Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Dave1004]

Hey, Bay12'ers. I come to you with an urgent plea for help. If you don't know anything about Linux, specifically Ubuntu, please don't bother. I do appreciate any, an all help, but your time would just be wasted.

I'll keep it short and simple. I downloaded a small (3mb) exe a while back, it was for something called OmegleSpy (A friend recommended it to me, I can't get in-contact with him now.) After that, I started getting banned on websites and forums for spamming "Quickprize.net", and I just figure out that I have a root-kit. I tried to use Avast, and I managed to install it, but after (attempting) to update it, I get this error:

Deleted stale lock file '/home/(me)/.avast/lockfile-(me).'
An error occurred in the Avast! engine: Invalid argument

I can't launch Avast! now. Please help me! Are there any good Rootkit scanners, and preferably removers out there? Anything that I can do to fix this? Thank you! I'll be eternally in your debt.

I'm also a Linux newbie, so I don't know much. I also can't get the Terminal to work, it says that I'm not an Administrator, and then asks if I'm root, but I can't activate any commands. Please recommend any decent programs to clean my computer!

One final time, - Thank you!!

[Nirur Torir]

I'm also a Linux newbie, so I don't know much. I also can't get the Terminal to work, it says that I'm not an Administrator, and then asks if I'm root, but I can't activate any commands.

Preface your terminal commands with Sudo to run them as an administrator.

I'd boot from the installation CD and then try to run whatever scanners you can find. I expect it would prevent the rootkit from disabling them. (This is almost as obvious as "Is it plugged in?" and I hate to say anything, but for the sake of completion, make sure you downloaded the Linux version of Avast! [I make no claims that these installation instructions work. This was the first page I found with a quick search.])

Actually, I'd probably format and reinstall in a paranoid frenzy.

[Dave1004]

I'm also a Linux newbie, so I don't know much. I also can't get the Terminal to work, it says that I'm not an Administrator, and then asks if I'm root, but I can't activate any commands.

Preface your terminal commands with Sudo to run them as an administrator.

I'd boot from the installation CD and then try to run whatever scanners you can find. I expect it would prevent the rootkit from disabling them. (This is almost as obvious as "Is it plugged in?" and I hate to say anything, but for the sake of completion, make sure you downloaded the Linux version of Avast! [I make no claims that these installation instructions work. This was the first page I found with a quick search.])

Actually, I'd probably format and reinstall in a paranoid frenzy.

No worries, I had gotten the Linux avast. I'm a newbie, but not that bad lol. I lost my installation CD ages ago, and the chances of finding it are...Slim at best.

The major problem is, I can't find any scanners. I tried ClamTK, but it found nothing...Ugh. So worried...

Thanks for the post, Nirur!

[ChairmanPoo]

have you tried chkrootkit?

[Dave1004]

have you tried chkrootkit?

I think I had looked it up, but the last update was late 2009, so...Unless I misse something, it probably won't help...Thanks, though!

[Dave1004]

I just installed Rootkit Hunter, but I can't find out how to run it. I had installed it from the Software center. I tried sudo chkrootkit -c, but it just says that the command isn't found...

Anybody know why? Thanks!

[ChairmanPoo]

the command for that one is rkhunter

(I've never used any of these programs, mind you. I'm just translating from here: http://www.noticiasubuntu.com/como-buscar-rootkits-en-ubuntu/ )

[Dave1004]

the command for that one is rkhunter

(I've never used any of these programs, mind you. I'm just translating from here: http://www.noticiasubuntu.com/como-buscar-rootkits-en-ubuntu/ )

Thanks! That actually worked, so...Let's see if it does anything D:

Ty mate!

[DrKillPatient]

I suppose you ran the exe file with Wine. If so, it most likely installed stuff into your ~/.wine folder (which is basically like Windows' C: drive). Be sure to back up any applications you have in Wine's "program files" folder (if you have no idea what I'm talking about, you most likely have nothing to back up) and then remove ~/.wine with this command:

Code: [Select]

rm -rf ~/.wine
On the next time you try to run a Windows program with Wine, a fresh copy of the ~/.wine folder will be recreated for you.

