Re: [vox-tech] Linux Computer Infected
Quoting Timothy D Thatcher (daniel.thatc...@gmail.com): > Hah, I'm glad it was nothing as nefarious as some weird malware or > rootkit, or as irritating/potentially expensive as an actual hardware > failure. Great work, and thanks, Rick. One more comment (and yes, as can be seen on http://linuxmafia.com/~rick/faq/ and http://linuxmafia.com/~rick/lexicon.html#moenslaw-security3, this _is_ something of a hobbyhorse of mine): _Rootkits_ are by definition NOT attack tools. Period. Yes, the contrary is widely believed, and I know exactly which commercial interest promotes that and many similar misunderstandings: It's the security / antimalware industry, which has absolutely no interest in a well-informed computer user community who understand security threats. They want a spooked community willing to outsource and open wallets. This essay ended up being long, and isn't yet in proper presentation format, but I think bountifully illustrates my point about that industry: http://linuxmafia.com/kb/Essays/security-snake-oil.html Back to rootkits: A rootkit is a set of replacements for regular administrative monitoring tools (ps, netstat, top, ls, etc.) that have been gimmicked to ignore the files and processes of an intruder. The intruder enters a system and escalates to root authority via OTHER MEANS ENTIRELY, and only then, armed with stolen root authority, replaces normal system tools with rootkit replacements in order to hide himself/herself. Quoting (myself) from http://linuxmafia.com/~rick/faq/#virus5: [omitting here a very long alphabetical list of 'ringers'; things often claimed in error to be 'viruses' that simply aren't] Every one of those is some sort of _post-attack_ tool; all are erroneously claimed on sundry anti-virus companies' sites (and consequently in various news articles) to be "Linux viruses". Some are actually "rootkits", which are kits of software to hide the intruder's presence from the system's owner and install "backdoor" re-entry mechanisms, after the intruder's broken in through other means entirely. Some are "worms"/"trojans" of the sort that get launched locally on the invaded system, by the intruder, to probe it and remote systems for further vulnerabilities. Some are outright attack tools of the "DDoS" (distributed denial of service) variety, which overwhelm a remote target with garbage network traffic from all directions, to render it temporarily non-functional or incommunicado. The news reporters and anti-virus companies in question should be ashamed of themselves: None of the above, in itself, can break into any remote Linux system. All must be imported manually (or equivalently by script) and installed by an intruder who has cracked your system by other means. That incompetent reporting sometimes has extremely damaging consequences: In 2002, British authorities arrested (https://www.nytimes.com/2002/09/20/world/computer-virus-author-arrested.html) the alleged author of the T0rn rootkit, based on their mistaken notion that it's a "Linux virus". (My efforts to get the Reuters / NY Times story corrected were ignored, except by cited anti-virus consultant Graham Cluley, who told me he'd been misquoted.) I should mention in passing that feeble albeit genuine malware like the RST and OSF ELF-infectors are often downloaded and manually installed, locally, by attackers AFTER THEY'VE ENTERED AND CRACKED ROOT VIA OTHER MEANS ENTIRELY, often as part of their "rootkits". Some of these help keep alive UDP-based backdoors to preserve their ongoing access. The point, again, is that they're an _after-effect_ of break-in, not a method of attack in themselves. It's like a burglar disabling your back-porch door lock from inside your kitchen; it's damage, but not the guy's means of entry. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Quoting Bob Scofield (scofi...@omsoft.com): > I've got an infected Linux desktop and I don't have the technical > expertise to fix it. So, I just wanted to explore the notion of 'infected' in general, concerning Linux computers. (In no way is this intended as a criticism of Bob.) It is frequently the case that users say their computers are infected / have malware when all they really know is that something bad is happening on their systems that ought not to happen -- something like a Web browser process immediately terminating upon startup. It's a small leap of logic, but certainly an understandable one. In my first, long post, trying to help advise Bob, I drew a key distinction between system-level problems and user-level ones, e.g., suggesting Bob see if additional user 'test' encountered the same symptom he did under his regular user. Each user has an individual set of configuration files in his/her homedir that, if they get messed up by... anything (user mishap, 'malware' processes the system gets tricked into running with regular user authority, damage caused by bugs in installed user software run with regular user authority, etc.)