Author Topic: I think I may have downloaded a virus (SOLVED) (Read 2527 times)

Jim Dandy · « **on:** December 03, 2012, 06:36:41 PM »

Like many of you (I guess) I use Pirate Bay to download things occasionally. I downloaded what I thought was Life of Pi but what I got seems to be some kind of exe file even though it is labeled avi. I can't get rid of it. I delete it over and over and it keeps coming back, like a rick roll if you remember that. I have also deleted it to the trash with the same result. I downloaded clamav thinking I might be able to get rid of it with that but after I downloaded it I couldn't even find where it is located. Any suggestions? I guess I can, at some point, reinstall and will if it is necessary. Thanks for any suggestions.

joechimp · « **Reply #1 on:** December 03, 2012, 07:19:50 PM »

The Clam can be found in this thread.

http://www.pclinuxos.com/forum/index.php/topic,102551.0.html

I was going to give you a blow by blow but I remembered this thread.
It should be more helpful.

µT6 · « **Reply #2 on:** December 03, 2012, 07:22:02 PM »

if you have wine installed it is a virus running press ctrl + esc key

in the system window search for wine service and kill it

the virus could be copied in your home folder and also in some folder inside /home/thenameofyouruser/.wine/drive_c folder

it should be named identically to the avi/exe or with a similar size in one of those folders, probably inside users folder but in others could be hidden too

i wouldn't worry much about it, it should be closed once you restart system, if it runs again by removing wine from synaptic should be enough if the above doesn't help

Jim Dandy · « **Reply #3 on:** December 03, 2012, 07:48:08 PM »

Quote from: joechimp on December 03, 2012, 07:19:50 PM

The Clam can be found in this thread.

http://www.pclinuxos.com/forum/index.php/topic,102551.0.html

I was going to give you a blow by blow but I remembered this thread.
It should be more helpful.

Thank you. I will check it out. I thought I was rid of it a while ago. Had about six of them in the trash and deleted them and it didn't come back for a while. But when I checked just now it was back.

Jim Dandy · « **Reply #4 on:** December 03, 2012, 07:48:48 PM »

Quote from: µT6 on December 03, 2012, 07:22:02 PM

if you have wine installed it is a virus running press ctrl + esc key

in the system window search for wine service and kill it

the virus could be copied in your home folder and also in some folder inside /home/thenameofyouruser/.wine/drive_c folder

it should be named identically to the avi/exe or with a similar size in one of those folders, probably inside users folder but in others could be hidden too

i wouldn't worry much about it, it should be closed once you restart system, if it runs again by removing wine from synaptic should be enough if the above doesn't help

Thanks but I don't have wine. I only use pclos on this computer.

µT6 · « **Reply #5 on:** December 03, 2012, 08:15:28 PM »

then the file has properties problem, as root you have to delete it, don't remember how, maybe in dolphin use root menu/delete as root

Jim Dandy · « **Reply #6 on:** December 03, 2012, 09:18:46 PM »

Quote from: µT6 on December 03, 2012, 08:15:28 PM

then the file has properties problem, as root you have to delete it, don't remember how, maybe in dolphin use root menu/delete as root

Thank you. I am having no luck at all with clamav.

Rudge · « **Reply #7 on:** December 03, 2012, 09:33:38 PM »

Quote from: Jim Dandy on December 03, 2012, 09:18:46 PM

Quote from: µT6 on December 03, 2012, 08:15:28 PM
then the file has properties problem, as root you have to delete it, don't remember how, maybe in dolphin use root menu/delete as root

Thank you. I am having no luck at all with clamav.

clamav, assuming you could get it to work, is only designed to find "Windows" Viruses.

For all practical purposes, there are no known viruses that run on Linux.

To delete the file as root....

Open a konsole then,

su (hit enter, it will ask for root's password) (enter root's password)

cd /the/exact/location/of/the/file's/directory

rm thefile.avi or whatever the filename is.

exit

exit again.

If you are familiar with root's capabilities ignore this TIP: Be very careful when logged in as root. It WILL remove anything you ask it to and it will be gone. No "Trashcan", no "recovery". Unless you have backed it up... it's gone.

Jim Dandy · « **Reply #8 on:** December 03, 2012, 10:00:56 PM »

Thank you. The name of the file, at least the name it was given on PB, is this: Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

Rudge · « **Reply #9 on:** December 03, 2012, 10:10:27 PM »

Quote from: Jim Dandy on December 03, 2012, 10:00:56 PM

Thank you. The name of the file, at least the name it was given on PB, is this: Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

It doesn't sound to me like clamav is going to help you.

Do you know the exact name of the file and what directory it is in?

Jim Dandy · « **Reply #10 on:** December 03, 2012, 10:13:24 PM »

Quote from: Rudge on December 03, 2012, 10:10:27 PM

Quote from: Jim Dandy on December 03, 2012, 10:00:56 PM
Thank you. The name of the file, at least the name it was given on PB, is this: Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

It doesn't sound to me like clamav is going to help you.