[Dave1004]

I suppose you ran the exe file with Wine. If so, it most likely installed stuff into your ~/.wine folder (which is basically like Windows' C: drive). Be sure to back up any applications you have in Wine's "program files" folder (if you have no idea what I'm talking about, you most likely have nothing to back up) and then remove ~/.wine with this command:

Code: [Select]

rm -rf ~/.wine
On the next time you try to run a Windows program with Wine, a fresh copy of the ~/.wine folder will be recreated for you.

Right, I did that, thanks. It probably worked, I dunno...I'll keep an eye on my system. Is it possible for them to hijack my webcam? It's integrated into my laptop or somesuch...

Thanks for the help!

[Fenrir]

Is it possible for them to hijack my webcam? It's integrated into my laptop or somesuch...

Yes.

[Hitty40]

Is it possible for them to hijack my webcam? It's integrated into my laptop or somesuch...

Yes.

But I believe it will only work when your laptop is on. Could put duct tape on it for now so then they can't see through.

But don't take what I said completely, I don't know much how webcams on laptops.

[Fenrir]

Is it possible for them to hijack my webcam? It's integrated into my laptop or somesuch...

Yes.

But I believe it will only work when your laptop is on.

Naturally. The camera does need power, and network connectivity is a prerequisite for remote hacking.

Of course, it is not very important unless you place something in front of the camera that could be used against you. I can not find the article right now, but one hacker blackmailed hundreds of teenage girls who happened to leave their computers running while they were undressing — so refrain from being nude in front of it, and you should be safe.

[DrKillPatient]

Looking around the 'net, it appears Omeglespy is a cross-platform java application (if their site is to be trusted, anyway). If it is indeed such, you might want to try a scan with ClamAV. That picks up on trojans/rootkits/etc quite well, even if they're for a different OS (mainly Windows).

EDIT: Also, it's more likely a trojan (lies low and monitors activity) than a rootkit (hides malicious applications' processes and enables heightened privileges for them). Compared to, say, MSDOS-based operating systems, UNIX variants make it incredibly hard to gain root access unless the user has no idea what he's doing and enters his root password where he shouldn't, or uses a generic password/no password at all. If you've got a silly root password like "root" or something, change it now-- preferably to one you don't use elsewhere.

[Dave1004]

Looking around the 'net, it appears Omeglespy is a cross-platform java application (if their site is to be trusted, anyway). If it is indeed such, you might want to try a scan with ClamAV. That picks up on trojans/rootkits/etc quite well, even if they're for a different OS (mainly Windows).

EDIT: Also, it's more likely a trojan (lies low and monitors activity) than a rootkit (hides malicious applications' processes and enables heightened privileges for them). Compared to, say, MSDOS-based operating systems, UNIX variants make it incredibly hard to gain root access unless the user has no idea what he's doing and enters his root password where he shouldn't, or uses a generic password/no password at all. If you've got a silly root password like "root" or something, change it now-- preferably to one you don't use elsewhere.

Right...My root password is a combination of letters and numbers, for 10 in total. Should be decent. You're right, this may be a trojan...I scanned with both RKhunter and Chkrootkit, and they found nothing. I just did a scan with ClamAV, but...It found nothing as well? I don't understand. Thanks for all the help, mate!

Is it possible for them to hijack my webcam? It's integrated into my laptop or somesuch...

Yes.

But I believe it will only work when your laptop is on.

Naturally. The camera does need power, and network connectivity is a prerequisite for remote hacking.

Of course, it is not very important unless you place something in front of the camera that could be used against you. I can not find the article right now, but one hacker blackmailed hundreds of teenage girls who happened to leave their computers running while they were undressing — so refrain from being nude in front of it, and you should be safe.

Eeurgh. I've put some electrical tape over it, so...I should be fine. Luckily, I don't dress in-front on my laptop, so...Aye. Man, technology is bloody scary! Ugh. Then again, it is my fault that I got the...Whatever it is. Sigh...