Šta je novo?
Od:
Filteri

Malware na Debianu :(

stefaca

stefaca

Slavan
Učlanjen(a)
25.02.2005
Poruke
242
Poena
320
Da li je neko upoznat sa ovom zverkom i kako je skinuti ovaj malware sa sistema? Samo mi otvori nov tab pri koriscenju Chrome-a. Debian testing

http://imgur.com/DzmY3pe
 
Da li si probao da mu nadjes neki njegov profil ili conf file i sve to obrises zajedno sa programom.
@sammy problem je sto je to u linuxu tako da saveti za win ne vaze.
 
Poslednja izmena od urednika:
Pa znam da je za win, nisam našao ništa za linux, zato i kažem da proba sa nekim AV za linuks, ako imaju signature za win i mac mora da imaju onda i za linuks.
Meni je zanimljivije kako je uspeo da ga "fasuje" , možda preko nekog addona .. hmm ne znam, interesantno.
 
sammy je napisao(la):
Pa znam da je za win, nisam našao ništa za linux, zato i kažem da proba sa nekim AV za linuks, ako imaju signature za win i mac mora da imaju onda i za linuks.
Meni je zanimljivije kako je uspeo da ga "fasuje" , možda preko nekog addona .. hmm ne znam, interesantno.
Kliknite za proširenje...
Ne verujem da ce AV koji postoje za linux ista da urade. Moguce preko addona svasta se ugurava a nije provereno, moguce i preko nekog java skripta. Ako je ogranicen samo za Chrome
onda je valjda moguce pronaci profil i sve njegove fajlove i to obrisati. Gde jos moze da se uvali, mozda neka definicija u host fajlu. krastavac. ja se drzim Firefoxa, imam ali ne Crome nego Chromium
ali ga nesto i ne koritim sem za google i neka pretrazivanja.
Sta mislis o ovome https://ipleak.net/ i njihovom AirVPN, ja sa koristio ponekad ZenMate ali ga ovi ladno provale.
 
Koliko se meni cini ovaj djavolak cilja Chrome a ne specificno operativni koji pokrece browser. To mu omogucava da funkcionise svuda, nezavisno od specificnosti host OSa. Moguce je jer je Chrome u stvari OS za sebe...

Resenje je da batalis Chrome i ceo taj Google bloat.
 
Da, da. Ja sam se ogranicio da je problem direktno vezan za Chrome :) Kontam da obrisem sve zivo vezano za njega pa da vidim sta ce se desiti. Iskren da budem nisam ocekivao ovakvu zajebanciju :D
 
Otvori Chrome extenzije i obriši sve sumnjivo.

Sent from my Nexus 6P using Tapatalk
 
Pusti ClamTK da odradi quick scan, pa postuj ovde result.
 
lega99 je napisao(la):
U 14.04 GUI je zastareo a novi GUI nece da radi.
@stefaca kad ocistis stavi DNS sa yandexa, navodno stite https://dns.yandex.com/
ps. pozdrav i da li jos na istom mestu na TV:wave:
Kliknite za proširenje...

pozdrav,

mislim da sam sredio problem. obrisao .config/google-chrome/ i kao vise ne iskacu cuda. probacu i bracu ruse da stavim da vidim da li cisti i on. sto se TV tice napustio sam ih davno. poceo sam da radim u struci :)

PS.
mogu da potvrdim da DNS radi. odmah ga stavio na family (no porn) mod ;)
 
Poslednja izmena:
@stefaca,

Bitno je da si se resio napasti u Chrome. Ima li Kaspersky neki AV za linux?:) Super sto si nasao posao u struci :)
Ovo za DNS mi se dopada ali necu family opciju, ocu gledam slike :D, bitno je da radi, imaju negde i IPV6 DNS opciju al se ne secam gde. Meni IPV6 nista ne znaci jer provajder nema IPV6 tako da ja to odmah ugasim, ima neka opcija u grubu.
 
