Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] My Suse battles a Windows trojan and wins!
Nice to know there's a safe haven on your box, isn't it? I got the naked
lady virus on my linux box - tried to execute but fell all over itself.
That's why the only thing I use windows for is to play games, and hopefully
that will change. I have two running on Linux and plan to get more. At the
rate I'm going I'll strip winblows off - reload it to a basic,barebones
system for high perfomance gaming and that's it. No M$ anything but for
games I can't do without - email, browsing, word processing, data base - all
Linux. In a couple of years I hope that the variety of 3rd parly vendors
will be such that I'll never touch a winblow product again. And the future
is looking bright now that consoles and set-top boxes are using Linux based
systems more and more. It's only a matter of time. Now if I can just find a
HOWTO/walkthrough on how to setup a Linux firewall without getting a
screaming headache I'll be happy!!! :)

Cheers, Curtis Rey

On Thursday 24 May 2001 10:41 pm, Ron Sinclair wrote:

> > A few day ago, I wiped my Windows partition clean and reinstalled W98. I
> had hoped to reinstall alot of my programs from my CDRW disks but found
> most of them to be corrupt (!!), so I didn't have a virus protection
> program.
>
> While perusing USENET, I accidentally clicked on a message to view and Free
> Agent opened up a SubSeven trojan (MUIE version)!
>
> I didn't even know until that it was a trojan until I saw strange modem
> activity and someone banging off my firewall. The firewall wouldn't let
> the trojan server start, which is good. I immediately went to
> www.trendmicro.com and downloaded the latest PC-Cillin, but because the
> server .exe file was executed by the NG client, the damage was done. I
> couldn't delete the trojan server or change its name. The virus protection
> couldn't either. I could detect it but that was about all it could do.
>
> Since the trojan was detected, I found out the name of the troubling file.
> I went into real-mode MSDOS and tried to delete it, which didn't help.
>
> I went and downloaded a few versions of SubSeven clients and servers (from
> Linux) to see if I could use cracker tools to remove the trojan server.
> This particular trojan server couldn't be accessed since I didn't know
> which port it was using to access my system. It also could have been
> protected.
>
> I thought that I may have to wipe the partition and reinstall W98 again,
> but then I thought that maybe I could go back into Linux and delete the
> offending file. I didn't know if this would damage my system but at this
> point this tactic was my last option, IMO.
>
> I went into Linux and found the file on my Windows partition and deleted
> it. Then I went back into W98 and checked with the virus scanner to see if
> it would again detect the trojan...it didn't.
>
> I'm sure I could have fixed this a different way, but I'm no Com. Sec.
> consultant, just an everyday computer user.
>
> Linux ruled, in this situation! I'm SOOOO glad I use Linux! :o)
>
> Ron Sinclair
> http://members.tripod.com/~WIGGLIT/

----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------

< Previous Next >
References