I think I may have downloaded a virus (SOLVED)

[Jim Dandy]

Thanks. When I did that it asked me remove whatever and had a question mark at the end. I typed in yes, didn't really know what to do but that seems to have done the trick. I ran the command again after I typed in yes and it informed me there was no such file or directory. And now I can't find an avi file when I search for it. Thank you very much.

Let's hope it don't come back. LOL

Linux don't like filenames with "spaces" in them.

Next time you download a file, add a "_" where the spaces are or just delete them out BEFORE you "Save File As" in the dialog box.

Good luck.  

Thank you. That was a great help to me. I could have done a fresh install and I will probably do that sometime just to make the root partition bigger. I just let it do all the formatting automatically when I installed the disc to the drive and it all went smoothly but I don't think it gave enough room for root. (It is my understanding that that is where all the programs go)

[Jim Dandy]

Thank you. The name of the file, at least the name it was given on PB, is this:  Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

I see somebody has beaten me to this, but I will post anyway, as some of this may be still relevant.

If "Life of Pi from Cam but Very Good.avi" is the file you wish to delete, try this:

1.)  Figure out where this file is stored.  It may prove useful to run the slocate or find commands to accomplish this - you may be surprised to find the file in question resides in more than one place!

2.)  Once you've figured out where all the copies are, delete them as root from a shell using the rm command with the -f option {WARNING!  Sit on your fingers for a few seconds, and read the command carefully before pressing the ENTER key - a character or space out of place in an rm command can have disastrous consequences.  As an example, say you found a copy of this file in /home/xxxxx/Videos (where xxxxx represents a user name), you could delete it from a root shell prompt by issuing the command:

Code: [Select]

[root@localhost xxxxx]rm -f "Life of Pi from Cam but Very Good.avi"
Note the double quotes around the file name?  Very necessary since this file name contains spaces!

Another way to attack the problem would be to use Midnight Commander as root.  To open it as root, issue the following command from a root shell:

[root@localhost xxxxx]mc

You will find that Midnight Commander has some very powerful file search and manipulation tools.  (I suggest this as the file name you are working with may have non-visible/non-printable characters in it that are hindering your deletion efforts.)

Hope this helps you out.  You may wish to reconsider Pirate Bay as a source for torrents.  There are safer sites out there.  Google it, friend.

Later On,
D

Thank you very much for the info. I seem to be rid of the thing finally and that is a great thing. As for PB I don't plan on using it again. I had never had any problem with it before but it only takes one time to sour you on something like that.

[Rudge]

As long as we are on the subject, maybe I can also add knowledge

The reason that Linux don't like spaces in file names is because of how the command interpreter works.

With a command like "rm" for instance, it expects..

the command rm  (space)  followed by options if any (space) more options (space) and then after the LAST (space) the_file_name

As you can see, a (space) indicates that the data "before" the space was supposed to be "options".

When you have a (space) in a file name, the rm command tries to interpret the first part of the file name as an "option".

Needless to say, it is never a "valid one" so the command dies right there.    
  

[Xenaflux]

As for PB I don't plan on using it again. I had never had any problem with it before but it only takes one time to sour you on something like that.

Pretty easy solution for that 

Install pclinuos in a different partition and call that " my playground ".
If you mess up, just delete and install again ( or use clonezilla : is faster )

[GOTHBITES]

Thank you. The name of the file, at least the name it was given on PB, is this:  Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

I see somebody has beaten me to this, but I will post anyway, as some of this may be still relevant.

If "Life of Pi from Cam but Very Good.avi" is the file you wish to delete, try this:

1.)  Figure out where this file is stored.  It may prove useful to run the slocate or find commands to accomplish this - you may be surprised to find the file in question resides in more than one place!

2.)  Once you've figured out where all the copies are, delete them as root from a shell using the rm command with the -f option {WARNING!  Sit on your fingers for a few seconds, and read the command carefully before pressing the ENTER key - a character or space out of place in an rm command can have disastrous consequences.  As an example, say you found a copy of this file in /home/xxxxx/Videos (where xxxxx represents a user name), you could delete it from a root shell prompt by issuing the command:

Code: [Select]

[root@localhost xxxxx]rm -f "Life of Pi from Cam but Very Good.avi"
Note the double quotes around the file name?  Very necessary since this file name contains spaces!

Another way to attack the problem would be to use Midnight Commander as root.  To open it as root, issue the following command from a root shell:

[root@localhost xxxxx]mc

You will find that Midnight Commander has some very powerful file search and manipulation tools.  (I suggest this as the file name you are working with may have non-visible/non-printable characters in it that are hindering your deletion efforts.)

Hope this helps you out.  You may wish to reconsider Pirate Bay as a source for torrents.  There are safer sites out there.  Google it, friend.

Later On,
D

I myself am glad to see you got it worked out lol also Piratebay is not so bad but this thread will prove use full in the future.

Thank you very much for the info. I seem to be rid of the thing finally and that is a great thing. As for PB I don't plan on using it again. I had never had any problem with it before but it only takes one time to sour you on something like that.

