I think I may have downloaded a virus (SOLVED)

[AndrzejL]

I think the thread went (solved) again.

Funny stuff... It's sandbox... just like Rudge said .

Regards.

Andrzej

[µT6]

i don't think it was a linux virus or executable, it was a windows virus

i had those in the past and usually the file permissions are damaged or modified, the file itself reuses to follow instructions, it is like it was made in linux to infect windows

it is kinda clever 

one time i couldn't delete it from a usb drive so i had to format it

the commands posted here would be helpful in that moment 

[Tony]

Opening Post:

Like many of you (I guess) I use Pirate Bay to download things occasionally. I downloaded what I thought was Life of Pi but what I got seems to be some kind of exe file even though it is labeled avi. I can't get rid of it. I delete it over and over and it keeps coming back, like a rick roll if you remember that. I have also deleted it to the trash with the same result. I downloaded clamav thinking I might be able to get rid of it with that but after I downloaded it I couldn't even find where it is located. Any suggestions? I guess I can, at some point, reinstall and will if it is necessary. Thanks for any suggestions.

Them Viruses sure do get people excited; even when they aren't, - Viruses.

The implication and admission that Jim Dandy Downloads Files Illegally means instant deletion of this thread, in the 'Real World'.

Sure it may all be a bit of a laugh, and in the 'Sandbox'; but you can't post anything like that on any legitimate site, and expect to actually get help, or attention. You'd be asked to delete all File Sharing programs before any help was offered, if at all.
EDIT: Adding some info as to why I say what I did.
http://www.malwareremoval.com/p2pindex.php

Malware Removal University
As prevailing opinion holds that the use of P2P software, even clean P2P software, more often than not results in infection of the computer(s) engaged in such practice, and that said P2P software has been determined to be a primary vector for the spread of malware, the page formerly hosted here has been removed. Instead, we advise you to read the following information regarding the use of P2P filesharing programs.
http://www.malwareremoval.com/forum/viewtopic.php?p=491394#p491394

This is the "Windows" Perspective; of course...
Malware Removal University

Refusal to remove Peer-to-Peer (P2P) programmes
We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programmes.

Because of this, we felt we needed to introduce a policy on the use of P2P file sharing programmes.

    If your helper detects the presence of such programmes on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.


We do not ask you to do this without reason.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P progamme.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

____________________________________________________________________________________________
Just how it is folks from what I was taught, for Windows Malware Removal; I am aware this is a Linux Forum so it's up to "the powers that be" to do what they seem fit.
I've Nothing directed at any one person.
File Sharing is a major source of infection of millions of Computers.
Advocating it as acceptable trashes this fine Forum.

As a member of this Forum, and many others that deal with an exceptional amount of (Windows) Viruses; please delete this thread Moderators.

[sling-shot]

[Tony]
Just because some one has used a less than reputed source for something is not a good enough reason to disavow him.

There is a saying that goes "One man's terrorist is another man's freedom fighter."

Many people who are here are here because they are genuinely fed up of other OSes and / or restrictive methods used.
I have seen many posts on gaming forums where people download cracked games after having bought a genuine copy and fed up of its convoluted DRM and promotional schemes etc.
W.r.t. media - movies / songs (in case of songs now there are many genuine sources of DRM free songs) people may not like the restrictions imposed against their personal use of legally acquired files.

-------------

Since this thread is not regarding acquisition of content, whatever else was mentioned may be disregarded.

[µT6]

time to remove this post, no politics or and as tony said no illegal files

[Bald Brick]

Opening Post:

Like many of you (I guess) I use Pirate Bay to download things occasionally. I downloaded what I thought was Life of Pi but what I got seems to be some kind of exe file even though it is labeled avi. I can't get rid of it. I delete it over and over and it keeps coming back, like a rick roll if you remember that. I have also deleted it to the trash with the same result. I downloaded clamav thinking I might be able to get rid of it with that but after I downloaded it I couldn't even find where it is located. Any suggestions? I guess I can, at some point, reinstall and will if it is necessary. Thanks for any suggestions.

Them Viruses sure do get people excited; even when they aren't, - Viruses.

The implication and admission that Jim Dandy Downloads Files Illegally means instant deletion of this thread, in the 'Real World'.

Actually he hasn't admitted anything of the sort. Has he implied it? That he has used Pirate Bay may sound a bit suspicious, but I've been told that everything on Pirate Bay isn't necessarily illegal. I don't use it myself so I don't know.

Sure it may all be a bit of a laugh, and in the 'Sandbox'; but you can't post anything like that on any legitimate site, and expect to actually get help, or attention. You'd be asked to delete all File Sharing programs before any help was offered, if at all.

