Post mortem of a virus :) Post: 302255824

Sponsored Content

Top Forums UNIX for Dummies Questions & Answers Post mortem of a virus :) Post 302255824 by sdsd on Friday 7th of November 2008 08:08:31 AM

11-07-2008

Registered User

Post mortem of a virus :)

Hi,

My pen-drive got infected with a virus when I used it on a windows system.

When working on a fedora system, I could view the files that the virus created, and the virus exe file itself.
I navigated into the pen drive using the bash prompt, and opened the virus exe file with the vi editor. I deleted all the lines in the file and saved the file. Now the file contains nothing Smilie

(details of the files and folders provided below)

The trouble is that I'm not able to delete the file.
The folder that contains the two virus files shows this for an ls -l

-rwxr-xr-x 1 p913001 root 19 2008-11-03 00:32 Desktop.ini
-rwxr-xr-x 1 p913001 root 29 2008-11-03 00:33 ise32.exe

Question 1:
I've tried modifying the file permissions with chmod, but still couldn't delete the file. How to delete it?
Question 2:
If I simply delete these file from the pen drive, can I consider my pen drive virus free? (additionally, since the ise32.exe file now contains nothing, does it mean that the virus is dead?)

Details:
The root folder of the pen-drive contained an autorun.inf file which the virus created. I deleted that file.
There's a folder called 'restore' which I can't delete. This 'restore' folder contains a folder called 'S-1-5-21-1482476501-1644491937-682003330-1013'. It is this S-1-5-21-1482476501-1644491937-682003330-1013 folder which contains the Desktop.ini file and the ise32.exe file.

sdsd

View Public Profile for sdsd

Find all posts by sdsd

9 More Discussions You Might Find Interesting

1. Cybersecurity

do i have a virus???

nice board, makes interesting reading! glad to know im not the only one to have problems!! :D :D last week, our database started to crash (run on unix / solaris) for no apparant reason. the problem seems to be intermiant which lead us to believe it may be a hardware problem causing the...

2. UNIX for Dummies Questions & Answers

virus????????

i tought you can;t get virus in unix ? i have some admins buddys that work in bsd all he time and they sayed you can;t get viurs in unix is that true? download.com is putting virux updates out for mac OS X ................

3. UNIX for Dummies Questions & Answers

Virus !!!!!!!!!!!!!!!!!!!

can linux get a virus on the boot sec from windows? becuse my buddys computer micro trend cmos virus keeps telling him that there is a boot sec virus on my hdd is that possable or is the box being dumb and looking at the linux boot as a virus? it was set up as a windows box not a linux...

4. UNIX for Dummies Questions & Answers

Worm Virus

I am running Unix SCO and have discovered the worm virus. It is enabled through a BIOS connections, I am able to get around it using telnet, believe it or not. - Can anyone recommend a virus scan software? - Has anyone successfully used a virus scan software on unix without a problem? ...

5. UNIX for Dummies Questions & Answers

unix and virus

why one normally hears tht virus has stuck windows and one does not hear that unix has been stuck by virus...wht make unix so powerfull tht virus does not stuck it.

6. Windows & DOS: Issues & Discussions

virus help:

:confused: folder option is dissapiaring in tool menu iam formatting c drive after removal of this virus & also regedit is also not opening the messerge say's administrater disabled with out formattiung how ican solve this problem i.e iwant to get folder options& regedit

7. UNIX Desktop Questions & Answers

Virus and Malware

How do i manage virus and melware in Unix ?

8. AIX

Post mortem for critical Production AIX System Reboot/Crash

Hello All, Critical AIX production box crashed/rebooted while our team is working on it and we need to generate a detailed report for that, below are few questions that need to be included in the report. (We are System Administration team and everyone in our team has root access via sudo as well...

9. Windows & DOS: Issues & Discussions

Windows XP keeps getting virus

Hi All, My old laptop has Windows XP. I reinstalled only last month and installed AVG free anti-virus. It's like every month, I get some kind of spyware or virus issue. which anti-virus software you guys using? Thanks.

LEARN ABOUT DEBIAN

s3qllock

S3QLLOCK(1)							       S3QL							       S3QLLOCK(1)

NAME

       s3qllock - Make trees on an S3QL file system immutable

SYNOPSIS

       s3qllock [options] <directory>

DESCRIPTION

       S3QL  is  a  file  system for online data storage. Before using S3QL, make sure to consult the full documentation (rather than just the man
       pages which only briefly document the available userspace commands).

       The s3qllock command makes a directory tree in an S3QL file system immutable. Immutable trees can no longer be changed in any  way  whatso-
       ever.  You can not add new files or directories and you can not change or delete existing files and directories. The only way to get rid of
       an immutable tree is to use the s3qlrm command.

       s3qllock can only be called by the user that mounted  the  file	system	and  (if  the  file  system  was  mounted  with  --allow-other	or
       --allow-root) the root user. This limitation might be removed in the future (see issue 155).

RATIONALE

       Immutability  is a feature designed for backups. Traditionally, backups have been made on external tape drives. Once a backup was made, the
       tape drive was removed and locked somewhere in a shelf. This has the great advantage that the contents of the backup  are  now  permanently
       fixed. Nothing (short of physical destruction) can change or delete files in the backup.

       In  contrast,  when  backing  up  into an online storage system like S3QL, all backups are available every time the file system is mounted.
       Nothing prevents a file in an old backup from being changed again later on. In the worst case, this may	make  your  entire  backup  system
       worthless.  Imagine  that  your	system	gets infected by a nasty virus that simply deletes all files it can find -- if the virus is active
       while the backup file system is mounted, the virus will destroy all your old backups as well!

       Even if the possibility of a malicious virus or trojan horse is excluded, being able to change a backup after it has been made is generally
       not a good idea. A common S3QL use case is to keep the file system mounted at all times and periodically create backups with rsync -a. This
       allows every user to recover her files from a backup without having to call the system administrator. However, this also allows every  user
       to accidentally change or delete files in one of the old backups.

       Making  a backup immutable protects you against all these problems.  Unless you happen to run into a virus that was specifically programmed
       to attack S3QL file systems, backups can be neither deleted nor changed after they have been made immutable.

OPTIONS

       The s3qllock command accepts the following options:

	  --debug
		 activate debugging output

	  --quiet
		 be really quiet

	  --version
		 just print program version and exit

EXIT STATUS

       s3qllock returns exit code 0 if the operation succeeded and 1 if some error occurred.

SEE ALSO

       The S3QL homepage is at http://code.google.com/p/s3ql/.

       The  full  S3QL	documentation  should  also  be  installed  somewhere  on  your  system,  common  locations  are  /usr/share/doc/s3ql	or
       /usr/local/doc/s3ql.

COPYRIGHT

       2008-2011, Nikolaus Rath

1.11.1								  August 27, 2014						       S3QLLOCK(1)