[Jim Dandy]

Thanks. When I did that it asked me remove whatever and had a question mark at the end. I typed in yes, didn't really know what to do but that seems to have done the trick. I ran the command again after I typed in yes and it informed me there was no such file or directory. And now I can't find an avi file when I search for it. Thank you very much.

Let's hope it don't come back. LOL

Linux don't like filenames with "spaces" in them.

Next time you download a file, add a "_" where the spaces are or just delete them out BEFORE you "Save File As" in the dialog box.

Good luck.  

I checked just now and it is back. It is a persistent thing, I will have to give whoever wrote it credit for that. Not that I wouldn't like to see him or her doing hard time.

[Jim Dandy]

Thank you. The name of the file, at least the name it was given on PB, is this:  Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

I see somebody has beaten me to this, but I will post anyway, as some of this may be still relevant.

If "Life of Pi from Cam but Very Good.avi" is the file you wish to delete, try this:

1.)  Figure out where this file is stored.  It may prove useful to run the slocate or find commands to accomplish this - you may be surprised to find the file in question resides in more than one place!

2.)  Once you've figured out where all the copies are, delete them as root from a shell using the rm command with the -f option {WARNING!  Sit on your fingers for a few seconds, and read the command carefully before pressing the ENTER key - a character or space out of place in an rm command can have disastrous consequences.  As an example, say you found a copy of this file in /home/xxxxx/Videos (where xxxxx represents a user name), you could delete it from a root shell prompt by issuing the command:

Code: [Select]

[root@localhost xxxxx]rm -f "Life of Pi from Cam but Very Good.avi"
Note the double quotes around the file name?  Very necessary since this file name contains spaces!

Another way to attack the problem would be to use Midnight Commander as root.  To open it as root, issue the following command from a root shell:

[root@localhost xxxxx]mc

You will find that Midnight Commander has some very powerful file search and manipulation tools.  (I suggest this as the file name you are working with may have non-visible/non-printable characters in it that are hindering your deletion efforts.)

Hope this helps you out.  You may wish to reconsider Pirate Bay as a source for torrents.  There are safer sites out there.  Google it, friend.

Later On,
D

Thank you very much for the info. I seem to be rid of the thing finally and that is a great thing. As for PB I don't plan on using it again. I had never had any problem with it before but it only takes one time to sour you on something like that.

slocate=command not found

[gseaman]

slocate won't find recently added files until you do this:
su -c updatedb
Then try it again.

Galen

[Jim Dandy]

slocate won't find recently added files until you do this:
su -c updatedb
Then try it again.

Galen

Thanks--it still told me command not found when I did that.

[Mike]

As a thought, since this is a "exe" file, you might try adding a virtual system using XP...then D/L the free version of Avast, it should find and remove the offending
"exe" file, or at least quarantine it so you can delete it . Then return your system to its normal state...; 

[Jim Dandy]

As for PB I don't plan on using it again. I had never had any problem with it before but it only takes one time to sour you on something like that.

Pretty easy solution for that 

Install pclinuos in a different partition and call that " my playground ".
If you mess up, just delete and install again ( or use clonezilla : is faster )

Thanks. If you knew how little I know about partitioning you might not have suggested that.  Seriously though, if I can't get rid of whatever this thing is that seems to have hundreds more lives than a hundred cats I will, when I can, just do a fresh install and be done with it. If I have to do that then the next time I do want to give root more room since I didn't think the automatic install left enough for that.

[Jim Dandy]

As a thought, since this is a "exe" file, you might try adding a virtual system using XP...then D/L the free version of Avast, it should find and remove the offending
"exe" file, or at least quarantine it so you can delete it . Then return your system to its normal state...; 

Thanks. I don't have Windows XP anymore. It was the last Windows I ever used but the hard drive it was on crashed and the one I have now has never head anything but Linux on it.

[µT6]

the vitual machine only covers the files inside the virtual machine, the antivirus only affects the local files inside the virtual machine so if the avi/exe file is not inside the virtual machine, the antivirus will do nothing with it

the quarantine is a folder where a suspicious file can be moved and is added to a list to be avoided until a decision on what to do with it is taken so it is a valid option

[Bald Brick]

slocate won't find recently added files until you do this:
su -c updatedb
Then try it again.

Galen

Thanks--it still told me command not found when I did that.

I think slocate has been replaced by mlocate. But you won't find a binary called mlocate either; the mlocate binary is just called "locate".

[AndrzejL]

Are You freakin kidding me?

So You have downloaded an avi file and You played it... under PCLinuxOS... and what happened? Did You got blue screen of death? Did You PCLinuxOS started to be sluggish and did it sent messages with spam to Your friends and family? C'Mon! I am a paranoid bugger but I know one thing... I was messing around with linux for 6 years now or something like that and never got myself infected. The viruses for linux are almost non-existing.

You have _possibly_ downloaded a windows virus. The only thing that it can affect is Your wine folder in Your home folder so delete it...

rm -Rf ~/.wine

as user from terminal will do it for You.

If You insist on scanning Your machine I wrote a avast installation howto it's here:

http://sparewotw.wordpress.com/2011/07/08/avast-antivirus-home-edition-on-pclinuxos-2011-6/

Install it as instructed. Scan Your system.

I really doubt that You caught a virus Dude.

Regards.

Andrzej