This, on the other hand is a slightly ridiculous statement. File sharing programs have many quite legitimate uses. That they are also used for sharing files that can't be shared legally and that some think shouldn't be shared at all, is really beside the point.

EDIT: Adding some info as to why I say what I did.
http://www.malwareremoval.com/p2pindex.php

Malware Removal University
As prevailing opinion holds that the use of P2P software, even clean P2P software, more often than not results in infection of the computer(s) engaged in such practice, and that said P2P software has been determined to be a primary vector for the spread of malware, the page formerly hosted here has been removed. Instead, we advise you to read the following information regarding the use of P2P filesharing programs.
http://www.malwareremoval.com/forum/viewtopic.php?p=491394#p491394

This is the "Windows" Perspective; of course...
Malware Removal University

Refusal to remove Peer-to-Peer (P2P) programmes
We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programmes.

Because of this, we felt we needed to introduce a policy on the use of P2P file sharing programmes.

    If your helper detects the presence of such programmes on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.


We do not ask you to do this without reason.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P progamme.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

This may well be true. Don't download files from sources you don't trust, regardless of whether you use a file sharing program or not. And if you use less-than-reputable sources you can't blame anybody but yourself if the download isn't precisely what you expected.

______________________________________________________________________________________
Just how it is folks from what I was taught, for Windows Malware Removal; I am aware this is a Linux Forum so it's up to "the powers that be" to do what they seem fit.
I've Nothing directed at any one person.
File Sharing is a major source of infection of millions of Computers.
Advocating it as acceptable trashes this fine Forum.

As such it doesn't. In itself file sharing is neither illegal nor unethical. It depends on what it is that you share. (And even then the legal aspects are easier to determine than the ethical ones.)

As a member of this Forum, and many others that deal with an exceptional amount of (Windows) Viruses; please delete this thread Moderators.

Don't. Jim Dandy's problem is an interesting one.

[µT6]

afik the pirate bay is just a site listing torrents but i haven't used it so i could be wrong

so theoretically you can find there good and bad stuff like isos of pclinux but also pirated movies, just as the rest of internet

now, the problem i see is the replies this post got, mentioning all kind of useless stuff so could please a admin  or jim lock it please?  it is not productive anymore and honestly i hate some replies made here

[Bald Brick]

afik the pirate bay is just a site listing torrents but i haven't used it so i could be wrong

so theoretically you can find there good and bad stuff like isos of pclinux but also pirated movies, just as the rest of internet

now, the problem i see is the replies this post got, mentioning all kind of useless stuff so could please a admin  or jim lock it please?  it is not productive anymore and honestly i hate some replies made here

But we still have a few open questions.

The simple ones have been answered. By now Jim knows how to delete a file with spaces in its name from the command line. By now he also knows that to locate a file he shouldn't use the command slocate but plain locate, unless he uses a system where slocate is still installed.

There are two unanswered questions though. Can a Windows virus running under Wine really take over your Linux system? And can the source of his problem be that  his torrent client keeps re-downloading the file? To me this sounds a lot more likely, but I'd like to know.

[µT6]

"There are two unanswered questions though. Can a Windows virus running under Wine really take over your Linux system?"

i ran a virus some years ago on wine, it worked and infected some folders inside .wine folder and maybe in home folder but can't remember exactly

it also made the system run very slow, wine was using practically the entire cpu and lots of ram when i killed the service so the virus worked as expected on a windows machine emulated on linux

i kept using that same install after wiping the virus and reinstalling wine for another 1 or 2 years, if the system got compromised or something similar i never knew about it

about the torrent downloading the same file, if the app is still running the file can be shared but the torrent client must have access to the file and if you delete it, the torrent client can't keep sharing anything

at least that is how ares running under wine on linux works but that is a bit different, the torrent client won't download the file again and again unless this is a option in the app, ktorrent had something similar, it kept on a list what had been downloaded but i don't remember if it autodownloaded again the next app load

[Tony]

Honestly, it is a interesting topic. Leave it be.  

I found myself revisiting from the Windows Malware Training and Cleaning perspective, that it does raise questions as to letting a Torrent share your Computer's Torrent Download Folder, which they do, unless cleared.
Again, I'm not happy to have the usage of Torrents, P2P software, and 'thepiratebay.se/' being said to be used on this Forum, and will express that I'm not condoning the post.

The idea of being infected, in pclos, was interesting.

Like many of you (I guess) I use Pirate Bay to download things occasionally. I downloaded what I thought was Life of Pi but what I got seems to be some kind of exe file even though it is labeled avi.