..., the user's software experience can get sabotaged _without_ there having been any damage to the system as a whole. And the reason that's a really key difference is that you as a non-privileged user deliberately are not wielding the ability to mess up, edit, add to, delete from, etc., files in any of the many trees that are _system_ trees. Which also means that even the most devilishly nasty malware imaginable, if you happened to run it as 'you' (run it with your user authority), can do only the damage that you, yourself, could have done. That is why, in a real sense, _provided_ you are not finding dumb ways to run Linux malware with elevated privilege, and provided it isn't left running for a long time to chip away at your system and find unfixed local security problems to 'escalate privilege' with, such Linux malware is precisely as big a danger to your system as you are, and as big a danger to your personal files as you are. (The corrolary to this is that the biggest danger by far to any Linux server is a sysadmin wielding root authority, something even scarier than a programmer clutching a screwdriver. ;-> ) And I actually need to 'fess up to a bit of tunnel vision I suffered in making the above-described distinction between system-level problems and user-level ones: I almost totally forgot -- but sort of added near the end -- that something like a critical RAM shortage in effect manifests as _both_ a system-level and user-level problem. But often I forget that new Linux 'desktop' users are seldom taught that just about the first things you need to do is: o Check memory using 'free' or similar. o Check disk space using 'df' or similar. o Check process list (using 'ps' or similar) looking for funny business. That is so ingrained in old-school Unix teaching that sometimes it's difficult to remember that newcomers may not think to do that, and almost certainly aren't familiar with the tools. Which is a pity. ...and, please note, Bob's problem immediately became obvious when he checked the third of those three basics. Rod's point that it _could_ have been a hardware problem was also an excellent one, but IMO one wants to look for the low-hanging fruit, first. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Quoting Timothy D Thatcher (daniel.thatc...@gmail.com): > Hah, I'm glad it was nothing as nefarious as some weird malware or > rootkit, or as irritating/potentially expensive as an actual hardware > failure. Great work, and thanks, Rick. Just one more thing about that: http://linuxmafia.com/~rick/lexicon.html#moenslaw-security3 Moen's Third Law of Security "Malware is _not_ a security problem; malware is a secondary _after-effect_ of a security problem." People who focus on particular exploits against particular vulnerabilities (or worse, software packages like "anti-virus software" that do so) have already lost the security battle, because they aren't focusing on what's important -- which is correcting their own strategic errors that make those recurring vulnerabilities possible (and inevitable). Marcus Ranum described what is important perfectly, in his essay "What Sun Tsu Would Say" (http://www.ranum.com/security/computer_security/editorials/master-tzu/): o Run software that does not suck. o Absolutely minimize Internet-facing services. If you have to keep chasing after holes in the same hopelessly bad software (PHP, WordPress, AWstats, wu-ftpd, lpd, etc.) — or, worse, paper over that underlying cause with anti-malware software — then you're addressing the _wrong problem_. The computer-security advice Ranum attributes to Sun Tzu bears repeating, too: If you are fighting a losing battle, it is likely one of three things: a) You are continuing a trend in a losing war -- and therefore should not be surprised. b) You have chosen to fight the wrong battle. c) You are stupid. (I'll hasten to say that I'm not calling anyone stupid. Ranum, a major security expert from the BSD community, putting words in Sun Tzu's mouth, is saying that certain people _might_ be stupid. Personally, I'd only go so far as to say 'misguided'. ;-> ) The examples cited of wu-ftp, lpd, and AWstats now seem obscure, but please do remember that I created the page a long time ago. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Hah, I'm glad it was nothing as nefarious as some weird malware or rootkit, or as irritating/potentially expensive as an actual hardware failure. Great work, and thanks, Rick. Tim On Sat, Jun 2, 2018 at 7:59 PM Bob Scofield wrote: > > I've got it fixed. But first thanks to Brian, Tim, Rod, and Rick. > > Because Thunderbird was starting to crash I decided to go ahead and try > to fix it on my own. (I was getting very nervous.) I think my > procedure, while ham handed, generally follows Rick's advice. But Rick > did not waste his time with the long response because I'm going to copy > and paste his response into a Libreoffice document so I'll know a more > elegant approach the next time this happens. So I appreciate it, Rick. > > Rick said to see if Firefox was still running. It was. When I tried to > reboot I got a message that I had to force the roboot because Firefox > was still running. > > As far as Brian's advice goes, I had a Linux Mint stick. So I booted > into and checked that Firefox was working from it. > > Then from /home I deleted the following: .mozilla, .chromium, and .cache. > > As far as Rick's point about bookmarks, I think I've got most backed up > on an external hard drive. I'll check as soon as I send this message. > > Then I reinstalled Linux Mint. I've wasted some time doing it this way, > but everything seems to be working. And I've got Virtualbox working, > which I was worried about. > > I may have committed the fallacy of false cause, but I'm still not going > back to that website about the mama bear. > > Thanks again. > > Bob > > On 06/02/2018 06:04 PM, Brian E. Lavender wrote: > > Bob, > > > > How about booting with Fedora on a stick? > > > > https://docs.fedoraproject.org/quick-docs/en-US/creating-and-using-a-live-installation-image.html > > > > I can create one for you if you like. > > > > brian > > > > On Sat, Jun 02, 2018 at 05:12:41PM -0700, Bob Scofield wrote: > >> Here's an update. The idea of installing Chrome as a temporary fix does > >> not > >> work. Chrome will not even come up when I click on the icon. > >> > >> Bob > >> > >> On 06/02/2018 04:55 PM, Bob Scofield wrote: > >>> I've got an infected Linux desktop and I don't have the technical > >>> expertise to fix it. I live in Woodland and I'm willing to hire someone > >>> to come over here to fix it. So I'll explain the problem and then > >>> explain what I think I can do on my own, but if that won't work I would > >>> like some professional help. > >>> > >>> I was on the CNN news website and saw an article with a title something > >>> like "Mama Bear Hugs Man Who Saved Cubs." I wanted to read the article, > >>> but checked out another story first. Then I could no longer find the > >>> bear story on the CNN website. So I Googled and found it. > >>> > >>> When I clicked on the link to the story or video or whatever it is, > >>> Firefox crashed. It crashed permanently. If I try to start Firefox all > >>> I get is the "Mozilla Crash Report." I've removed Firefox 3 times. > >>> I've purged Firefox twice. I've reinstalled and the problem persists. > >>> > >>> In the meantime I tried to read the story with Chromium. Chromium now > >>> constantly crashes. It will not stay up for more than about 30 seconds. > >>> > >>> What's more, Cinnamon (I'm using Linux Mint) is now crashing every once > >>> and awhile and I've never seen Cinnamon crash before. > >>> > >>> One idea I have is to reinstall Linux Mint. But /home is on a separate > >>> partition. And I've got a feeling that if I reinstall, then something > >>> in /home/.mozilla will prevent Firefox from working. So if I do a > >>> reinstall, do I first wipe out /.mozilla? > >>> > >>> I've got ESET Linux antivirus on this computer and it didn't find > >>> anything during an in-depth scan. > >>> > >>> This is a dual boot system. I use Windows 7 for work. Given that > >>> Windows 7 is expiring next January I was planning on taking some time in > >>> November to re-partition this computer to wipe out the Windows partition > >>> and use Windows 7 in Virtualbox (keeping Windows more isolated from the > >>> Internet). So I guess I could download Chrome and use it until I do > >>> this big computer switch in November. But even then I have to worry > >>> about whether .mozilla should be deleted. > >>> > >>> If one of these fixes don't seem like they'd work, please contact me and > >>> I'll hire you to drive over and do the fix. > >>> > >>> Thanks. > >>> > >>> Bob > >>> ___ > >>> vox-tech mailing list > >>> vox-tech@lists.lugod.org > >>> http://lists.lugod.org/mailman/listinfo/vox-tech > >> ___ > >> vox-tech mailing list > >> vox-tech@lists.lugod.org > >> http://lists.lugod.org/mailman/listinfo/vox-tech > > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Quoting Bob Scofield (scofi...