Do you know the exact name of the file and what directory it is in?

The name of the file is as I quoted, Life of Pi from Cam but Very Good.avi. It is in my home/danny directory.

Rudge · « **Reply #11 on:** December 03, 2012, 10:18:56 PM »

Quote from: Jim Dandy on December 03, 2012, 10:13:24 PM

Quote from: Rudge on December 03, 2012, 10:10:27 PM
Quote from: Jim Dandy on December 03, 2012, 10:00:56 PM
Thank you. The name of the file, at least the name it was given on PB, is this: Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

It doesn't sound to me like clamav is going to help you.

Do you know the exact name of the file and what directory it is in?

The name of the file is as I quoted, Life of Pi from Cam but Very Good.avi. It is in my home/danny directory.

try

rm "Life of Pi from Cam but Very Good.avi"

INCLUDE the quotes.

Jim Dandy · « **Reply #12 on:** December 03, 2012, 10:23:10 PM »

Thanks. When I did that it asked me remove whatever and had a question mark at the end. I typed in yes, didn't really know what to do but that seems to have done the trick. I ran the command again after I typed in yes and it informed me there was no such file or directory. And now I can't find an avi file when I search for it. Thank you very much.

Rudge · « **Reply #13 on:** December 03, 2012, 10:27:15 PM »

Quote from: Jim Dandy on December 03, 2012, 10:23:10 PM

Thanks. When I did that it asked me remove whatever and had a question mark at the end. I typed in yes, didn't really know what to do but that seems to have done the trick. I ran the command again after I typed in yes and it informed me there was no such file or directory. And now I can't find an avi file when I search for it. Thank you very much.

Let's hope it don't come back. LOL

Linux don't like filenames with "spaces" in them.

Next time you download a file, add a "_" where the spaces are or just delete them out BEFORE you "Save File As" in the dialog box.

Good luck.

horusfalcon · « **Reply #14 on:** December 03, 2012, 10:29:54 PM »

Quote from: Jim Dandy on December 03, 2012, 10:00:56 PM

Thank you. The name of the file, at least the name it was given on PB, is this: Life of Pi from Cam but Very Good.avi

I am familiar with su and password, have used it many times. But could you tell me specifically how to remove this whatever it is that keeps coming back every time I delete it? I should have known better from the title--it said it was very good but the quality sucked. I have still not had any luck with clam.

I see somebody has beaten me to this, but I will post anyway, as some of this may be still relevant.

If "Life of Pi from Cam but Very Good.avi" is the file you wish to delete, try this:

1.) Figure out where this file is stored. It may prove useful to run the slocate or find commands to accomplish this - you may be surprised to find the file in question resides in more than one place!

2.) Once you've figured out where all the copies are, delete them as root from a shell using the rm command with the -f option {WARNING! Sit on your fingers for a few seconds, and read the command carefully before pressing the ENTER key - a character or space out of place in an rm command can have disastrous consequences. As an example, say you found a copy of this file in /home/xxxxx/Videos (where xxxxx represents a user name), you could delete it from a root shell prompt by issuing the command:

Code: [Select]

[root@localhost xxxxx]rm -f "Life of Pi from Cam but Very Good.avi"
Note the double quotes around the file name? Very necessary since this file name contains spaces!

Another way to attack the problem would be to use Midnight Commander as root. To open it as root, issue the following command from a root shell:

Quote

[root@localhost xxxxx]mc

You will find that Midnight Commander has some very powerful file search and manipulation tools. (I suggest this as the file name you are working with may have non-visible/non-printable characters in it that are hindering your deletion efforts.)

Hope this helps you out. You may wish to reconsider Pirate Bay as a source for torrents. There are safer sites out there. Google it, friend.

Later On,
D

PCLinuxOS-Forums

News:

Author Topic: I think I may have downloaded a virus (SOLVED) (Read 2527 times)

Jim Dandy

I think I may have downloaded a virus (SOLVED)

joechimp

Re: I think I may have downloaded a virus

µT6

Re: I think I may have downloaded a virus

Jim Dandy

Re: I think I may have downloaded a virus

Jim Dandy

Re: I think I may have downloaded a virus

µT6

Re: I think I may have downloaded a virus

Jim Dandy

Re: I think I may have downloaded a virus

Rudge

Re: I think I may have downloaded a virus

Jim Dandy

Re: I think I may have downloaded a virus

Rudge

Re: I think I may have downloaded a virus

Jim Dandy

Re: I think I may have downloaded a virus

Rudge

Re: I think I may have downloaded a virus

Jim Dandy

Re: I think I may have downloaded a virus

Rudge

Re: I think I may have downloaded a virus

horusfalcon

Re: I think I may have downloaded a virus