Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Apr 2014, 21:15
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Recent Flash Impostor (virus) can't be blocked?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [4 Posts]  
Author Message
VIRIDIAN

Joined: 21 Jan 2010
Posts: 15

PostPosted: Fri 23 Apr 2010, 10:14    Post subject:  Recent Flash Impostor (virus) can't be blocked?  

On eee pc, virus comes in encrypted as a flash update
and installs hidden .adobe and .macromedia folders
which reappear immediately after deleting when firefox
or mozilla or seamonkey is running.

Would never have noticed if it didn't slow down puppeee.
It temporarily was blocked only by disabling SSL but soon
found another way. It creates SOL files just like regular
flash but seems to be communicating constantly with
something. (Apparent zombie and spyware.)

There is one libflashplayer.so file that can't be removed,
although I've been told flash can't be installed or updated without it.
It is in the same place as init.rd and also appears in /usr,
the duplicate needs deleting twice but also comes back
soon after.

Yesterday a neighbor had one WinPC crash and another captured
2 bad flash updates with McAffee.
(Before then, nobody believed, and just laughed at the problem.)

So I wonder how to delete the libflashplayer.so
The Pupeee eee pc is unusable because the virus is updating
very frequently (once per minute) and can't be kept out.

Boot device is a rare write-protectable USB drive which I pull out
immediately after boot, leaving only the VM in RAM (and wondering
about a BIOS infection). The virus appears to be aware of other
wireless devices nearby such as cellphones but it may just be
interference since they are on the same bands.

Starting with removing undeleteable libflashplayer.so, any ideas
how to prevent and block and stop this?
Automatic hidden installs are totally unexpected (and unbelievable) in linux.

vamachine nsynth
Back to top
View user's profile Send private message 
aarf

Joined: 30 Aug 2007
Posts: 3620
Location: around the bend

PostPosted: Fri 23 Apr 2010, 10:39    Post subject:  

new operas supposedly dispense with flashplayer. give'm a try.
_________________

ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_

<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
Back to top
View user's profile Send private message Visit poster's website 
upnorth


Joined: 11 Jan 2010
Posts: 262
Location: Wisconsin UTC-6 (-5 DST)

PostPosted: Fri 23 Apr 2010, 13:14    Post subject: libflashplayer.so
Subject description: libflashplayer.so
 

Yeah, the newest opera snapshots are great. One can unzip the file anywhere on hard drive, click the "opera" wrapper script in the created directory to run it. It can be shared among different puppy installations when it's run "outside the envelope" like this - no need for installation.
The newest firefox 3.6.4 beta is the same way when the .bz2 file is downloaded. It however uses any existing profile.
-------------------------------------------------------------------------------------

The libflashplayer.so in /initrd/pup_ro2/usr/lib/mozilla/plugins is legitimate. /initrd/pup_ro2 is the pristine read-only layer as I understand it.

To install the newest libflashplayer.so see:
http://www.adobe.com/products/flashplayer/productinfo/instructions/#section-3

You can also right-click on a flash element and select "about adobe flashplayer" to get to adobe's web interface.
On the newer firefox's you can use the plugin check:
http://www.mozilla.com/plugincheck/


Some good info on flashplayers as spyware. See:

http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again


Here is an extension that works in firefox and seamonkey2. It can delete the "local shared objects" automatically every minute and upon start and exit of browser.
http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm

The quick way to aleviate the flash cookie accumulation is to delete the .macromedia folder, then assuming current working directory is /root in terminal type:
Code:
ln -s /dev/null .macromedia

Very few sites won't function fully when this method is employed. To reset to normal, just delete the symlink named .macromedia.

You can always use netstat -tu and netstat -tn to see your tcp/ip connections. Make sure your firewall is activated by viewing the output of iptables -v -L. It should generate a long list.
Back to top
View user's profile Send private message Visit poster's website 
cthisbear

Joined: 29 Jan 2006
Posts: 3269
Location: Sydney Australia

PostPosted: Fri 23 Apr 2010, 23:13    Post subject:  

McAfee >> A virus in itself.

Took out everyone bigtime.
Even Intel

Coles stores in Oz were stuffed.

http://www.murga-linux.com/puppy/viewtopic.php?t=54704

Chris.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [4 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0515s ][ Queries: 12 (0.0082s) ][ GZIP on ]