Kontam da sam sredio jer ne iskacu cudesa. Najiskrenije zbunio sam se kada je pocelo da iskace. Ne moze covek vise ni na net da ide normalno. Nego, nema slike, nema videa. I to na ruter stavio.

Sent from my HM NOTE 1LTE using Tapatalk
 
stefaca je napisao(la):
Kontam da sam sredio jer ne iskacu cudesa. Najiskrenije zbunio sam se kada je pocelo da iskace. Ne moze covek vise ni na net da ide normalno. Nego, nema slike, nema videa. I to na ruter stavio.

Sent from my HM NOTE 1LTE using Tapatalk
Kliknite za proširenje...
Kod mene u Firefoxu sve je po defaultu zabranjeno, flash, java itd... Filmove ne skidam, samo normalne, slike povremeno pogledam, koristio sam neki add-on VPN za Firefox tako da je to bilo dovoljno. Sad su nesto postali suplji sa tim dodatkom pa sam ga deinstalirao.
 
Imate u Opera ugradjen VPN. Blink bazirani browser, ne bi trebalo da ga pogadjaju ovi malware sto more Chrome jer ne dolazi sa sto cudesa koje Chrome (pa i Chromium) nose sa sobom. Posto je Chrome jelte najpopularniji browser na Androidu, a Android uredjaja ima najvise na svetu, najvise tih adware/malware cudesa se pise da upravo gadja exploite u Chrome, pa onda koriste naivnost korisnika da dobiju permission da instaliraju nesto drugo pa preko phishing metode da na kraju stignu do vitalnih podataka korisnika. Posto zbog sandbox pristupa po sistemu da vrsljaju ne mogu sami po sebi.

Kaspersky i ostala bagra od privatnih "security" firmica to nece javno nikada reci nego ce da trube kako svima treba antivirus na Androidu, iako taj antivirus zbog prirode platforme nije u stanju da bilo sta uradi, kao sto nije ni malware osim ako korisnik da dozvolu. Sve sto mogu jer da blacklistuju te adrese sa kojih stizu pop-up i hijack stranice. Sto sa virusima nikakve veze nema, ali se to i dalje zove antivirus. Jbga, valja braniti buducnost firme iako se obmanjuju korisnici.

Inace je Blink tj. Webkit poslovicno busan, uvek se nadje neki exploit koji se moze iskoristiti za svasta nesto, pa i remote pristup i preuzimanje masine.
 
Poslednja izmena:
Znam za Operu ali Operu koristi zena i onda se ne mesam u njene gluposti, njoj opera meni Firefox.
 
Iskren da budem obozavao sam Operu. Bila je najbolje sto postoji po meni. I onda cu izbacili mail client. Moj svet se srusio. Slicno Operi je Vivaldi. Cak koliko znam da je neka ekipa iz Opere.
 
Skenirao malopre sistem sa clamav, nije pronašao ništa, onda instaliram unofficial sigs za clamav i skeniram ponovo, sa njima nalazi 22 "virusa" , svi su u google chrome i firefox folderima, ekstenzije uglavnom, sve false positive, proverio sam par komada preko virustotal sajta i nijedan fajl nije detektovan.
 
sammy je napisao(la):
Skenirao malopre sistem sa clamav, nije pronašao ništa, onda instaliram unofficial sigs za clamav i skeniram ponovo, sa njima nalazi 22 "virusa" , svi su u google chrome i firefox folderima, ekstenzije uglavnom, sve false positive, proverio sam par komada preko virustotal sajta i nijedan fajl nije detektovan.
Kliknite za proširenje...
Gde si skinuo te unofficial sigs? Ja sam jedva na Mintu 17.3 instalirao taj AV, GUI mu je zastareo sto sam ispisuje ali novim GUI ne radi.
E sad cu bas da pustim skeniranje download dira, ima tu mesane salate, malo win programa sa krekovima, malo .deb fajlova itd...