I introduced a perspective from a Windows Malware Cleaning aspect, which is the other side of the coin, but has it's merits, I felt. Linux and Windows users share the Net, BUT experience few similarities.
Bald Brick,

Actually he hasn't admitted anything of the sort. Has he implied it? That he has used Pirate Bay may sound a bit suspicious, but I've been told that everything on Pirate Bay isn't necessarily illegal. I don't use it myself so I don't know.

I have to disagree, or moreso explain to you; and it is the inference which got my head down, and thinking about the issue.
I'm no expert on Torrents either, you don't have to be, they are simple to use I believe.

I posted, pertaining to how a Windows Malware Removal person sees File Sharing, in the open, which using a Torrent is. Nothing like sharing a file with a friend, or family, or trusted colleague, or say a commercial site like iTunes .

A Torrent Client Downloads, plus Uploads a file, if you aren't sure Bald Brick, just to help understand; directly from a Folder on your machine.

The opening Post: http://www.pclinuxos.com/forum/index.php/topic,111300.msg950554.html#msg950554

Like many of you (I guess) I use Pirate Bay to download things occasionally. I downloaded what I thought was Life of Pi but what I got seems to be some kind of exe file even though it is labeled avi. I can't get rid of it. I delete it over and over and it keeps coming back, like a rick roll if you remember that. I have also deleted it to the trash with the same result. I downloaded clamav thinking I might be able to get rid of it with that but after I downloaded it I couldn't even find where it is located. Any suggestions? I guess I can, at some point, reinstall and will if it is necessary. Thanks for any suggestions.

That was/and potentially does mimic how a Virus can operate; hiding, and being evasive. Interesting indeed.

Really, I've said more than enough about not being happy about the Opening statement of this Thread, and having GoogleBots, YahooBots, etc. Archiving it; that 'PCLinuxOS.com' is happy to suggest:

"Like many of you (I guess) I use Pirate Bay to download things occasionally."

Doesn't sound 'pretty' to me. *Maybe some of the wording in the opening Post might be changed ?

That's all, and much too much for me to say, finito,... you either 'Getit', or you don't.

Regards and best wishes to all.  

[arjaybe]

about the torrent downloading the same file, if the app is still running the file can be shared but the torrent client must have access to the file and if you delete it, the torrent client can't keep sharing anything

Using ktorrent, if I delete or move the file, it will download it again.

[horusfalcon]

slocate won't find recently added files until you do this:
su -c updatedb
Then try it again.

Galen

Thanks--it still told me command not found when I did that.

I think slocate has been replaced by mlocate. But you won't find a binary called mlocate either; the mlocate binary is just called "locate".

Oops... my bad.  I still play around with other distros that do use slocate.  I wonder why we don't use it in PCLinuxOS?  Thanks for the correction, folks!  Keep me honest, now...

By the way... Life of Pi is a very recent movie.  I'm sure Ang Lee and his producers would take issue with it being downloaded.  I'm not passing judgment, mind you, just making an observation.  (This movie is now out on Blu-Ray, by the way... check Amazon or your favorite local retailer.) 

It is so typical of Social Engineers to house their payloads in very tempting packages...  the dastards! 

One thing for certain here is that Jim Dandy didn't get the movie he though he was getting, so legal exposure here is nil, regardless of original intent.  What he did get was something far less desirable, but c'est la vie in the torrent biz...  (Sorry, Bud. It happens.  Next time, you might consider not opening a freshly downloaded file from the file manager of your choice.  Instead try starting your favorite movie player and using it to directly open the file.  If it's a no-goodnik piece of WinTrash, the worst that might happen is it crashes your movie player.)

As for torrents automatically downloading?  If an incomplete torrent is deleted from within ktorrent, a dialog box gives the option to delete the torrent file (extension = .torrent) and its data.  Was this done?  If only the torrent file was deleted, it should not be re-downloading, but the partial data load (and, in this case, its payload) would still remain. 

If the data was deleted manually (from outside ktorrent) while the torrent was still running, yup, it will immediately begin re-downloading after a data check shows it's gone.  Best way to go is (optionally) STOP the torrent, then delete both torrent and data from within ktorrent.  Presumably, similar but maybe not exactly the same behaviors may be expected of any torrent client?

Once the torrent has finished downloading, deleting the torrent just gets rid of the .torrent file, and not the data. 

I'm not sure what the exact mechanism is for any "re-downloading" that's going on within WINE, and I'm starting to babble again, so I'll shut up for now...

Later On,
D

[jaydot]

this thread has gone haywire, hasn't it?

jim, if you still have a problem, please start a new thread giving as full an account of it as possible.

tony, many of us use p2p legitimately to download our linux images.  the badhats came along later.

'remember the topic and stay on it' is one of the fua commandments youse is all breaking.