@omsoft.com): > I've got it fixed. But first thanks to Brian, Tim, Rod, and Rick. Congratulations, Bob! Good work. When you're feeling in a mood to geek out and get to know some old-school Unix command-line tools, here are some related to memory and processes: top 'top' is a bit more instantly likeable than the others, because it defaults to auto-refreshing its display of resources used by individual processes every second (which is usualy handy), _and_ it has a couple of operating modes. In the default mode, it displays processes in order of CPU usage, with the biggest CPU-grunt hogging processes on top. But then, if you press 'M' (capital m), then the tool flips to its alternate mode, showing processes in order of _RAM_ usage, biggest RAM-hogs first. This is where things start, unfortunately, to get complex and eye-crossing, because the sort key used is '%MEM". But there are several other columns with other details of memory usage, which I'll not detail here. Suffice to say each can be significant, depending. (Irony alert: For a command-line tool, 'top' is a bit resource-intensive all but itself. On more than one occasion, a Unix server, slow and somewhat unresponsive because of running low on RAM, has been driven into falling over because 2 or 3 sysadmins ssh'd in and simultaneously ran 'top'. ;-> ) free -m The 'free' command is a system-wide report (not a process-level report) on the current state of memory usage. The 'm' switch I added means '...and please report values in units of megabytes, for human-friendliness'. There are a bunch of details in free's output about usage of both physical RAM and virtual RAM, which you just have to learn how to correctly interpret -- not difficult, but you'll end up looking at the man page. ps auxw The 'ps' command reports process status (thus the abbreviation), and I've added parameters, detailing which would add too much gory detail, that have the effect of making ps report all currently running processes without restriction. The resulting output is guaranted to be verbose in both width and length, so one usually ends up piping it to 'less' or to a filter to extract only what you want to know about. As with 'top', the ps command defaults to showing many columns about processes, and there are actually more that can be dredged out with other formatting directives (to ps) if necessary. If it seems excessive and overwhelming at first, be advised that's an entirely normal reaction. Leaving RAM aside for a moment, it's also important to be able to check on disk usage. The 'df' command is vital for a view of disk usage at the level of entire filesystems (partitions). 'df -h' will show you human-friendly (what the 'h' is for) output numbers. Equally important is 'du', which once you master its options is incredibly handy to show disk usage of subdirectories or other sets of files. Last in that department, let me offer the following handy Perl script that you can write to your system (using root authority) as /usr/local/bin/largest20 . Don't forget to also make it executable by doing (as the root user) 'chmod u+x /usr/local/bin/largest20'.) -- #!/usr/bin/perl -w # You can alternatively just do: # find . -xdev -type f -print0 | xargs -r0 ls -l | sort -rn -k +5 | head -20 # Sometimes also handy: du -cks * | sort -rn use File::Find; @ARGV = $ENV{ PWD } unless @ARGV; find ( sub { $size{ $File::Find::name } = -s if -f; }, @ARGV ); @sorted = sort { $size{ $b } <=> $size{ $a } } keys %size; splice @sorted, 20 if @sorted > 20; printf "%10d %s\n", $size{$_}, $_ for @sorted -- ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
I've got it fixed. But first thanks to Brian, Tim, Rod, and Rick. Because Thunderbird was starting to crash I decided to go ahead and try to fix it on my own. (I was getting very nervous.) I think my procedure, while ham handed, generally follows Rick's advice. But Rick did not waste his time with the long response because I'm going to copy and paste his response into a Libreoffice document so I'll know a more elegant approach the next time this happens. So I appreciate it, Rick. Rick said to see if Firefox was still running. It was. When I tried to reboot I got a message that I had to force the roboot because Firefox was still running. As far as Brian's advice goes, I had a Linux Mint stick. So I booted into and checked that Firefox was working from it. Then from /home I deleted the following: .mozilla, .chromium, and .cache. As far as Rick's point about bookmarks, I think I've got most backed up on an external hard drive. I'll check as soon as I send this message. Then I reinstalled Linux Mint. I've wasted some time doing it this way, but everything seems to be working. And I've got Virtualbox working, which I was worried about. I may have committed the fallacy of false cause, but I'm still not going back to that website about the mama bear. Thanks again. Bob On 06/02/2018 06:04 