Nasao nesto ali to sam i ocekivao LOIC (sad bi ja trebao da sam zarazen jer sam pustao LOIC) i jedan keygen
 
Poslednja izmena od urednika:
Pa imaš paket, potraži ga u synaptic, tako se zove : clamav-unofficial-sigs
Ne znam za ubuntu kako ide i da li je potrebno nešto dodatno da se radi nakon instalacije ali ja sam morao malo da setujem config fajlove da bi to radilo, u principu ništa specijalno, za dva sajta je potreban free subscription i oni ti pošalju na email šifru koju ti onda ubaciš u config fajl.
Inače nisam ni probao gui, updejt databaze uradio sa freshclam komandom (kao root) , a skeniranje sa
Kod: 
clamscan -r -v /home/
 
sammy je napisao(la):
Pa imaš paket, potraži ga u synaptic, tako se zove : clamav-unofficial-sigs
Ne znam za ubuntu kako ide i da li je potrebno nešto dodatno da se radi nakon instalacije ali ja sam morao malo da setujem config fajlove da bi to radilo, u principu ništa specijalno, za dva sajta je potreban free subscription i oni ti pošalju na email šifru koju ti onda ubaciš u config fajl.
Inače nisam ni probao gui, updejt databaze uradio sa freshclam komandom (kao root) , a skeniranje sa
Kod: 
clamscan -r -v /home/
Kliknite za proširenje...
Ok ima sve u synapticu, tako sam i odradio instalaciju i GUI, prvi update sam rucno odradio posle nadjem u GUI ima setovanje. Nadjem na netu da ima novi GUI GTK3, skinem ali ne vredi nece da radi, nije izgleda za Mint 17.3 tj. Ubuntu 14.04
Ima i clamav-unofficial-sigs u synpaticu sad sam mu ga dao install iz synaptica.
 
