# Multiple viruses



## Sridhar_Rao (Nov 11, 2008)

I run my system on Ubuntu. I also installed Avast for Linux. As I plugged in a USB pen drive, Linux asked me if a program be allowed to execute; obviously I denied permission.

A thorough scan revealed 6 trojans in the drive. Had I used this drive on my laptop running on XP, it surely would have been infected (despite all measures). Now, you know why I run antivirus on linux. I use it as a "sandbag" before running on windows machine.

OK, the problem is that avast is not able to delete/move to chest/rename it. Permission to do is being denied. The infections persist. What should I do now?


----------



## hellknight (Nov 11, 2008)

Remove Windows .. LOL.. you can change the permissions of the drive where you have viruses.. or you can manually delete those file by becoming a Administrator..


----------



## Sridhar_Rao (Nov 11, 2008)

How do I do that? I think I am logged in as administrator but I am not sure. Please let me know how.


----------



## Rahim (Nov 11, 2008)

*Be sure to cd to the pen drive mount point*
Tell me where the pen drive is mounted first!!
Open a terminal and cd to where the pen drive is mounted, maybe in /media folder. Enter sudo chmod -R 777 * and this will allow full access to modify/delete the folders/files in the pen drive.

*Be sure to cd to the pen drive mount point*


----------



## Sridhar_Rao (Nov 11, 2008)

Is there a * after sudo chmod -R 777
There are some files in the pen drive that would want to run on their own, hope they wont get permission to run! Excuse me for my extreme ignorance!

I read this somewhere:


> chmod 777 gives everyone all rights, chmod 700 gives the owner all rights, no one else can do anything with the file and you can make every combination like that.


Is 777 OK or 700?

The pen drive is mounted in media.


----------



## Rahim (Nov 11, 2008)

^Full path to the mount point? Suppose it is mounted as */media/usb*. Change accordingly.

Yes 700 will suffice in this case. Yes there is an asterisk * which will change the permissions of all files/folder in /media/usb folder.


----------



## Sridhar_Rao (Nov 11, 2008)

OK, I will do that, but before that I have a question. Isn't there a way to make the avast to clean them instead of myself changing the attributes and deleting them?


----------



## hellknight (Nov 11, 2008)

you can check the Pen-Drive's mount point by command *fdisk -l*.. it will show you all the mounted devices..


----------



## Rahim (Nov 11, 2008)

Then you have to run avast in the root mode(admin). Highly dangerous stuff when choosing root account.

@hellknight: fdisk -l will show only the partitions and not their mount points.

Use df -l to highlight the various mount points.


----------



## Sridhar_Rao (Nov 11, 2008)

At the terminal i typed cd /media and got into it. next, i typed cd /usbdiskpro, which is the folder name of the drive and i get no such file or directory. i can see it in file browser.


----------



## Rahim (Nov 11, 2008)

Try unplugging and then re-plugging the usb pen drive.


----------



## Sridhar_Rao (Nov 11, 2008)

Not happening! Is there any other way getting to it. Like a single statement....cd/media/usbdiskpro ??

Sorry! I was being stupid...all I had to do was to type cd usbdiskpro  without that "/"

I am now going for sudo chmod -R 700 *


----------



## Rahim (Nov 11, 2008)

^Chal maaf kiya 

One more thing, since the folder's owner is "root", and using 700 will only allow root user to change anything. So why not use 777 to allow everyone,including the normal users to modify them?
Another way is to change the owner to ,say, your name and then use 700, so that it allows you to change them.
i hope your eyes re not rolling backwards reading this 

Quick and Dirty Guide to Linux File Permissions


----------



## Sridhar_Rao (Nov 11, 2008)

Hurrah! Thanks...

I got to delete all those nasty files, even the hidden ones. I ran the avast scan and confirmed that all trojans were deleted. Even the ones in the trash folder. How do I revoke that permission?

Sorry, being totally ignorant of linux and its working, I understand nothing. I faithfully follow what good people like you guys tell me. 

I have another question...not related to this

I installed clamav in order to bolster security (not linux) using synaptic manager but am unable to see it. Please help


----------



## Rahim (Nov 11, 2008)

Install clam-gtk; it is a front end gui that you can find under system tools.
See this --Howto Install Clam AntiVirus with GTK frontend GUI


> How do I revoke that permission?


Revoke what?

Try going through the link on Linux Permission posted above.


----------



## Sridhar_Rao (Nov 11, 2008)

I did find files like clamav, clamav-base, clamav-freshclam, clamav-getfiles, and clamtk and installed them successfully. I don't see it anywhere not even in any menu. 
I did as described in this site
*yourubuntulinux.blogspot.com/2007/08/how-to-install-clamav-and-its-gui.html

I mean undoing that permission.


----------



## Rahim (Nov 11, 2008)

It must be in Accessories Menu as Virus Scanner. Use the Guide posted.
Enter clamtk in a terminal to see if it opens.

As for the permissions, you can change it anyway you like, say changing its owner or changinf its permissions....it depends on our needs.


----------



## Sridhar_Rao (Nov 11, 2008)

That is the problem, it is not in the specified location. Any idea?

Is there a default menu editor in ubuntu?


----------



## Rahim (Nov 11, 2008)

^Open it from a terminal using clamtk


----------



## Sridhar_Rao (Nov 11, 2008)

Quite unexpected... I found it in applications>system tools>virus scanner.

I tried to update and it says. "you must be root to install updates". How do I be the root?


----------



## Rahim (Nov 11, 2008)

Arey bhai open a terminal and enter sudo clamtk. You have to use sudo to update any program remember?

sudo clamtk
go to help and go to Update


----------



## Sridhar_Rao (Nov 11, 2008)

Ab tak malum nahin tha, apki meherbani se aaj malum ho gaya, shukriya!


----------



## Rahim (Nov 11, 2008)

^Why dont you use irc.eu.freenode.net for such queries, fast, efficient and addictive


----------



## Sridhar_Rao (Nov 11, 2008)

What is irc? a chat? pata nahin.
This forum has served most of my purposes, fast & efficient too. thanks to guys like you.


----------



## Rahim (Nov 11, 2008)

^Kis duniya mein rahte hai mere pyaare bhaiiii. 
Use xchat for this.


----------



## Faun (Nov 11, 2008)

lol...long troubleshooting


----------



## thewisecrab (Nov 11, 2008)

Sridhar_Rao said:


> What is irc? a chat? pata nahin.
> This forum has served most of my purposes, fast & efficient too. thanks to guys like you.


Here you go:


> After a long discussion, we at #Digit IRC have decided to spam the forum with some fun-bites directly from the channel   These are some samples, if you want more  just visit #Digit IRC channel.
> 
> Before we go into details, here are some helpful links:
> 
> ...


Find it on Chit Chat


----------



## Rahim (Nov 12, 2008)

^It seems Sridhar is *satisfied* with ThinkDigit Forum


----------



## thewisecrab (Nov 12, 2008)

He better be...


----------



## Zangetsu (Nov 12, 2008)

thewisecrab said:


> we are constantly inventing new words. So, u can increase ur vocabulary. And we are on they way to copyright those words..


 
Cud u pls xplain this statement...


----------



## thewisecrab (Nov 12, 2008)

I ctrl+C-ed from here:
*thinkdigit.com/forum/showthread.php?t=82475
Seriously, the IRC is a great place to hang out 
any doubts you have will be should be asked in that thread


----------

