Find the answer to your Linux question:
Results 1 to 3 of 3
Ok, been running Ubuntu for about two years now quite happily, and even though it's not really thought of as necessary I still scan for viruses every single day...give me ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! WebThingy's Avatar
    Join Date
    May 2006
    Location
    Bellingham, WA
    Posts
    69

    Win32/PolyCrypt Virus on my box...help?


    Ok, been running Ubuntu for about two years now quite happily, and even though it's not really thought of as necessary I still scan for viruses every single day...give me a break, Windows conditioned me to do it for years

    So anyway, I've never had a virus of any kind for any system on a Linux box before, so my question is:

    How do I remove a Windows virus from a Linux (Ubuntu) machine?

    I did a scan with AVG (for some reason Clam has never been able to run on my computer) and to my surprise it showed me that I have Win32/PolyCrypt in multiple locations on my computer.

    I know I can't just delete the files as many are needed files. Some listed I don't know what they are, but many I recognize.

    Anyone know what I should do? I don't want to pass this on to Windows users.

    Here's the infected files output...

    Code:
    etc/alternatives/x-session-manager
    usr/bin/as
    usr/bin/evolution
    usr/bin/evolution-2.10
    usr/bin/evolution-2.2
    usr/bin/gdbserver
    usr/bin/gencat
    usr/bin/gnome-session
    usr/bin/gnome-system-monitor
    usr/bin/mawk
    usr/bin/msgunfmt
    usr/bin/vmnet-dhcpd
    usr/bin/x-session-manager
    usr/lib/libgettextsrc-0.16.1.so
    usr/lib/libgettextsrc.so
    usr/lib/libneon.so.25
    usr/lib/libneon.so.25.0.5
    usr/lib/libportaudio.so.0
    usr/lib/libportaudio.so.0.0.18
    usr/lib/libuniquewm-0.9.so.25
    usr/lib/libuniquewm-0.9.so.25.0.0
    usr/lib/gnome-applets/cpufreq-applet
    usr/lib/gnome-pilot/conduits/libmal_conduit.so
    usr/lib/gnome-vfs-2.0/modules/libhttp.so
    usr/lib/gstreamer-0.10/libpitfdll.so
    usr/lib/gtk-2.0/2.10.0/engines/libsmooth.so
    usr/lib/jvm/java-6-sun-1.6.0.00/jre/lib/i386/libjdwp.s0
    usr/lib/openoffice/program/configimport.bin
    usr/lib/openoffice/program/dlgprov680li.uno.so
    usr/lib/openoffice/program/libdbpool2.so
    usr/lib/openoffice/program/libgcc3_uno.so
    usr/lib/openoffice/program/libjava_uno
    usr/lib/openoffice/program/libjava_uno.so
    usr/lib/openoffice/program/liburp_uno.so
    usr/lib/openoffice/program/libxsltfilter680li.so
    usr/lib/openoffice/program/proxyfac.uno.so
    usr/lib/openoffice/program/servicemgr.uno.so
    usr/lib/openoffice/program/uno.bin
    usr/lib/openoffice/program/vbaevents680li.uno.so
    usr/lib/sane/libsane-pixma.so.1
    usr/lib/sane/libsane-pixma.so.1.0.18
    usr/lib/vmware-player/libconf/lib/gtk-2.0/2.4.0/loaders/libpixbufloader-ico.so
    usr/lib/xorg/modules/libddc.so
    usr/sbin/pam_tally
    For a virus that's supposed to be just for Windows, it sure does know how to spread itself around a Linux operating system.

    I can't find any info on how to remove Windows viruses from a Linux machine, maybe I'm searching for the wrong thing?

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    It's a false positive. Even if it was the real thing it would not be able to do anything on your system as it was written for Windows. It wouldn't even execute. The problem is that virus detection is based on certain signatures. There really is nothing to worry about.

  3. #3
    Just Joined! WebThingy's Avatar
    Join Date
    May 2006
    Location
    Bellingham, WA
    Posts
    69
    Ok thanks, the folks over at the Ubuntu forums just said the same thing you did. I appreciate the reply

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •