I was answering to slavvo67's original post but now I see you had an issue too... seems to me like the infections you've found on windows and the "citadel" malware aren't connected.
You said you haven't used Windows at the time your ISP sent you a warning email so it might be that infection came from within puppy.
I'm not really clear about details, but see, windows executables don't work within linux except through wine and vice versa, so at the time the malware was "reporting back" it was running on the OS you were running at the time.
You think it was an infected .doc file opened in libreoffice if I understand... but if you didn't find any infection results I'd just delete the file you received and maybe reinstall java/open office (if they're sfs files they're read-only but maybe just unmount them and check if there are any files in rw mount left and delete them)
Or do a clean install if it's not a hassle to re-setup everything.
Puppy's sfs files are read-only but savefile and mounted drives are not.
Like I said I don't know the details but you need to think what works on what platform... windows binary file is useless on linux... linux binary doesn't execute on windows. Java is cross-platform though and if there's a malware targeting it it will work on both, but only on the system that was up at the time...
I'd say the infected files you've found scanning windows were there but not related to puppy...
Hidden Puppy or Pet Viruses?
-
perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Hi Sylvander,
It seems the program malwarebytes (free version) can find and remove the citadel viruses. Also it seems you can manually remove the virus.
The malwarebytes has both a free version and paid version. It is a great tool. If you install malwarebytes then make sure you have it check for updates.
I used to use malwarebytes when I ran windows.
http://www.bleepingcomputer.com/downloa ... i-malware/
-------------------------------------------------
Some maybe useful info follows
http://www.bleepingcomputer.com/virus-r ... ransomware
http://www.bleepingcomputer.com/forums/ ... ansomware/
http://botcrawl.com/how-to-remove-citad ... ansomware/
-------------------------------------------------
What is this citadel thing and how it operates
https://blog.malwarebytes.org/intellige ... te-weapon/
.
It seems the program malwarebytes (free version) can find and remove the citadel viruses. Also it seems you can manually remove the virus.
The malwarebytes has both a free version and paid version. It is a great tool. If you install malwarebytes then make sure you have it check for updates.
I used to use malwarebytes when I ran windows.
http://www.bleepingcomputer.com/downloa ... i-malware/
-------------------------------------------------
Some maybe useful info follows
http://www.bleepingcomputer.com/virus-r ... ransomware
http://www.bleepingcomputer.com/forums/ ... ansomware/
http://botcrawl.com/how-to-remove-citad ... ansomware/
-------------------------------------------------
What is this citadel thing and how it operates
https://blog.malwarebytes.org/intellige ... te-weapon/
.
OK...
1. I ran XP, downloaded/installed/ran Malwarebytes...
It found 6 seemingly insignificant items, and I told it to move those to "Quarantine" those.
Nothing I can suspect to be the Citadel virus.
2. Posted a thread on this topic at "BleepingComputer.com".
3. According to WOT, botcrawl.com linked above has bad reputation amongst users, so I didn't go in there.
4. I'm thinking I don't have this virus.
When I phone Virgin, they tell me this can infect ANY OS.
1. I ran XP, downloaded/installed/ran Malwarebytes...
It found 6 seemingly insignificant items, and I told it to move those to "Quarantine" those.
Nothing I can suspect to be the Citadel virus.
2. Posted a thread on this topic at "BleepingComputer.com".
3. According to WOT, botcrawl.com linked above has bad reputation amongst users, so I didn't go in there.
4. I'm thinking I don't have this virus.
When I phone Virgin, they tell me this can infect ANY OS.
I'm surprised nobody has pointed out the obvious: the capabilities of antivirus products change all the time, thanks to updates in the programs and the virus signature databases they use.
The fact that Avast can identify the infection now, doesn't mean it was capable of identifying the infection back when it first got onto the OP's system.
The fact that Avast can identify the infection now, doesn't mean it was capable of identifying the infection back when it first got onto the OP's system.
-
perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Peace of mind for not only you, I ran virus scans on everything I connect to the internet with, even a winXP box I keep for those programs that have no Linux equivalent. The Malwarebytes is still how I remember it, straightforward and easy to use. My XP install had 3 minor items related to MS Security Center being disabled (by me). I used Clam on my Linux installs, all it found were some false positives in Wine programs.Sylvander wrote:OK...