@sammy,

Kako znas da je taj dodatak aktivan? Ja sam pustio GUI tu se nista ne vidi, pustio iz terminala komadom kako si napisao ceo home tu se isto nista, ne vidi se nikakva naznaka.
Skan sam ubio jer sam se setio da je moj home malo golem 150GB.
Gde se nalaze ti config fajlovi na home ne vidim tu je samo za clamtk, nista ne pise u synapticu da nesto treba naknadno da se radi.
Kod: 
clamscan --debug 2>&1 /dev/null | grep "loaded"
LibClamAV debug: /var/lib/clamav/sigwhitelist.ign2 loaded
LibClamAV debug: daily.info loaded
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.hsb loaded
LibClamAV debug: daily.ldb loaded
LibClamAV debug: daily.pdb loaded
LibClamAV debug: daily.fp loaded
LibClamAV debug: daily.crb loaded
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.ign loaded
LibClamAV debug: daily.hdb loaded
LibClamAV debug: daily.idb loaded
LibClamAV debug: daily.mdb loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: daily.wdb loaded
LibClamAV debug: daily.ndb loaded
LibClamAV debug: daily.sfp loaded
LibClamAV debug: daily.ign2 loaded
LibClamAV debug: daily.msb loaded
LibClamAV debug: /var/lib/clamav/daily.cld loaded
LibClamAV debug: /var/lib/clamav/spamattach.hdb loaded
LibClamAV debug: /var/lib/clamav/crdfam.clamav.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow_extended_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/blurl.ndb loaded
LibClamAV debug: /var/lib/clamav/bofhland_phishing_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/porcupine.ndb loaded
LibClamAV debug: /var/lib/clamav/spamimg.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow_malware_links.ndb loaded
LibClamAV debug: /var/lib/clamav/junk.ndb loaded
LibClamAV debug: main.info loaded
LibClamAV debug: main.hdb loaded
LibClamAV debug: main.hsb loaded
LibClamAV debug: main.mdb loaded
LibClamAV debug: main.msb loaded
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: main.sfp loaded
LibClamAV debug: main.crb loaded
LibClamAV debug: /var/lib/clamav/main.cvd loaded
LibClamAV debug: /var/lib/clamav/sanesecurity.ftm loaded
LibClamAV debug: /var/lib/clamav/winnow_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/jurlbl.ndb loaded
LibClamAV debug: /var/lib/clamav/winnow.attachments.hdb loaded
LibClamAV debug: /var/lib/clamav/phishtank.ndb loaded
LibClamAV debug: bytecode.info loaded
LibClamAV debug: 3986185.cbc loaded
LibClamAV debug: 3986187.cbc loaded
LibClamAV debug: 3986188.cbc loaded
LibClamAV debug: 3986206.cbc loaded
LibClamAV debug: 3986212.cbc loaded
LibClamAV debug: 3986214.cbc loaded
LibClamAV debug: 3986215.cbc loaded
LibClamAV debug: 3986216.cbc loaded
LibClamAV debug: 3986217.cbc loaded
LibClamAV debug: 3986218.cbc loaded
LibClamAV debug: 3986219.cbc loaded
LibClamAV debug: 3986220.cbc loaded
LibClamAV debug: 3986221.cbc loaded
LibClamAV debug: 3986222.cbc loaded
LibClamAV debug: 3986223.cbc loaded
LibClamAV debug: 3986224.cbc loaded
LibClamAV debug: 3986229.cbc loaded
LibClamAV debug: 3986230.cbc loaded
LibClamAV debug: 3986231.cbc loaded
LibClamAV debug: 3986232.cbc loaded
LibClamAV debug: 3986233.cbc loaded
LibClamAV debug: 3986234.cbc loaded
LibClamAV debug: 3986235.cbc loaded
LibClamAV debug: 3986236.cbc loaded
LibClamAV debug: 3986242.cbc loaded
LibClamAV debug: 3986244.cbc loaded
LibClamAV debug: 3986249.cbc loaded
LibClamAV debug: 3986259.cbc loaded
LibClamAV debug: 3986282.cbc loaded
LibClamAV debug: 3986283.cbc loaded
LibClamAV debug: 3986289.cbc loaded
LibClamAV debug: 3986292.cbc loaded
LibClamAV debug: 3986301.cbc loaded
LibClamAV debug: 3986303.cbc loaded
LibClamAV debug: 3986305.cbc loaded
LibClamAV debug: 3986306.cbc loaded
LibClamAV debug: 3986310.cbc loaded
LibClamAV debug: 3986318.cbc loaded
LibClamAV debug: 3986321.cbc loaded
LibClamAV debug: 3986322.cbc loaded
LibClamAV debug: 3986326.cbc loaded
LibClamAV debug: 3986327.cbc loaded
LibClamAV debug: 3986328.cbc loaded
LibClamAV debug: 3986334.cbc loaded
LibClamAV debug: 3986337.cbc loaded
LibClamAV debug: 4306126.cbc loaded
LibClamAV debug: 4306157.cbc loaded
LibClamAV debug: 4307467.cbc loaded
LibClamAV debug: 4310114.cbc loaded
LibClamAV debug: 4416867.cbc loaded
LibClamAV debug: 4510302.cbc loaded
LibClamAV debug: 4526683.cbc loaded
LibClamAV debug: 4553522.cbc loaded
LibClamAV debug: /var/lib/clamav/bytecode.cvd loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_attach.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow_bad_cw.hdb loaded
LibClamAV debug: /var/lib/clamav/doppelstern.hdb loaded
LibClamAV debug: /var/lib/clamav/phish.ndb loaded
LibClamAV debug: /var/lib/clamav/rogue.hdb loaded
LibClamAV debug: /var/lib/clamav/scam.ndb loaded
LibClamAV debug: /var/lib/clamav/bofhland_cracked_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_URL.ndb loaded
Valjda je nesto od ovog
 
