

That was a 21' boat and we sailed; the Ohio River, local lakes and hauled it to Hatteras Island, NC and sailed the Pamlico Sound. We bought a 16' boat that was easier to rig and used it about the same. I bought a 11' boat I could rig myself and could go sailing for an hour or two at a close, small lake. In 2000 we sold all the boats and moved to Hatteras Island. We lived on a canal, bought a 17' boat and sailed a lot in Pamlico Sound. 3 years later we moved to Pine Island in Florida, lived on a canal and sailed that boat and later a 28' boat. We sailed Matlacha Pass, Pine Island Sound and San Carlos Bay. 4 years later we moved back to Louisville. We've been here 3 years and although we still have the 17' boat, we haven't been sailing.

There are boats docked on the Ohio River, Kentucky Lake and Barkley Lake that are capable of sailing around the world. They can get there by water.

I'll bet that's more than you wanted to know.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

looseSCREWorTWO
Posts: 812
Joined: Thu 04 Feb 2010, 13:16
Location: Australia, 1999 Toshiba laptop, 512mb RAM, no HDD, 431 Retro & 421 Retro

#13 Post by looseSCREWorTWO »

I remember just before I converted to Puppy and I was still doing everything in Win XP, a guy at work loaned me a copy of Australian PC User Magazine and they said that the best anti-virus was AVG Free and the best anti-spyware was SpyBot Search & Destroy (also a free download).

So off I go, Googling for AVG Free, which I downloaded with no probs. Then I Googled for SpyBot and this thing came up called SpyBot, so I download and install it. Lo and behold it was a virus PRETENDING to be the real SpyBot. It said I had a hard disk full of viruses, which the Spybot "trial version" couldn't get rid of, but if I paid $29.99 for the "enhanced" version it would clean off the viruses. Fortunately I had a chat to a Tame Geek I know and he warned me this was a scam.

There is a specific website called "safer networking" (if I remember it right) and THAT is where you download the REAL SpyBot - for free. There are about 60 Bogus websites running a Spybot scam, so if you don't know any better there is a good chance you will get ripped-off.

I remember the Bogus "SpyBot" had a really great GUI that looked like the Radar Tracking Screen off the Starship Enterprise. The real SpyBot has a rather plain-looking GUI.
Last edited by looseSCREWorTWO on Mon 06 Dec 2010, 23:14, edited 2 times in total.

User avatar
artifus
Posts: 303
Joined: Tue 06 Jul 2010, 19:29

#14 Post by artifus »

looseSCREWorTWO wrote:There is a specific website called "safer networking" (if I remember it right)
http://www.getsafeonline.org/

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#15 Post by Makoto »

...No.

Here's the homepage looseSCREWorTWO is referring to: http://www.safer-networking.org/index2.html (Spybot Search & Destroy)
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
puppyluvr
Posts: 3470
Joined: Sun 06 Jan 2008, 23:14
Location: Chickasha Oklahoma
Contact:

#16 Post by puppyluvr »

:D Hello,
.Malware-bytes -anti-malware...
http://www.malwarebytes.org/mbam.php
free...

Spybot search and destroy...
http://www.safer-networking.org/index2.html
free...

Zone Alarm Firewall
http://www.zonealarm.com/security/en-us ... wnload.htm

Not using Windoze and not having to care...
Priceless... 8)
Close the Windows, and open your eyes, to a whole new world
I am Lead Dog of the
Puppy Linux Users Group on Facebook
Join us!

Puppy since 2.15CE...

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#17 Post by cthisbear »

Malware-bytes -anti-malware... great

alas >>Spybot search and destroy
is not recommended.

Best free firewall >> Comodo
has its own antivirus as well...if you want to install it.

I use Avira Free myself.


The newer Zone Alarms >> last 5 years >> don't bother.

I still run XP with >> ZoneAlarm Free...5.5.062.011

over 5 years old. But you have to know how to set it up.

Chris.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#18 Post by Lobster »

Whoa!
I was searching Ubuntu Forums tonight when this popped up on my screen!
What the heck is going on????????
This requires drastic measures:

Ten years ago, a crack command line unit was sent to prison by a military court for a crime they didn't commit. These men promptly escaped from a maximum security stockade to the Linux underground. Today, still wanted by the government, they survive as soldiers of penguin. If you have a problem, if no one else can help, and if you can find them, maybe you can hire... The Puppy A-Team.

Put out the call . . .
http://www.emergencyyodel.com/
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#19 Post by cthisbear »

" Put out the call . . . "

Pushes all my buttons.

Chris.

User avatar
ttuuxxx
Posts: 11171
Joined: Sat 05 May 2007, 10:00
Location: Ontario Canada,Sydney Australia
Contact:

#20 Post by ttuuxxx »

The only reason why it looks like it works is because it javascript based, Basically if you visited a site that gives you a popup and you click to close it and it opens another instance of it up, just go into the privacy section of the browsers preferences and disable javascript. Really most of the actual mallare/adware backend won't and If you want to feel really safe, you can clear the history, and even go one step further and delete /root/.mozilla/firefox/1434sdd.default (some number)/Cache Seamonkey is the same also.
The nice thing about mozilla Browser is that all use the same location for storing all junk files, also there should be a /extensions folder, If you haven't added any extensions then it should be empty or not even there, if it is there look inside and delete it. The default /usr/lib/firefox/extensions is main one for puppy 5, or /lib/firefox/extensions If I put it together. but those don't get altered, they are default, user installed extensions are always in /root/.mozilla/firefox/ etc.
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)

Post Reply