PM, Brian E. Lavender wrote: Bob, How about booting with Fedora on a stick? https://docs.fedoraproject.org/quick-docs/en-US/creating-and-using-a-live-installation-image.html I can create one for you if you like. brian On Sat, Jun 02, 2018 at 05:12:41PM -0700, Bob Scofield wrote: Here's an update. The idea of installing Chrome as a temporary fix does not work. Chrome will not even come up when I click on the icon. Bob On 06/02/2018 04:55 PM, Bob Scofield wrote: I've got an infected Linux desktop and I don't have the technical expertise to fix it. I live in Woodland and I'm willing to hire someone to come over here to fix it. So I'll explain the problem and then explain what I think I can do on my own, but if that won't work I would like some professional help. I was on the CNN news website and saw an article with a title something like "Mama Bear Hugs Man Who Saved Cubs." I wanted to read the article, but checked out another story first. Then I could no longer find the bear story on the CNN website. So I Googled and found it. When I clicked on the link to the story or video or whatever it is, Firefox crashed. It crashed permanently. If I try to start Firefox all I get is the "Mozilla Crash Report." I've removed Firefox 3 times. I've purged Firefox twice. I've reinstalled and the problem persists. In the meantime I tried to read the story with Chromium. Chromium now constantly crashes. It will not stay up for more than about 30 seconds. What's more, Cinnamon (I'm using Linux Mint) is now crashing every once and awhile and I've never seen Cinnamon crash before. One idea I have is to reinstall Linux Mint. But /home is on a separate partition. And I've got a feeling that if I reinstall, then something in /home/.mozilla will prevent Firefox from working. So if I do a reinstall, do I first wipe out /.mozilla? I've got ESET Linux antivirus on this computer and it didn't find anything during an in-depth scan. This is a dual boot system. I use Windows 7 for work. Given that Windows 7 is expiring next January I was planning on taking some time in November to re-partition this computer to wipe out the Windows partition and use Windows 7 in Virtualbox (keeping Windows more isolated from the Internet). So I guess I could download Chrome and use it until I do this big computer switch in November. But even then I have to worry about whether .mozilla should be deleted. If one of these fixes don't seem like they'd work, please contact me and I'll hire you to drive over and do the fix. Thanks. Bob ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Quoting Rod Roark (r...@sunsetsystems.com): > Sounds more like a hardware problem. Open it up and vacuum out the > dust, especially from the CPU fan. Then run a memory test (probably > available at the boot screen). Definitely could be. One way to test this hypothesis is by booting and using a desktop system from a live-CD (by which I include live systems on USB flash drives, etc.) Linux distro, as has been suggested separately. If the problem reproduces using that entirely separate bootable system, that strongly points towards a hardware problem. ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Quoting Bob Scofield (scofi...@omsoft.com): > I've got an infected Linux desktop and I don't have the technical > expertise to fix it. FYI, nothing you said in either of your posts would suggest malware. (Also, IMO: http://linuxmafia.com/~rick/faq/#virus) Your system has a Linux Mint installation with the Cinnamon (variant-GNOME3) Desktop Environment. Suggestion #1 (move .mozilla out of the way): > When I clicked on the link to the story or video or whatever it is, > Firefox crashed. It crashed permanently. If I try to start > Firefox all I get is the "Mozilla Crash Report." I've removed > Firefox 3 times. I've purged Firefox twice. I've reinstalled and > the problem persists. Am betting this is related to your per-user configuration files for Firefox. Try this (it's reversible): 1. Make sure Firefox is _truly_ not running. To do this, first, open a terminal console. (I'm very much not a GNOME person, so you find and do that based on your local knowledge.) In the following, the '$' stands for a non-root user's shell prompt. '#', used in a later bit of this message stands for the root user's shell prompt. Therefore, the suggestion is that you type the commands quoted below, but not the prompt characters. (This is a display convention you will encounter widely in discussion of Unix system operations.) Now: $ ps auxw | grep firefox If an instance of Firefox is running, you need to kill the process. Like: $ killall firefox $ killall -9 firefox (or whatever the process's name is) Now: 2. $ cd $ mv .mozilla .mozilla-save $ exit 3. Try starting Firefox again. Don't get alarmed that your bookmarks, etc., aren't there. The information for them is safely ensconced in the .mozilla-save directory. 