|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Post mortem of a virus :)
Post 302255824 by sdsd on Friday 7th of November 2008 08:08:31 AM
11-07-2008
Post mortem of a virus :)
Hi,
My pen-drive got infected with a virus when I used it on a windows system.
When working on a fedora system, I could view the files that the virus created, and the virus exe file itself.
I navigated into the pen drive using the bash prompt, and opened the virus exe file with the vi editor. I deleted all the lines in the file and saved the file. Now the file contains nothing
(details of the files and folders provided below)
The trouble is that I'm not able to delete the file.
The folder that contains the two virus files shows this for an ls -l
-rwxr-xr-x 1 p913001 root 19 2008-11-03 00:32 Desktop.ini
-rwxr-xr-x 1 p913001 root 29 2008-11-03 00:33 ise32.exe
Question 1:
I've tried modifying the file permissions with chmod, but still couldn't delete the file. How to delete it?
Question 2:
If I simply delete these file from the pen drive, can I consider my pen drive virus free? (additionally, since the ise32.exe file now contains nothing, does it mean that the virus is dead?)
Details:
The root folder of the pen-drive contained an autorun.inf file which the virus created. I deleted that file.
There's a folder called 'restore' which I can't delete. This 'restore' folder contains a folder called 'S-1-5-21-1482476501-1644491937-682003330-1013'. It is this S-1-5-21-1482476501-1644491937-682003330-1013 folder which contains the Desktop.ini file and the ise32.exe file.
My pen-drive got infected with a virus when I used it on a windows system.
When working on a fedora system, I could view the files that the virus created, and the virus exe file itself.
I navigated into the pen drive using the bash prompt, and opened the virus exe file with the vi editor. I deleted all the lines in the file and saved the file. Now the file contains nothing
(details of the files and folders provided below)The trouble is that I'm not able to delete the file.
The folder that contains the two virus files shows this for an ls -l
-rwxr-xr-x 1 p913001 root 19 2008-11-03 00:32 Desktop.ini
-rwxr-xr-x 1 p913001 root 29 2008-11-03 00:33 ise32.exe
Question 1:
I've tried modifying the file permissions with chmod, but still couldn't delete the file. How to delete it?
Question 2:
If I simply delete these file from the pen drive, can I consider my pen drive virus free? (additionally, since the ise32.exe file now contains nothing, does it mean that the virus is dead?)
Details:
The root folder of the pen-drive contained an autorun.inf file which the virus created. I deleted that file.
There's a folder called 'restore' which I can't delete. This 'restore' folder contains a folder called 'S-1-5-21-1482476501-1644491937-682003330-1013'. It is this S-1-5-21-1482476501-1644491937-682003330-1013 folder which contains the Desktop.ini file and the ise32.exe file.
|
|
9 More Discussions You Might Find Interesting
1. Cybersecurity
nice board, makes interesting reading! glad to know im not the only one to have problems!! :D :D
last week, our database started to crash (run on unix / solaris) for no apparant reason. the problem seems to be intermiant which lead us to believe it may be a hardware problem causing the... (2 Replies)
Discussion started by: mdma
2 Replies
2. UNIX for Dummies Questions & Answers
i tought you can;t get virus in unix ? i have some admins buddys that work in bsd all he time and they sayed you can;t get viurs in unix is that true? download.com is putting virux updates out for mac OS X ................ (7 Replies)
Discussion started by: amicrawler
7 Replies
3. UNIX for Dummies Questions & Answers
can linux get a virus on the boot sec from windows? becuse my buddys computer micro trend cmos virus keeps telling him that
there is a boot sec virus on my hdd is that possable or is the box
being dumb and looking at the linux boot as a virus? it was set up as a windows box not a linux... (4 Replies)
Discussion started by: amicrawler2000
4 Replies
4. UNIX for Dummies Questions & Answers
I am running Unix SCO and have discovered the worm virus. It is enabled through a BIOS connections, I am able to get around it using telnet, believe it or not.
- Can anyone recommend a virus scan software?
- Has anyone successfully used a virus scan software on unix without a problem?
... (2 Replies)
Discussion started by: ana_cr32
2 Replies
5. UNIX for Dummies Questions & Answers
why one normally hears tht virus has stuck windows and one does not hear that unix has been stuck by virus...wht make unix so powerfull tht virus does not stuck it. (9 Replies)
Discussion started by: taurian1234
9 Replies
6. Windows & DOS: Issues & Discussions
:confused: folder option is dissapiaring in tool menu
iam formatting c drive after removal of this virus
& also regedit is also not opening the messerge say's administrater disabled
with out formattiung how ican solve this problem i.e iwant to get folder options& regedit (2 Replies)
Discussion started by: seshumohan
2 Replies
7. UNIX Desktop Questions & Answers
How do i manage virus and melware in Unix ? (2 Replies)
Discussion started by: Suriano10
2 Replies
8. AIX
Hello All,
Critical AIX production box crashed/rebooted while our team is working on it and we need to generate a detailed report for that, below are few questions that need to be included in the report. (We are System Administration team and everyone in our team has root access via sudo as well... (3 Replies)
Discussion started by: lovesaikrishna
3 Replies
9. Windows & DOS: Issues & Discussions
Hi All,
My old laptop has Windows XP. I reinstalled only last month and installed AVG free anti-virus. It's like every month, I get some kind of spyware or virus issue. which anti-virus software you guys using?
Thanks. (8 Replies)
Discussion started by: samnyc
8 Replies
LEARN ABOUT REDHAT
rmf
RMF(1) [nmh-1.5] RMF(1) NAME
rmf - remove an nmh folder SYNOPSIS
rmf [+folder] [-interactive | -nointeractive] [-version] [-help] DESCRIPTION
Rmf removes all of the messages (files) within the specified (or default) folder, and then removes the folder (directory) itself. If there are any files within the folder which are not a part of nmh, they will not be removed, and an error will be produced. If the folder is given explicitly or the -nointeractive option is given, then the folder will be removed without confirmation. Otherwise, the user will be asked for confirmation. If rmf can't find the current folder, for some reason, the folder to be removed defaults to `+inbox' (unless overridden by user's profile entry "Inbox") with confirmation. If the folder being removed is a subfolder, the parent folder will become the new current folder, and rmf will produce a message telling the user this has happened. This provides an easy mechanism for selecting a set of messages, operating on the list, then removing the list and returning to the current folder from which the list was extracted. If rmf s used on a read-only folder, it will delete all the (private) sequences (i.e., "atr-seq-folder" entries) for this folder from your context without affecting the folder itself. Rmf irreversibly deletes messages that don't have other links, so use it with caution. FILES
$HOME/.mh_profile The user profile PROFILE COMPONENTS
Path: To determine the user's nmh directory Current-Folder: To find the default current folder Inbox: To find the default inbox SEE ALSO
rmm(1) DEFAULTS
`+folder' defaults to the current folder, usually with confirmation `-interactive' if +folder' not given, `-nointeractive' otherwise CONTEXT
Rmf will set the current folder to the parent folder if a subfolder is removed; or if the current folder is removed, it will make "inbox" current. Otherwise, it doesn't change the current folder or message. BUGS
Although intuitively one would suspect that rmf works recursively, it does not. Hence if you have a sub-folder within a folder, in order to rmf the parent, you must first rmf each of the children. MH.6.8 11 June 2012 RMF(1)