1. I ran XP, downloaded/installed/ran Malwarebytes...
It found 6 seemingly insignificant items, and I told it to move those to "Quarantine" those.
Nothing I can suspect to be the Citadel virus.
If you get good information please share it.Sylvander wrote:2. Posted a thread on this topic at "BleepingComputer.com".
Unintentional if it is a bad web site. Looked like useful information but there are wolfs in sheeps clothing.Sylvander wrote:3. According to WOT, botcrawl.com linked above has bad reputation amongst users, so I didn't go in there.
Good your system is clean. I have tried to find additional info relating to Linux/Citadel but have not seen much, maybe someone will add more for us to consider.Sylvander wrote:4. I'm thinking I don't have this virus.
When I phone Virgin, they tell me this can infect ANY OS.
For the record, my PC had the following:
Obfuscator.J
CVE-2013-1493
Medfos.B
Krado.A
Small.gen!AP
Blacole.oz
Imagine if it was a computer that I use as my toy instead of real work. Anyway, it appears the most of it is related to Java through Chrome. I will say I found posts identifying security holes in JRE 7, JRE 6 and JRE 5. Note to Puppy community, use the most recent JRE from Shinobar (JRE
.
Anyway, I feel Chrome is still much more secure than IE or Firefox and the bad things were hopefully all identified and removed. Probably not from Puppy as my paranoia suggested, though I'm a bit more cautious now, across all platforms.
Best,
Slavvo67
Obfuscator.J
CVE-2013-1493
Medfos.B
Krado.A
Small.gen!AP
Blacole.oz
Imagine if it was a computer that I use as my toy instead of real work. Anyway, it appears the most of it is related to Java through Chrome. I will say I found posts identifying security holes in JRE 7, JRE 6 and JRE 5. Note to Puppy community, use the most recent JRE from Shinobar (JRE
.Anyway, I feel Chrome is still much more secure than IE or Firefox and the bad things were hopefully all identified and removed. Probably not from Puppy as my paranoia suggested, though I'm a bit more cautious now, across all platforms.
Best,
Slavvo67
-
bark_bark_bark
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
-
bark_bark_bark
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
Chrome runs on java, Firefox does not. That is all I have to say.slavvo67 wrote:The reason I stated Chrome is more secure than Firefox is the fact that Firefox received redirect viruses on two of my computers. Perhaps Firefox is not the issue but I feel it's more vulnerable but cannot prove this.
....
Here's the end of my thread at bleepingcomputer.com
SUCCESS!
...Of sorts; the Citadel Trojan wasn't found.
1. There were all kinds of scans advised/completed.
Most important find:
1 virus, 1 worm, 1 trojan
On my old 80GB external HDD [NTFS partition] holding installation files and ISO's for Puppy disks, etc.
I guess these are Windows infections, but I no longer power-on that disk during the almost non-existent times I run Windows.
So they are unlikely to have caused any problem.
2. I still need to complete THOROUGH checks of the Puppy/Linux partitions.
The 2nd external HDD has a Linux partition and an NTFS partition.
Neither of those could be checked from Windows XP; since the HDD couldn't be seen [because the 1st partition is a Linux partition?]
SUCCESS!
...Of sorts; the Citadel Trojan wasn't found.1. There were all kinds of scans advised/completed.
Most important find:
1 virus, 1 worm, 1 trojan
On my old 80GB external HDD [NTFS partition] holding installation files and ISO's for Puppy disks, etc.
I guess these are Windows infections, but I no longer power-on that disk during the almost non-existent times I run Windows.
So they are unlikely to have caused any problem.
2. I still need to complete THOROUGH checks of the Puppy/Linux partitions.
The 2nd external HDD has a Linux partition and an NTFS partition.
Neither of those could be checked from Windows XP; since the HDD couldn't be seen [because the 1st partition is a Linux partition?]
Hi, slavvo67.
This subject of Linux and Puppy security has many threads in this area of
the forum, some dating back before 2009. It may be worth your while to
read a few.
The absolutely safest way to run Puppy is from DVD with saves on same
DVD at the end of your session. Flash (forum moderator) is the guru on
this type of use.
Second safest way: Puppy on hard drive with pupsave and pupsave back-
up every second day.
As was said above, Puppy is so safe because its essential system runs in
ram. Should anything corrupt what's in ram during the session, when you
shut your computer down, it's gone. You boot up the Puppy next session,
and it's as good as new, because its essentials are once more copied to ram.
