My main Ubuntu Linux system has been in daily use for about 8 years. I have had two malware events that required reinstalling Ubuntu from a DVD with the feature called "l… (read more)
My main Ubuntu Linux system has been in daily use for about 8 years. I have had two malware events that required reinstalling Ubuntu from a DVD with the feature called "leave user files unchanged."
Directly replacing the altered files and erasing the malware is a much easier and less aggravating way of recovering from a malware event. Linux is modular and the pieces are well understood.
The first thing, for Firefox is I wish all the browser add-on files were in a directory and could be examined and tinkered with. It would be nice if they showed up in the top analysis program.
The second thing I wish for is the Firefox website would have annotated pointers to the best instructions on the internet for Linux malware removal.
I wish I could go to the Mozilla support website and find links to step by step instructions for examining and reinstalling the X display (startx and the programs it calls) and the networking configuration and executable files. There should be several of these articles out there, written for different distributions and different levels of technical skill.
The operating system disaster began when I switched Firefox to "Restart with add-ons disabled" and I unplugged the ethernet cable. Apparently the malware was doing several things. When I interrupted it, the malware left networking broke or turned off. The malware had made some change to the startx or X display software. I could not restart the X display after I interrupted the malware. On restart, the computer was at a root account text console, with the additional trick that the computer would forget the USB keyboard existed after 20 minutes idle. Probably the malware appended some stupid dorm trick instruction to the config files in the user writable dot-config file area. I wish I thought of that yesterday! Duh.
I have been running linux 15+ years and the problem when you have a malware infection is remembering the many details of how Linux works. I know "startx" starts the X display but I don't remember where is the config file. Same for networking, I dimly remember how to restart networking but I don't know the modern details. If I could have cleared out the original malware file, and reset networking and the X display and then ran a utility like rkhunter with the latest configuration. I would have been all fixed in a few hours.
moderator fixed the leading space which triggered a glitch in this forum software to make this posting more readable