Poslednja izmena od urednika:
Da, pa stavi umesto /home /home/Downloads ili šta već želiš.
Inače možeš da mu kažeš da ti snimi sve u log sa -l ~/clamav-scan.log
ili možeš da izbaciš -v ako nećeš da vidiš ispis na ekranu, ili da dodaš -i da ti ispisuje samo ako nadje infekcije.
Jeste, učitani su dodatni osim dva, video sam ovde kako i šta treba : https://github.com/extremeshok/clamav-unofficial-sigs
Piše kako da se prijaviš za MalwarePatrol i SecuriteInfo i gde da ubaciš to što treba.
Evo ga moj ispis :
Kod: 
$ clamscan --debug 2>&1 /dev/null | grep "loaded"
LibClamAV debug: unrar support loaded from /usr/lib64/libclamunrar_iface.so.7.1.1 libclamunrar_iface_so_7_1
LibClamAV debug: /var/lib/clamav/sigwhitelist.ign2 loaded
LibClamAV debug: /var/lib/clamav/securiteinfo.ign2 loaded
LibClamAV debug: daily.info loaded
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.hsb loaded
LibClamAV debug: daily.sfp loaded
LibClamAV debug: daily.crb loaded
LibClamAV debug: daily.ign2 loaded
LibClamAV debug: daily.pdb loaded
LibClamAV debug: daily.fp loaded
LibClamAV debug: daily.hdb loaded
LibClamAV debug: daily.wdb loaded
LibClamAV debug: daily.ndb loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: daily.idb loaded
LibClamAV debug: daily.msb loaded
LibClamAV debug: daily.ldb loaded
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.mdb loaded
LibClamAV debug: daily.ign loaded
LibClamAV debug: /var/lib/clamav/daily.cld loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar3
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Crimepack.yar
LibClamAV debug: /var/lib/clamav/EK_Crimepack.yar loaded
LibClamAV debug: /var/lib/clamav/hackingteam.hsb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_1297_exploit
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_2884_exploit
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_java_2010_0842_exploit
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/EK_BleedingLife.yar
LibClamAV debug: /var/lib/clamav/EK_BleedingLife.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_cracked_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/antidebug_antivm.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css2
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js3
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js4
LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_ZeroAcces.yar
LibClamAV debug: /var/lib/clamav/EK_ZeroAcces.yar loaded
LibClamAV debug: /var/lib/clamav/rfxn.ndb loaded
LibClamAV debug: /var/lib/clamav/securiteinfoascii.hdb loaded
LibClamAV debug: /var/lib/clamav/malwarehash.hsb loaded
LibClamAV debug: /var/lib/clamav/phishtank.ndb loaded
LibClamAV debug: /var/lib/clamav/scam.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar2
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Sakura.yar
LibClamAV debug: /var/lib/clamav/EK_Sakura.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_malware_links.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html10
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html11
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html3
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html4
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html5
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html6
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html7
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html8
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html9
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf3
LibClamAV debug: cli_loadyara: loaded 17 of 17 yara signatures from /var/lib/clamav/EK_Phoenix.yar
LibClamAV debug: /var/lib/clamav/EK_Phoenix.yar loaded
LibClamAV debug: /var/lib/clamav/porcupine.hsb loaded
LibClamAV debug: /var/lib/clamav/blurl.ndb loaded
LibClamAV debug: /var/lib/clamav/foxhole_generic.cdb loaded
LibClamAV debug: /var/lib/clamav/spamattach.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow.attachments.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js3
LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/EK_Eleonore.yar
LibClamAV debug: /var/lib/clamav/EK_Eleonore.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_IMPLANT_Loader
LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_Implant_Loader2
LibClamAV debug: load_oneyara: generic string: [File {0} has been uploaded in {1}] => [46696c65207b307d20686173206265656e2075706c6f6164656420696e207b317d]
LibClamAV debug: load_oneyara: successfully loaded YARA.IMPLANT2_3
LibClamAV debug: load_oneyara: successfully loaded YARA.CryptoWall_Resume_phish
LibClamAV debug: load_oneyara: successfully loaded YARA.docx_macro
LibClamAV debug: load_oneyara: successfully loaded YARA.java_JSocket_20151217
LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/winnow_malware.yara
LibClamAV debug: /var/lib/clamav/winnow_malware.yara loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_attach.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow_bad_cw.hdb loaded
LibClamAV debug: /var/lib/clamav/EMAIL_Cryptowall.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_test
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_pornspam
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/Sanesecurity_spam.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_spam.yara loaded
LibClamAV debug: /var/lib/clamav/porcupine.ndb loaded
LibClamAV debug: /var/lib/clamav/securiteinfohtml.hdb loaded
LibClamAV debug: /var/lib/clamav/spamimg.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_pdf
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole_basic