4. Report back to the mailing list. Does Firefox still go kablooey, even with a fresh-generated .mozilla tree that resulted when you restarted Firefox in step #3? Let us know. 5. After shutting down Firefox, put your .mozilla directory back: $ cd $ rm -rf .mozilla $ mv .mozilla-save .mozilla $ exit You are back. Suggestion #2 (add user 'test'): See if a second user set up for test purposes encounters the same problem or not. If yes, then you have a system-wide problem. If no, then you have a problem isolated to your personal login's configuration files. Make sense? Open a terminal console, and: $ sudo su - # adduser test # passwd test # exit $ You have just created additional local login user 'test' and assigned that new user a login password. The 'passwd' command will, FYI, have prompted you to type in that password twice, to ensure that you haven't fumblefingered it. Now, do whatever it is you do to shut down the Cinnamon DE, logout, and return to the Linux Mint grapical login thingie. This time, instead of logging in as your regular user, login as 'test'. _If_, as I suspect, you have no system-wide problem but rather a problem isolated to your personal login's configuration files, then you in the guise of the 'test' user will now enjoy a pristine Cinnamon DE environment with no weird 'crashes', etc., etc. One last thing: I mean no personal criticism here whatosever, but I'm going to make a guess based on long decades working with Linux newcomers that if I asked you to check and make sure your system isn't running short on RAM because some process or processes is/are grabbing it, you would say 'How?' Right? Your symptoms might easily be caused by runaway RAM consumption by something. There are ways to track that down using old-school Unix command-line tools like 'free', 'ps', and 'top', but how to interpret their information requires learning. Additionally, intelligently interpreting that information would require learning what the various running processes are and what they're doing. Any GNOME variant has a great many running processes, IMO, making that part of the task more difficult than it would be with more-lightweight environments. But anyway, try the 'test' user, and report back whether the problem replicates with that user or not. I'm going to bet 'no'. Based on your answer, this mailing list's denizens will be in a better position to give you meaningful and useful, i.e., targeted, suggestions. (I didn't cover how to remove user 'test', but it's also not difficult. But frankly I'd advise keeping that login around.) > In the meantime I tried to read the story with Chromium. Chromium > now constantly crashes. It will not stay up for more than about 30 > seconds. Could be that something's hogging RAM. > What's more, Cinnamon (I'm using Linux Mint) is now crashing every > once and awhile and I've never seen Cinnamon crash before. Could be that something's hogging RAM. (If the best solution is for someone to drive over and debug this for you, coolness, but unfortunately I personally am way too far away, down at the south end of San Mateo County.) ___
Re: [vox-tech] Linux Computer Infected
Sounds more like a hardware problem. Open it up and vacuum out the dust, especially from the CPU fan. Then run a memory test (probably available at the boot screen). Rod Sent from BlueMail On Jun 3, 2018, 10:12 AM, at 10:12 AM, Bob Scofield wrote: >Here's an update. The idea of installing Chrome as a temporary fix >does >not work. Chrome will not even come up when I click on the icon. > >Bob > >On 06/02/2018 04:55 PM, Bob Scofield wrote: >> I've got an infected Linux desktop and I don't have the technical >> expertise to fix it. I live in Woodland and I'm willing to hire >> someone to come over here to fix it. So I'll explain the problem and > >> then explain what I think I can do on my own, but if that won't work >I >> would like some professional help. >> >> I was on the CNN news website and saw an article with a title >> something like "Mama Bear Hugs Man Who Saved Cubs." I wanted to read > >> the article, but checked out another story first. Then I could no >> longer find the bear story on the CNN website. So I Googled and >found >> it. >> >> When I clicked on the link to the story or video or whatever it is, >> Firefox crashed. It crashed permanently. If I try to start Firefox >> all I get is the "Mozilla Crash Report." I've removed Firefox 3 >> times. I've purged Firefox twice. I've reinstalled and the problem >> persists. >> >> In the meantime I tried to read the story with Chromium. Chromium >now >> constantly crashes. It will