a few years ago I installed kubuntu on my sisters computer since xp took a dump. today she came knocking on my door with an issue. when I looked at it the first thing I noticed was a popup saying her computer was infected. something about a script. it had 15.04 but along the way was updated to 16.04 I really know nothing about kubuntu but am redownloading 16.04 again now. I install it from a usb stick to the hard drive. my question is should I reformat and reload kubuntu or is there a good free AV I could use to clean it? thanks
update: tried to do new security updates and it just hung. did a hard shut down now mouse or keyboard don't work.
Most AV's detect primarily Windows viruses, and the ones that do detect Linux viruses with a good rate are always paid. So yeah, the easiest and cheapest way is to "reload". However, you first could try one thing: open a Terminal and type "sudo dolphin". This will open the file manager as root. Now, go to her /home folder, press the combination "Alt + ." (will reveal hidden files/folders) and post a screenshot of that here, if possible (if it doesn't interfere with her privacy). Usually the user doesn't have access to anything besides his/her home folder, so it's unlikely that any infection would cause damage to the system itself, and so deleting everything but keeping a few folders should do the trick. Deleting every hidden folder/file SHOULD do no harm. She will obviously lose her Firefox/Chrome/Chromium profiles and pretty much every configuration she did, but you can keep things you're sure aren't part of the problem.
well I n all the years I have used windows and did security I am pretty sure this is a facebook malware just for Linux. going to redo ... sorry cant do as you say because I can not use mouse or keyboard. the popup before all failed was your banking info might be compromised. and everything hung. I am guessing I messed things up when I tried to do the latest security updates and that hung so I did a hard reboot and lost mouse and keyboard.
Ummm, interesting. I guess we'll just have to wait and see if such malware actually is out there, because if there's one thing the media loves doing is making a Linux malware go viral, literally No mouse and Keyboard after a hard reset that was done while updating? Sounds like corrupt files. You could install the older versions of files, or just boot the LiveCD and remove the hidden files/folders to see if that helps with the configuration, but I guess the easiest thing is just to re-install. IMO this is just a browser-hijacker, not a virus or ransomware. Your lack of mouse/keyboard could be due to the hard reset while updating.
When I made the usb stick I had the options to boot and run kubuntu from usb or install to hard drive. I chose to install because my 67 year old sister never realy go the hang of windows let alone Linux. since I installed her kubuntu I have reused the usb for many other thing. and so right now I still have the old version 15.04 but had issues with no sound till I updated along the way. now I am going to try the latest release of 16.04 in the morning. after all I mowed her whiole yard today and don't feel like dealing with it today lol I think you are right about the browser hijack from facebook. in any event the update failed so going to redo. she really only goes to Hotmail and facebook. and so there is something out there that is messing with firefox using kubuntu and for the old timer using face book with firefox it is all downhill from there.
Check her browser extensions, its probably one of them causing this, remove it, reset browser and cache. Unless she has sudo right, installing malware is virtually impossible in Linux.
"Check her browser extensions, its probably one of them causing this, remove it, reset browser and cache. Unless she has sudo right, installing malware is virtually impossible in Linux." if I would have done that at first I would have been ok but I clicked to install updates, the updates hung and so I did a hard reset. after that I lost mouse and keyboard. early this morning I reinstalled 5.04 from scratch and she is back in buianess
update: sister was informed to use chromium. yesterday she got hit with the fake encryption page that locked up her computer, she used firefox, so I deleted it and told her to use chromium, she instead used Vivaldi and go the fake alert again. so hopefully she will now only use chromium. she was on facebook every time. and so even the new Vivaldi is not immune to the web page hacks. funny thing is this time it was a fake windows warning and she is using kubuntu.
"Even more effective than adblock plus, install ublockO and set to enhanced easy mode. " would I need this with chromium?
She got hit again? I'd (confidently) say she's not being cautious enough or just is terrible at web browsing
Time to install a sandbox (firejail??) or move workspace to a VM. Firejail would be perfect because the session activity always goes away when she is finished. Would that work for her?
"She got hit again? I'd (confidently) say she's not being cautious enough or just is terrible at web browsing " yup she was gone visiting her kids for a week and when she came back she for some reason, ( old timers disease ) forgot not to use FF. so I deleted it and left her with chromium. then she got hit again. I had to force shutdown to get control back. she only goes to facebook and has been informed NOT to clink on any other links. point I was trying to make is she was using chromium when last hit. the other times it was the fake encryption page, this time it was the fake windows lock page, which is strange since she is using Linux. BTW she just turned 67.
Not always, though. The user must specify the "--private" switch. If he/she just runs "firejail firefox" then the changes are not deleted. However, the browser has access only to it's own folder and the "~/Downloads" folder, so damage is minimal (not to mention because all the caps disabled). I think she could use "firejail --private=/home/Documents/Others/Firefox". This folder would be created and all changes remain in it. But to be completely honest, I think the solution is far more complicated than a Sandbox, because if she keeps getting hit with ransomware then there's something very wrong, either on her browsing habits or the network/HD/MBR, whatever. I would definitely consider that the modem/router could have been compromised and is redirecting the traffic to malware domains.
And here I respectfully disagree and feel it's likely a very easy solution with or similar to the ublockO suggestion in my post #13. Of course I can't be sure, which is why I was hoping for a link to test. Let's not forget the sandboxing of Chromium in Linux is a robust one in itself. Firejail will, of course, provide another sandbox layer, although more of a "nice to have" one, rather than out of necessity. That could very well be it.
"I would definitely consider that the modem/router could have been compromised and is redirecting the traffic to malware domains." I can look at the traffic in my router and see if I notice anything not right. my router only shows the current day though and cannot go back. might have to install another firewall. for the past 4 years been only using the windows fw. does kubuntu have a form of firewall logging. it seems last few days when forcing her to use chromium she has been ok but would be nice to view some fw logs for which ever day she gets hit.
I too respectfully disagree because she'd be limiting the damage with Firejail but would not prevent it completely. Either the router, the HD, the DVD/CD install, her browsing habits, something is wrong and using a Sandbox in this case is like trying to stop the sun with a strainer