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole1_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_css
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm10
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm11
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm12
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm3
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm4
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm5
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm6
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm8
LibClamAV debug: cli_loadyara: loaded 16 of 16 yara signatures from /var/lib/clamav/EK_Blackhole.yar
LibClamAV debug: /var/lib/clamav/EK_Blackhole.yar loaded
LibClamAV debug: /var/lib/clamav/rogue.hdb loaded
LibClamAV debug: main.info loaded
LibClamAV debug: main.hdb loaded
LibClamAV debug: main.hsb loaded
LibClamAV debug: main.mdb loaded
LibClamAV debug: main.msb loaded
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: main.sfp loaded
LibClamAV debug: main.crb loaded
LibClamAV debug: /var/lib/clamav/main.cvd loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js3
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Zerox88.yar
LibClamAV debug: /var/lib/clamav/EK_Zerox88.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_flash
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_java
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_quicktime
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_vml
LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_Fragus.yar
LibClamAV debug: /var/lib/clamav/EK_Fragus.yar loaded
LibClamAV debug: /var/lib/clamav/jurlbl.ndb loaded
LibClamAV debug: /var/lib/clamav/winnow_extended_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/securiteinfoandroid.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zeus_js
LibClamAV debug: cli_loadyara: loaded 1 of 1 yara signatures from /var/lib/clamav/EK_Zeus.yar
LibClamAV debug: /var/lib/clamav/EK_Zeus.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Hdr_2
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type3_Bdy_4
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Bdy_3
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_PhishingTestSig_1
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/Sanesecurity_sigtest.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_sigtest.yara loaded
LibClamAV debug: /var/lib/clamav/phish.ndb loaded
LibClamAV debug: /var/lib/clamav/foxhole_filename.cdb loaded
LibClamAV debug: /var/lib/clamav/sanesecurity.ftm loaded
LibClamAV debug: /var/lib/clamav/bofhland_phishing_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/javascript.ndb loaded
LibClamAV debug: /var/lib/clamav/securiteinfo.hdb loaded
LibClamAV debug: bytecode.info loaded
LibClamAV debug: 3986185.cbc loaded
LibClamAV debug: 3986187.cbc loaded
LibClamAV debug: 3986188.cbc loaded
LibClamAV debug: 3986206.cbc loaded
LibClamAV debug: 3986212.cbc loaded
LibClamAV debug: 3986214.cbc loaded
LibClamAV debug: 3986215.cbc loaded
LibClamAV debug: 3986216.cbc loaded
LibClamAV debug: 3986217.cbc loaded
LibClamAV debug: 3986218.cbc loaded
LibClamAV debug: 3986219.cbc loaded
LibClamAV debug: 3986220.cbc loaded
LibClamAV debug: 3986221.cbc loaded
LibClamAV debug: 3986222.cbc loaded
LibClamAV debug: 3986223.cbc loaded
LibClamAV debug: 3986224.cbc loaded
LibClamAV debug: 3986229.cbc loaded
LibClamAV debug: 3986230.cbc loaded
LibClamAV debug: 3986231.cbc loaded
LibClamAV debug: 3986232.cbc loaded
LibClamAV debug: 3986233.cbc loaded
LibClamAV debug: 3986234.cbc loaded
LibClamAV debug: 3986235.cbc loaded
LibClamAV debug: 3986236.cbc loaded
LibClamAV debug: 3986242.cbc loaded
LibClamAV debug: 3986244.cbc loaded
LibClamAV debug: 3986249.cbc loaded
LibClamAV debug: 3986259.cbc loaded
LibClamAV debug: 3986282.cbc loaded
LibClamAV debug: 3986283.cbc loaded
LibClamAV debug: 3986289.cbc loaded
LibClamAV debug: 3986292.cbc loaded
LibClamAV debug: 3986301.cbc loaded
LibClamAV debug: 3986303.cbc loaded
LibClamAV debug: 3986305.cbc loaded
LibClamAV debug: 3986306.cbc loaded
LibClamAV debug: 3986310.cbc loaded
LibClamAV debug: 3986318.cbc loaded
LibClamAV debug: 3986321.cbc loaded
LibClamAV debug: 3986322.cbc loaded
LibClamAV debug: 3986326.cbc loaded
LibClamAV debug: 3986327.cbc loaded
LibClamAV debug: 3986328.cbc loaded
LibClamAV debug: 3986334.cbc loaded
LibClamAV debug: 3986337.cbc loaded
LibClamAV debug: 4306126.cbc loaded
LibClamAV debug: 4306157.cbc loaded
LibClamAV debug: 4307467.cbc loaded
LibClamAV debug: 4310114.cbc loaded
LibClamAV debug: 4416867.cbc loaded
LibClamAV debug: 4510302.cbc loaded
LibClamAV debug: 4526683.cbc loaded
LibClamAV debug: 4553522.cbc loaded
LibClamAV debug: /var/lib/clamav/bytecode.cvd loaded
LibClamAV debug: /var/lib/clamav/rfxn.hdb loaded
LibClamAV debug: /var/lib/clamav/malwarepatrol.db loaded
LibClamAV debug: /var/lib/clamav/securiteinfopdf.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.AnglerEKredirector
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash2
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash4
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash5
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash_uncompressed
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_html
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_html2
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_js
LibClamAV debug: cli_loadyara: loaded 10 of 10 yara signatures from /var/lib/clamav/EK_Angler.yar
LibClamAV debug: /var/lib/clamav/EK_Angler.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/junk.ndb loaded

što se configa tiče ja sam editovao /etc/clamav-unofficial-sigs/user.conf i tu skinuo # sa #user_configuration_complete="yes", dakle treba da ti bude :
user_configuration_complete="yes"

i /etc/clamav-unofficial-sigs/master.conf , tu sam ubacio onaj kod za malwarepatrol :
malwarepatrol_receipt_code = ""
znači kod ubaci izmedju navodnika i ostavi navodnike.
isto i ispod za securiteinfo_authorisation_signature="" za taj drugi sajt.
Možda je to bilo pod komentarom (#) ne mogu da se setim , ako je bilo skini komentar (#)
Možda je to sve moglo i u user.conf (ima i tamo za ta dva sajta), nisam siguran, svejedno.
 
Poslednja izmena:
Zaboravih da kažem da sam nakon editovanja configa pokrenuo clamav-unofficial-sigs.sh (kao root) , to je odradilo šta treba i skinuli su se dodatni signatures.
 
sammy je napisao(la):
Zaboravih da kažem da sam nakon editovanja configa pokrenuo clamav-unofficial-sigs.sh (kao root) , to je odradilo šta treba i skinuli su se dodatni signatures.
Kliknite za proširenje...
Meni se cini kao da je on nesto ugradio i bez svih eskivaza jer kad sam ponovo skenirao kaze unlocker je virus. Znas za unlocker progra za win za otkljucavanje i brisanje fajlova.
Kopka me i to sto nece vecu verzija GUI okruzenja, primi instalaciju 5.20-1 ali kad startujem stalno se buni na ovo.
Kod: 
clamtk
Wide character in subroutine entry at /usr/share/perl5/ClamTk/GUI.pm line 282.
Икона „gtk-new“ није присутна у теми at /usr/share/perl5/ClamTk/GUI.pm line 282
To je linija u kojoj se spominje GTK2 a kazu da su presli na GTK3, cudno


Au sad sam otisao na prvi link oni nas vode kao Yugoslavia :(
 
Poslednja izmena od urednika:
sammy je napisao(la):
Zaboravih da kažem da sam nakon editovanja configa pokrenuo clamav-unofficial-sigs.sh (kao root) , to je odradilo šta treba i skinuli su se dodatni signatures.
Kliknite za proširenje...