not stay up for more than about 30 >seconds. >> >> What's more, Cinnamon (I'm using Linux Mint) is now crashing every >> once and awhile and I've never seen Cinnamon crash before. >> >> One idea I have is to reinstall Linux Mint. But /home is on a >> separate partition. And I've got a feeling that if I reinstall, then > >> something in /home/.mozilla will prevent Firefox from working. So if >I >> do a reinstall, do I first wipe out /.mozilla? >> >> I've got ESET Linux antivirus on this computer and it didn't find >> anything during an in-depth scan. >> >> This is a dual boot system. I use Windows 7 for work. Given that >> Windows 7 is expiring next January I was planning on taking some time > >> in November to re-partition this computer to wipe out the Windows >> partition and use Windows 7 in Virtualbox (keeping Windows more >> isolated from the Internet). So I guess I could download Chrome and >> use it until I do this big computer switch in November. But even then > >> I have to worry about whether .mozilla should be deleted. >> >> If one of these fixes don't seem like they'd work, please contact me >> and I'll hire you to drive over and do the fix. >> >> Thanks. >> >> Bob >> ___ >> vox-tech mailing list >> vox-tech@lists.lugod.org >> http://lists.lugod.org/mailman/listinfo/vox-tech > >___ >vox-tech mailing list >vox-tech@lists.lugod.org >http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Brian's Fedora-on-a-stick idea is a good one. You could also try using that to run some utilities that can check for bad stuff, like chkrootkit and clamAV. Tim On Sat, Jun 2, 2018 at 5:12 PM Bob Scofield wrote: > > Here's an update. The idea of installing Chrome as a temporary fix does > not work. Chrome will not even come up when I click on the icon. > > Bob > > On 06/02/2018 04:55 PM, Bob Scofield wrote: > > I've got an infected Linux desktop and I don't have the technical > > expertise to fix it. I live in Woodland and I'm willing to hire > > someone to come over here to fix it. So I'll explain the problem and > > then explain what I think I can do on my own, but if that won't work I > > would like some professional help. > > > > I was on the CNN news website and saw an article with a title > > something like "Mama Bear Hugs Man Who Saved Cubs." I wanted to read > > the article, but checked out another story first. Then I could no > > longer find the bear story on the CNN website. So I Googled and found > > it. > > > > When I clicked on the link to the story or video or whatever it is, > > Firefox crashed. It crashed permanently. If I try to start Firefox > > all I get is the "Mozilla Crash Report." I've removed Firefox 3 > > times. I've purged Firefox twice. I've reinstalled and the problem > > persists. > > > > In the meantime I tried to read the story with Chromium. Chromium now > > constantly crashes. It will not stay up for more than about 30 seconds. > > > > What's more, Cinnamon (I'm using Linux Mint) is now crashing every > > once and awhile and I've never seen Cinnamon crash before. > > > > One idea I have is to reinstall Linux Mint. But /home is on a > > separate partition. And I've got a feeling that if I reinstall, then > > something in /home/.mozilla will prevent Firefox from working. So if I > > do a reinstall, do I first wipe out /.mozilla? > > > > I've got ESET Linux antivirus on this computer and it didn't find > > anything during an in-depth scan. > > > > This is a dual boot system. I use Windows 7 for work. Given that > > Windows 7 is expiring next January I was planning on taking some time > > in November to re-partition this computer to wipe out the Windows > > partition and use Windows 7 in Virtualbox (keeping Windows more > > isolated from the Internet). So I guess I could download Chrome and > > use it until I do this big computer switch in November. But even then > > I have to worry about whether .mozilla should be deleted. > > > > If one of these fixes don't seem like they'd work, please contact me > > and I'll hire you to drive over and do the fix. > > > > Thanks. > > > > Bob > > ___ > > vox-tech mailing list > > vox-tech@lists.lugod.org > > http://lists.lugod.org/mailman/listinfo/vox-tech > > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Bob, How about booting with Fedora on a stick? https://docs.fedoraproject.org/quick-docs/en-US/creating-and-using-a-live-installation-image.html I can create one for you if you like. brian On Sat, Jun 02, 2018 at 05:12:41PM -0700, Bob Scofield wrote: > Here's an update. The idea of installing Chrome as a temporary fix does not > work. Chrome will not even come up when I click on the icon. > > Bob > > On 06/02/2018 04:55 PM, Bob Scofield wrote: > > I've got an infected Linux desktop and I don't have the