Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Malware got into my Ubunu system, please point me to fix-it instructions on the Internet.

lee_mck
lee_mck
more options

My main Ubuntu Linux system has been in daily use for about 8 years. I have had two malware events that required reinstalling Ubuntu from a DVD with the feature called "leave user files unchanged."

Directly replacing the altered files and erasing the malware is a much easier and less aggravating way of recovering from a malware event. Linux is modular and the pieces are well understood.

The first thing, for Firefox is I wish all the browser add-on files were in a directory and could be examined and tinkered with. It would be nice if they showed up in the top analysis program.

The second thing I wish for is the Firefox website would have annotated pointers to the best instructions on the internet for Linux malware removal.

I wish I could go to the Mozilla support website and find links to step by step instructions for examining and reinstalling the X display (startx and the programs it calls) and the networking configuration and executable files. There should be several of these articles out there, written for different distributions and different levels of technical skill.

The operating system disaster began when I switched Firefox to "Restart with add-ons disabled" and I unplugged the ethernet cable. Apparently the malware was doing several things. When I interrupted it, the malware left networking broke or turned off. The malware had made some change to the startx or X display software. I could not restart the X display after I interrupted the malware. On restart, the computer was at a root account text console, with the additional trick that the computer would forget the USB keyboard existed after 20 minutes idle. Probably the malware appended some stupid dorm trick instruction to the config files in the user writable dot-config file area. I wish I thought of that yesterday! Duh.

I have been running linux 15+ years and the problem when you have a malware infection is remembering the many details of how Linux works. I know "startx" starts the X display but I don't remember where is the config file. Same for networking, I dimly remember how to restart networking but I don't know the modern details. If I could have cleared out the original malware file, and reset networking and the X display and then ran a utility like rkhunter with the latest configuration. I would have been all fixed in a few hours.

moderator fixed the leading space which triggered a glitch in this forum software to make this posting more readable

My main Ubuntu Linux system has been in daily use for about 8 years. I have had two malware events that required reinstalling Ubuntu from a DVD with the feature called "leave user files unchanged." Directly replacing the altered files and erasing the malware is a much easier and less aggravating way of recovering from a malware event. Linux is modular and the pieces are well understood. The first thing, for Firefox is I wish all the browser add-on files were in a directory and could be examined and tinkered with. It would be nice if they showed up in the top analysis program. The second thing I wish for is the Firefox website would have annotated pointers to the best instructions on the internet for Linux malware removal. I wish I could go to the Mozilla support website and find links to step by step instructions for examining and reinstalling the X display (startx and the programs it calls) and the networking configuration and executable files. There should be several of these articles out there, written for different distributions and different levels of technical skill. The operating system disaster began when I switched Firefox to "Restart with add-ons disabled" and I unplugged the ethernet cable. Apparently the malware was doing several things. When I interrupted it, the malware left networking broke or turned off. The malware had made some change to the startx or X display software. I could not restart the X display after I interrupted the malware. On restart, the computer was at a root account text console, with the additional trick that the computer would forget the USB keyboard existed after 20 minutes idle. Probably the malware appended some stupid dorm trick instruction to the config files in the user writable dot-config file area. I wish I thought of that yesterday! Duh. I have been running linux 15+ years and the problem when you have a malware infection is remembering the many details of how Linux works. I know "startx" starts the X display but I don't remember where is the config file. Same for networking, I dimly remember how to restart networking but I don't know the modern details. If I could have cleared out the original malware file, and reset networking and the X display and then ran a utility like rkhunter with the latest configuration. I would have been all fixed in a few hours. ''moderator fixed the leading space which triggered a glitch in this forum software to make this posting more readable''

Modified by the-edmeister

All Replies (1)

Balázs Meskó
Balázs Meskó
  • Top 25 Contributor
  • Moderator
more options

A fail to see why these should be made by Mozilla or the community. These kind of guides should be written by the distributions themselves.