Recent Flash Impostor (virus) can't be blocked?
Posted: Fri 23 Apr 2010, 14:14
On eee pc, virus comes in encrypted as a flash update
and installs hidden .adobe and .macromedia folders
which reappear immediately after deleting when firefox
or mozilla or seamonkey is running.
Would never have noticed if it didn't slow down puppeee.
It temporarily was blocked only by disabling SSL but soon
found another way. It creates SOL files just like regular
flash but seems to be communicating constantly with
something. (Apparent zombie and spyware.)
There is one libflashplayer.so file that can't be removed,
although I've been told flash can't be installed or updated without it.
It is in the same place as init.rd and also appears in /usr,
the duplicate needs deleting twice but also comes back
soon after.
Yesterday a neighbor had one WinPC crash and another captured
2 bad flash updates with McAffee.
(Before then, nobody believed, and just laughed at the problem.)
So I wonder how to delete the libflashplayer.so
The Pupeee eee pc is unusable because the virus is updating
very frequently (once per minute) and can't be kept out.
Boot device is a rare write-protectable USB drive which I pull out
immediately after boot, leaving only the VM in RAM (and wondering
about a BIOS infection). The virus appears to be aware of other
wireless devices nearby such as cellphones but it may just be
interference since they are on the same bands.
Starting with removing undeleteable libflashplayer.so, any ideas
how to prevent and block and stop this?
Automatic hidden installs are totally unexpected (and unbelievable) in linux.
vamachine nsynth
and installs hidden .adobe and .macromedia folders
which reappear immediately after deleting when firefox
or mozilla or seamonkey is running.
Would never have noticed if it didn't slow down puppeee.
It temporarily was blocked only by disabling SSL but soon
found another way. It creates SOL files just like regular
flash but seems to be communicating constantly with
something. (Apparent zombie and spyware.)
There is one libflashplayer.so file that can't be removed,
although I've been told flash can't be installed or updated without it.
It is in the same place as init.rd and also appears in /usr,
the duplicate needs deleting twice but also comes back
soon after.
Yesterday a neighbor had one WinPC crash and another captured
2 bad flash updates with McAffee.
(Before then, nobody believed, and just laughed at the problem.)
So I wonder how to delete the libflashplayer.so
The Pupeee eee pc is unusable because the virus is updating
very frequently (once per minute) and can't be kept out.
Boot device is a rare write-protectable USB drive which I pull out
immediately after boot, leaving only the VM in RAM (and wondering
about a BIOS infection). The virus appears to be aware of other
wireless devices nearby such as cellphones but it may just be
interference since they are on the same bands.
Starting with removing undeleteable libflashplayer.so, any ideas
how to prevent and block and stop this?
Automatic hidden installs are totally unexpected (and unbelievable) in linux.
vamachine nsynth