technical > > expertise to fix it. I live in Woodland and I'm willing to hire someone > > to come over here to fix it. So I'll explain the problem and then > > explain what I think I can do on my own, but if that won't work I would > > like some professional help. > > > > I was on the CNN news website and saw an article with a title something > > like "Mama Bear Hugs Man Who Saved Cubs." I wanted to read the article, > > but checked out another story first. Then I could no longer find the > > bear story on the CNN website. So I Googled and found it. > > > > When I clicked on the link to the story or video or whatever it is, > > Firefox crashed. It crashed permanently. If I try to start Firefox all > > I get is the "Mozilla Crash Report." I've removed Firefox 3 times. > > I've purged Firefox twice. I've reinstalled and the problem persists. > > > > In the meantime I tried to read the story with Chromium. Chromium now > > constantly crashes. It will not stay up for more than about 30 seconds. > > > > What's more, Cinnamon (I'm using Linux Mint) is now crashing every once > > and awhile and I've never seen Cinnamon crash before. > > > > One idea I have is to reinstall Linux Mint. But /home is on a separate > > partition. And I've got a feeling that if I reinstall, then something > > in /home/.mozilla will prevent Firefox from working. So if I do a > > reinstall, do I first wipe out /.mozilla? > > > > I've got ESET Linux antivirus on this computer and it didn't find > > anything during an in-depth scan. > > > > This is a dual boot system. I use Windows 7 for work. Given that > > Windows 7 is expiring next January I was planning on taking some time in > > November to re-partition this computer to wipe out the Windows partition > > and use Windows 7 in Virtualbox (keeping Windows more isolated from the > > Internet). So I guess I could download Chrome and use it until I do > > this big computer switch in November. But even then I have to worry > > about whether .mozilla should be deleted. > > > > If one of these fixes don't seem like they'd work, please contact me and > > I'll hire you to drive over and do the fix. > > > > Thanks. > > > > Bob > > ___ > > vox-tech mailing list > > vox-tech@lists.lugod.org > > http://lists.lugod.org/mailman/listinfo/vox-tech > > ___ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech -- Brian Lavender http://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Linux Computer Infected
Here's an update. The idea of installing Chrome as a temporary fix does not work. Chrome will not even come up when I click on the icon. Bob On 06/02/2018 04:55 PM, Bob Scofield wrote: I've got an infected Linux desktop and I don't have the technical expertise to fix it. I live in Woodland and I'm willing to hire someone to come over here to fix it. So I'll explain the problem and then explain what I think I can do on my own, but if that won't work I would like some professional help. I was on the CNN news website and saw an article with a title something like "Mama Bear Hugs Man Who Saved Cubs." I wanted to read the article, but checked out another story first. Then I could no longer find the bear story on the CNN website. So I Googled and found it. When I clicked on the link to the story or video or whatever it is, Firefox crashed. It crashed permanently. If I try to start Firefox all I get is the "Mozilla Crash Report." I've removed Firefox 3 times. I've purged Firefox twice. I've reinstalled and the problem persists. In the meantime I tried to read the story with Chromium. Chromium now constantly crashes. It will not stay up for more than about 30 seconds. What's more, Cinnamon (I'm using Linux Mint) is now crashing every once and awhile and I've never seen Cinnamon crash before. One idea I have is to reinstall Linux Mint. But /home is on a separate partition. And I've got a feeling that if I reinstall, then something in /home/.mozilla will prevent Firefox from working. So if I do a reinstall, do I first wipe out /.mozilla? I've got ESET Linux antivirus on this computer and it didn't find anything during an in-depth scan. This is a dual boot system. I use Windows 7 for work. Given that Windows 7 is expiring next January I was planning on taking some time in November to re-partition this computer to wipe out the Windows partition and use Windows 7 in Virtualbox (keeping Windows more isolated from the Internet). So I guess I could download Chrome and use it until I do this big computer switch in November. But even then I have to worry about whether .mozilla should be deleted. If one of these fixes don't seem like they'd work, please contact me and I'll hire you to drive over and do the fix. Thanks. Bob ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech