Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 28 Apr 2015, 14:19
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Recent Flash Impostor (virus) can't be blocked?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message

Joined: 21 Jan 2010
Posts: 15

PostPosted: Fri 23 Apr 2010, 10:14    Post_subject:  Recent Flash Impostor (virus) can't be blocked?  

On eee pc, virus comes in encrypted as a flash update
and installs hidden .adobe and .macromedia folders
which reappear immediately after deleting when firefox
or mozilla or seamonkey is running.

Would never have noticed if it didn't slow down puppeee.
It temporarily was blocked only by disabling SSL but soon
found another way. It creates SOL files just like regular
flash but seems to be communicating constantly with
something. (Apparent zombie and spyware.)

There is one libflashplayer.so file that can't be removed,
although I've been told flash can't be installed or updated without it.
It is in the same place as init.rd and also appears in /usr,
the duplicate needs deleting twice but also comes back
soon after.

Yesterday a neighbor had one WinPC crash and another captured
2 bad flash updates with McAffee.
(Before then, nobody believed, and just laughed at the problem.)

So I wonder how to delete the libflashplayer.so
The Pupeee eee pc is unusable because the virus is updating
very frequently (once per minute) and can't be kept out.

Boot device is a rare write-protectable USB drive which I pull out
immediately after boot, leaving only the VM in RAM (and wondering
about a BIOS infection). The virus appears to be aware of other
wireless devices nearby such as cellphones but it may just be
interference since they are on the same bands.

Starting with removing undeleteable libflashplayer.so, any ideas
how to prevent and block and stop this?
Automatic hidden installs are totally unexpected (and unbelievable) in linux.

vamachine nsynth
Back to top
View user's profile Send_private_message 

Joined: 30 Aug 2007
Posts: 3614
Location: around the bend

PostPosted: Fri 23 Apr 2010, 10:39    Post_subject:  

new operas supposedly dispense with flashplayer. give'm a try.

ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G

<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
Back to top
View user's profile Send_private_message Visit_website 

Joined: 11 Jan 2010
Posts: 262
Location: Wisconsin UTC-6 (-5 DST)

PostPosted: Fri 23 Apr 2010, 13:14    Post_subject: libflashplayer.so
Sub_title: libflashplayer.so

Yeah, the newest opera snapshots are great. One can unzip the file anywhere on hard drive, click the "opera" wrapper script in the created directory to run it. It can be shared among different puppy installations when it's run "outside the envelope" like this - no need for installation.
The newest firefox 3.6.4 beta is the same way when the .bz2 file is downloaded. It however uses any existing profile.

The libflashplayer.so in /initrd/pup_ro2/usr/lib/mozilla/plugins is legitimate. /initrd/pup_ro2 is the pristine read-only layer as I understand it.

To install the newest libflashplayer.so see:

You can also right-click on a flash element and select "about adobe flashplayer" to get to adobe's web interface.
On the newer firefox's you can use the plugin check:

Some good info on flashplayers as spyware. See:


Here is an extension that works in firefox and seamonkey2. It can delete the "local shared objects" automatically every minute and upon start and exit of browser.

The quick way to aleviate the flash cookie accumulation is to delete the .macromedia folder, then assuming current working directory is /root in terminal type:
ln -s /dev/null .macromedia

Very few sites won't function fully when this method is employed. To reset to normal, just delete the symlink named .macromedia.

You can always use netstat -tu and netstat -tn to see your tcp/ip connections. Make sure your firewall is activated by viewing the output of iptables -v -L. It should generate a long list.
Back to top
View user's profile Send_private_message Visit_website 

Joined: 29 Jan 2006
Posts: 3547
Location: Sydney Australia

PostPosted: Fri 23 Apr 2010, 23:13    Post_subject:  

McAfee >> A virus in itself.

Took out everyone bigtime.
Even Intel

Coles stores in Oz were stuffed.


Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0509s ][ Queries: 11 (0.0027s) ][ GZIP on ]