It's always theoretically possible -- in a lab -- to produce a virus for Linux
or even BSD /Apple systems. That said, I've been around this forum for
over 5 years now, and no Puppy user has ever been downed by a Puppy
or Linux "virus".
One of the reasons is also that any Linux executable runs only with your
permission. No permission, no run. Which is not the case on WhineDose
systems.
I understand that you're conditioned to think paranoid, as a former
WhineDose user. If you can't snap out of that frame of mind... join
Windows Anonymous ??
Just kidding!
BFN.
musher0
This subject of Linux and Puppy security has many threads in this area of
the forum, some dating back before 2009. It may be worth your while to
read a few.
The absolutely safest way to run Puppy is from DVD with saves on same
DVD at the end of your session. Flash (forum moderator) is the guru on
this type of use.
Second safest way: Puppy on hard drive with pupsave and pupsave back-
up every second day.
As was said above, Puppy is so safe because its essential system runs in
ram. Should anything corrupt what's in ram during the session, when you
shut your computer down, it's gone. You boot up the Puppy next session,
and it's as good as new, because its essentials are once more copied to ram.
It's always theoretically possible -- in a lab -- to produce a virus for Linux
or even BSD /Apple systems. That said, I've been around this forum for
over 5 years now, and no Puppy user has ever been downed by a Puppy
or Linux "virus".
One of the reasons is also that any Linux executable runs only with your
permission. No permission, no run. Which is not the case on WhineDose
systems.
I understand that you're conditioned to think paranoid, as a former
WhineDose user. If you can't snap out of that frame of mind... join
Windows Anonymous ??
Just kidding!BFN.
musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
Hi Musher:
I'm not sure why such a long post when I realized the issue as a Java one (as previously posted) and not one necessarily brought on by Puppy... Does the Puppy Community insist on an apology for that? The timing is still suspect, so you're not getting one. However, since we're flogging a dead horse, what's to stop someone from putting a startup (or shutdown) script into their iso that writes malicious code into a Windows Operating System or auto-deletes files or whatever? Those running a live CD or DVD are most likely running it on a Windows box which can create a perfect storm, no?
As for Puppy or any other Linux being free of security issues, you only need check the boards for Heartbleed and the Bash Shellshock. The fact that they're not only Puppy issues is irrelevant. I do applaud the community for the quick responses (once they knew the issues existed, in a reactive state).
Speaking of, I wonder how many of the .iso's currently available on this board are unpatched for the above two mentioned security holes that will be used by unknowing noobies. 50%? 60%? Of course, I'm speaking of the older Puppy distros available and not the newer ones patched by Micko and others.
I'm not here to argue the point nor am I hear to get answers from those that thought Truecrypt was so secure all these years. He he he
The fact is, it's naive to think that Puppy is the indestructible, all-mighty platform or that it can't be used for malicious purposes. This isn't 5 or 10 years ago... it's now!
Sorry Puppy fans, I didn't mean to Mace Rover.
I'm not sure why such a long post when I realized the issue as a Java one (as previously posted) and not one necessarily brought on by Puppy... Does the Puppy Community insist on an apology for that? The timing is still suspect, so you're not getting one. However, since we're flogging a dead horse, what's to stop someone from putting a startup (or shutdown) script into their iso that writes malicious code into a Windows Operating System or auto-deletes files or whatever? Those running a live CD or DVD are most likely running it on a Windows box which can create a perfect storm, no?
As for Puppy or any other Linux being free of security issues, you only need check the boards for Heartbleed and the Bash Shellshock. The fact that they're not only Puppy issues is irrelevant. I do applaud the community for the quick responses (once they knew the issues existed, in a reactive state).
Speaking of, I wonder how many of the .iso's currently available on this board are unpatched for the above two mentioned security holes that will be used by unknowing noobies. 50%? 60%? Of course, I'm speaking of the older Puppy distros available and not the newer ones patched by Micko and others.
I'm not here to argue the point nor am I hear to get answers from those that thought Truecrypt was so secure all these years. He he he
The fact is, it's naive to think that Puppy is the indestructible, all-mighty platform or that it can't be used for malicious purposes. This isn't 5 or 10 years ago... it's now!
