General > Security & Bug Fixes

I think I Might Have Russian Trojan Fysbis on my computer

(1/2) > >>

stop0x0000000a:

--- Quote from: Jan on April 06, 2016, 07:53:24 PM ---Thanks for the instructions, rokytnji.  I just entered them and there was no return of info after I entered the "locate ksysdefd" command, so I guess that would mean I don't have a trojan per se, but is it possible I could still have a virus or some other form of malware infecting my system?   

--- End quote ---

locate ksysdefd only looks for file named 'ksysdefd', if that trojan is so smart it would not take the same name every time.

The only reliable tool is hash sums for the whole system & recheck.
The bad thing is you should understand that you are doing, I know no ready easy-to-use solution.

Jan:

--- Quote from: rokytnji on April 06, 2016, 07:21:46 AM ---
Just me testing for you on my Linux install. You can follow my steps


--- Code: [email protected]:~
$ sudo -i
[sudo] password for harry:
[email protected]:~# updatedb
[email protected]:~# locate ksysdefd
[email protected]:~#

--- End code ---

Jerry can look my steps and confirm or deny my trouble shooting steps for locating installed trojan files is on the mark or not.'
The no return of info after the locate command tells me I am trojan free.

--- End quote ---

Thanks for the instructions, rokytnji.  I just entered them and there was no return of info after I entered the "locate ksysdefd" command, so I guess that would mean I don't have a trojan per se, but is it possible I could still have a virus or some other form of malware infecting my system?   

rokytnji:

--- Quote from: Jan on April 05, 2016, 09:04:01 PM ---
--- Quote from: Jerry on April 05, 2016, 04:55:31 AM ---This article here will tell you if you have that specific Trojan - http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/ just look at Root install desc and Install as non-root file names.

--- End quote ---

Thanks for your reply, Jerry.  I read the full article but I'm not clear on what I should do next.  I'm not computer savvy and much of the article is way way above my little "Linux-Newbie" head :) .  At the end of the article I'm wondering does this mean I'm supposed to type the words "IPS signature 14917" on the command line? 

Or, in order to find out if I have Fisbis on board, are you saying that I should use the Terminal and type the commands "Root install desc" and "Install"?

 



--- End quote ---

Just me testing for you on my Linux install. You can follow my steps


--- Code: [email protected]:~
$ sudo -i
[sudo] password for harry:
[email protected]:~# updatedb
[email protected]:~# locate ksysdefd
[email protected]:~#

--- End code ---

Jerry can look my steps and confirm or deny my trouble shooting steps for locating installed trojan files is on the mark or not.'
The no return of info after the locate command tells me I am trojan free.

Jan:

--- Quote from: stop0x0000000a on April 05, 2016, 06:23:27 PM ---I live in Russia and despite being not a fun of Yandex I really doubt  they infects their users with any kind of trojans.

if they would do that they simply lost the market.
--- End quote ---

I'm sure the developers of Yandex offer it with good intentions.  But, as with many free services, there is often a catch - or a trade-off - data mining comes to mind.  Insofar as hacking, one would assume that Russian hackers would be most familiar with the vulnerabilities of Russian servers, emails and so forth, so it would make sense that if they're going to hack a system, they would hack what they know best.




I would suspect overheating, motherboard capacitors, power supply or something similar, i.e. start with memory test for instance.
It is always possible to reinstall the OS if the hardware is ok.



Thanks for the suggestions above.  I'll keep those in mind if reinstalling doesn't resolve the problems.

Jan:

--- Quote from: Jerry on April 05, 2016, 04:55:31 AM ---This article here will tell you if you have that specific Trojan - http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/ just look at Root install desc and Install as non-root file names.

--- End quote ---

Thanks for your reply, Jerry.  I read the full article but I'm not clear on what I should do next.  I'm not computer savvy and much of the article is way way above my little "Linux-Newbie" head :) .  At the end of the article I'm wondering does this mean I'm supposed to type the words "IPS signature 14917" on the command line? 

Or, in order to find out if I have Fisbis on board, are you saying that I should use the Terminal and type the commands "Root install desc" and "Install"?

 

Navigation

[0] Message Index

[#] Next page

Go to full version