Tek sad ne znam sta da radim, imma slican dir koji ti spominjes ali on je prazan nema nista. Sta treba da radim ne kapiram, prijavio sam se na ta dva mesta ali nemam sta da editujem. Pise treba startovati onu skriptu, skrita je na tom linku, treba je skiuti pa premestiti, dati dozvole i na kraju startovati, ne znam sta ce od tog da ispadne Isto ovi prvi su reki da skinem neku skriptu, vise ni sam ne znam sta treba.
 
Tu bas ispalo teska enigma, na diru /etc/clamav-unofficial-sigs.conf.d ima file README a u njemu
# Please see the README.Debian file for more info:
# /usr/share/doc/clamav-unofficial-sigs/README.Debian
E ovaj README.Debian je zapakovan pa kad se otpakuje tu su uputsva da se brlja po sistemu tako da mi se bas onako ne dopada, brisi ovo, brisi ovo... kreiraj, kilo naredbo, ne dopada mi se nimalo.
Mnogo su zakomplikovali....
 
Ah pa krastavac onda nemam pojma zašto je to tako u ubuntu , možda je do verzije, meni je clamav 0.99.2 a clamav-unofficial-sigs 5.4.1

Ne znam šta da ti kažem, pogledaj ovaj video, svež je a bavi se antivirusima za linuks, probaj taj Sophos iz videa, ja bih ga probao ali mislim da radi samo na ubuntu distroima, nisam siguran doduše.
https://www.youtube.com/watch?v=VklcERoCDe4&t=551s
 
sammy je napisao(la):
Ah pa krastavac onda nemam pojma zašto je to tako u ubuntu , možda je do verzije, meni je clamav 0.99.2 a clamav-unofficial-sigs 5.4.1

Ne znam šta da ti kažem, pogledaj ovaj video, svež je a bavi se antivirusima za linuks, probaj taj Sophos iz videa, ja bih ga probao ali mislim da radi samo na ubuntu distroima, nisam siguran doduše.
https://www.youtube.com/watch?v=VklcERoCDe4&t=551s
Kliknite za proširenje...

Hvala ti na trudu, ja sam cisto onako probao taj ClavAV, probao sam jednom NOD pa me je tako zaludjivao ubijajuci neke programe npr. Operu.
Vidis Unlocker kojeg je pronasao nije sigurno virus, godinama su ga ljudi koristili od XP pa sve do sada. E sad se nadje neko da kaze da je virus il
kako god su krstili u Clamav i na Virustotal. E sad zasto se ne slaze procedura ne znam, Ubuntu ima taj dodatak u synapticu, ne svidja mi se kopiranje skripte
sa git-a za koji nemam saznanje da je siguran na systemski deo. Ovo jos sta su napisali za Unbuntu u tom readme.debian fajlu to je uzas.
Clamav je i kod mene 0.99.2 a clamav-unofficial-sigs 3.7.32-2...Sad bas vise ne mogu da petljam po dirovima cepa me srcka pa moram malo da mirujem i odmorim.
Sta je sve virus to je sad dikutabilno, nesto sto je u windowsu jeres u linuxu je normalno, promena mac adrese u windowsu je jeres u linux normalno.
Remote aces pa to su bili prvi trojanci, prvi napisao nas covek, sad kad ga isporuce za nadgledanje to se vise ne zove virus nego remote pristup...
 
Morate se prijaviti ili registrovati da odgovorite ovde.
Nazad
Vrh Dno