Sorry Puppy fans, I didn't mean to Mace Rover.
Shellshock...curious really...a vulnerability that's apparently been present for 10, 20 more years???..so why are there no reports of infections over that huge time period?
Last 10 years.... windows still shipping their highly insecure internet explorer/mshtml/outlook express etc.... linux still using the same security model that was designed for servers. Security 'investigators' made several million/billion.
mike
Last 10 years.... windows still shipping their highly insecure internet explorer/mshtml/outlook express etc.... linux still using the same security model that was designed for servers. Security 'investigators' made several million/billion.
mike
Hi, slavvo6.
I wasn't asking for an apology, and you don't need to give me one (or us
[i.e. the Puppy Community]). Myself and a lot of Puppyists on this forum
were once where you're at.
mikeb's reasoning in the previous post is applicable to all Puppy iso's: if
Puppy had created security problems for Windows, or hard drives, or
whatever, people would have spotted them. And Puppy certainly wouldn't
be in the top 15 Linux distros.
I guess what your argument boils down to is that evil-minded people
will use any means to spread their evil. So what else is new...
I would like to point out the the ssl and shellshock problems were due to
programmer (i.e. human) oversight, and not malicious intent. Hey, man,
to err is human. What else is new...
Besides malware and human errors, there is also a possibility of one's
hardware getting old and malfunctioning. Again, what else is new...
The solution is always: back-up, back-up, back-up.
In conclusion, to paraphrase the famous sentence on running as root by
gposil, the original author of dpup 4.82:
if you don't trust the Puppy distro, don't use it.
What else can I say? "If you still want to use it, reign in your paranoia?"
(Saying this, no insult is intended: it's just logic.)
Best regards.
musher0
I wasn't asking for an apology, and you don't need to give me one (or us
[i.e. the Puppy Community]). Myself and a lot of Puppyists on this forum
were once where you're at.
mikeb's reasoning in the previous post is applicable to all Puppy iso's: if
Puppy had created security problems for Windows, or hard drives, or
whatever, people would have spotted them. And Puppy certainly wouldn't
be in the top 15 Linux distros.
I guess what your argument boils down to is that evil-minded people
will use any means to spread their evil. So what else is new...
I would like to point out the the ssl and shellshock problems were due to
programmer (i.e. human) oversight, and not malicious intent. Hey, man,
to err is human. What else is new...
Besides malware and human errors, there is also a possibility of one's
hardware getting old and malfunctioning. Again, what else is new...
The solution is always: back-up, back-up, back-up.
In conclusion, to paraphrase the famous sentence on running as root by
gposil, the original author of dpup 4.82:
if you don't trust the Puppy distro, don't use it.
What else can I say? "If you still want to use it, reign in your paranoia?"
(Saying this, no insult is intended: it's just logic.)
Best regards.
musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
http://www.murga-linux.com/puppy/viewtopic.php?t=49025musher0 wrote:In conclusion, to paraphrase the famous sentence on running as root by
gposil, the original author of dpup 4.82:
if you don't trust the Puppy distro, don't use it.
puppy.b0x.me stuff mirrored [url=https://drive.google.com/open?id=0B_Mb589v0iCXNnhSZWRwd3R2UWs]HERE[/url] or [url=http://archive.org/details/Puppy_Linux_puppy.b0x.me_mirror]HERE[/url]
Yep, right on, Dejan! 
This one's pretty good too!
http://www.murga-linux.com/puppy/viewto ... ost#362828
This one's pretty good too!
http://www.murga-linux.com/puppy/viewto ... ost#362828
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
Hi, 8-bit.8-bit wrote:When using Puppy, could one add "Do not install Wine"?
I have wondered if Wine could be used to install Windows malware that would infect any windows partition that was mounted.
And this is thinking along the lines of Wine being a utility made to run Windows applications in linux.
I don't see why. Under the hood, Wine is a Linux application.
BFN.
musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
Wine reproduces windows functions ... a bit like compiling on a different platform....and aims to be funtionally identical whether thats good or bad....so don;t add IE to it.
I used to corrupt my (windows) mbr running certain games on wine....the grub4dos mbr seems immune though.
Wine themselves recommened never running it as root.
Mike
I used to corrupt my (windows) mbr running certain games on wine....the grub4dos mbr seems immune though.
Wine themselves recommened never running it as root.
Mike