Announcement

Collapse
No announcement yet.

[Kubuntu 13.04] How to remove these virus http://track.vocliq.com/, and few others

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [Kubuntu 13.04] How to remove these virus http://track.vocliq.com/, and few others

    Hello,
    I am disturbing by this kind of virus
    http: // track . vocliq . com / or http: // fr . anno-online . com / fr, and https: // account . swtor . com /, http: // shuang11huodong . com / fr / mindad / lp . php
    My Firefox browser use to load this page. I don't know how to remove it. I have ClamAV in my computer, does it exist anti spyware in Kubuntu ?
    Could someone help me please ?
    Regards

    Forget to say : Please do not click on these links Above ! You can harm your computer. I just listed these filthy links for informations, and the hope you help me to find a solution.


    Please do not click on these links Above !
    Last edited by Snowhog; Dec 18, 2013, 09:31 PM.

    #2
    Have not clicked on the link. Suspicious.
    Linux because it works. No social or political motives in my decision to use it.
    Always consider Occam's Razor
    Rich

    Comment


      #3
      Originally posted by richb View Post
      Have not clicked on the link. Suspicious.
      Obviously Please do not click on these links Above !
      Last edited by nemrod; Dec 18, 2013, 06:33 AM.

      Comment


        #4
        Thanks for the addition. May not be obvious to some.
        Linux because it works. No social or political motives in my decision to use it.
        Always consider Occam's Razor
        Rich

        Comment


          #5
          Nemrod, what kind of harm has occurred on your installation and how did you confirm it? It is just to FF or have you identified files that are obvious infections?

          I browsed to track.vocliq.com and FireFox gave me this warning:
          Safe Browsing

          Diagnostic page for vocliq.com

          What is the current listing status for vocliq.com?
          Site is listed as suspicious - visiting this website may harm your computer.
          Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
          What happened when Google visited this site?
          Of the 1 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-11-28, and suspicious content was never found on this site within the past 90 days.This site was hosted on 2 network(s) including AS14618 (AMAZON-AES), AS16509 (AMAZON-02).
          Has this site acted as an intermediary resulting in further distribution of malware?
          Over the past 90 days, vocliq.com did not appear to function as an intermediary for the infection of any sites.
          Has this site hosted malware?
          No, this site has not hosted malicious software over the past 90 days.
          How did this happen?
          In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
          Next steps:

          It also gave me the option to back out and not go there.

          Also, Linux has a different security model than Windows, and isn't as susceptible.

          The second and third sites are gaming sites that provoked no alarms. The fourth site opens an obvious redirector with promises of an iPad.
          Congratulations!
          You are the lucky visitor of the day, be eligible to win an iPad!

          Why was I chosen (e)?
          Each week, we provide (1) new brand new free iPad to one lucky visitor an app or a participating site.

          Hurry!
          Please respond by 2:00. Otherwise, we assign the iPad to another visitor.
          Last edited by GreyGeek; Dec 17, 2013, 04:04 PM.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment


            #6
            At first, thx for your quick response.

            Originally posted by GreyGeek View Post
            Nemrod, what kind of harm has occurred on your installation and how did you confirm it?
            As Iam not a specialist, the only harm that I've seen, I've felt, is an untimetly jump to these filthies pages, when Iam reading articles on Internet. I could not say more, but, It is really disturbing. Is there any way how, and where to see log pages on Kubuntu ?

            Originally posted by GreyGeek View Post
            It is just to FF or have you identified files that are obvious infections?
            Right now, I've just noticed it occured only in Firefox browser, and I suspect -iam not sure- some plugins, that I've installed on FF.
            For Informations, I've installed 4 other browsers, as Chrome, Chromium, Seamonkey, Midori, Reckong, none of them has this problem.
            My simple question : Does it exist, in Kubuntu, an antispyware ?



            Originally posted by GreyGeek View Post
            I browsed to track.vocliq.com and FireFox gave me this warning: .... The second and third sites are gaming sites that provoked no alarms. The fourth site opens an obvious redirector with promises of an iPad.
            I think, they are all the same virus, or malware, spyware, I do not know.
            What, I could say, none of my files are or would damage, it seems to be a same spyware, only on Firefox.
            Chrome seems to me more resilient.

            Regards.

            Comment


              #7
              **/track*vocliq.com/***

              Snort /w Sourcefire VRT
              Timestamp Source IP Destination IP Severity Alert
              2013-11-17 10:21:17 urlQuery Client 208.73.211.247 1 EXPLOIT-KIT Redkit exploit kit landing page
              http://urlquery.net/report.php?id=7766676

              Comment


                #8
                Originally posted by nemrod View Post
                .....I think, they are all the same virus, or malware, spyware, I do not know.
                What, I could say, none of my files are or would damage, it seems to be a same spyware, only on Firefox.
                Chrome seems to me more resilient.
                Open the "Preferences" selection on the "Edit" menu and select the "Security" tab. Make sure the first three check boxes are checked. Then you'll get warnings about infected destinations (IF FireFox knows about them.) As far as inadvertently jumping to undesirable pages, perhaps using the /etc/hosts file as a filter would help. Use the Kubuntu search option and search for a posting by Steve Riley about the host file. He has a neat script that keeps it automatically updated with all the sites you'd want to avoid, and you can add others yourself. It's a great tool to have on you system if you have children using a browser. Since they can't use sudo they can't change the hosts file.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #9
                  Sorry, I could not answer you immediatly, because, I had much work, chiefly before Xmas hollydays.

                  Originally posted by GreyGeek View Post
                  Open the "Preferences" selection on the "Edit" menu and select the "Security" tab. Make sure the first three check boxes are checked.
                  The first three were checked.
                  Originally posted by GreyGeek View Post
                  Then you'll get warnings about infected destinations (IF FireFox knows about them.)
                  Very good remarq, because, I forgot to tell you that, indeed, each time when FF jump to http://___track____vocliq___com/, I had message warning me it is Reported Attack Page! site. Indeed, I forgot to mention it.

                  Originally posted by GreyGeek View Post
                  As far as inadvertently jumping to undesirable pages, perhaps using the /etc/hosts file as a filter would help.
                  In my root, I have not this tree /etc/hosts/ none track of hosts folder. Do you mean I will have to create this new folder ?



                  Originally posted by GreyGeek View Post
                  Use the Kubuntu search option and search for a posting by Steve Riley about the host file. He has a neat script that keeps it automatically updated with all the sites you'd want to avoid, and you can add others yourself. It's a great tool to have on you system if you have children using a browser. Since they can't use sudo they can't change the hosts file.
                  Do you mean this link :
                  https://www.kubuntuforums.net/showth...ing-hosts-file
                  If this is the case, I will launch after this week-end, or after Xmas. Because, as you guess, very busy. Once I will apply this script, I will get back to you, in order to give you feedback.
                  Thx you very much GreyGeek, thx very much for helping me.

                  Regards.
                  Last edited by nemrod; Dec 19, 2013, 04:41 PM.

                  Comment


                    #10
                    Do you mean this link :
                    https://www.kubuntuforums.net/showth...ing-hosts-file
                    If this is the case, I will launch after this week-end, or after Xmas. Because, as you guess, very busy. Once I will apply this script, I will get back to you, in order to give you feedback.
                    Yes, that is the correct link.

                    Every Kubuntu installation has the /etc/hosts file. If it is the default file it will contain something like this:
                    127.0.0.1 localhost
                    127.0.0.1 jerry-v3-771g
                    of course, you system will have a different 2nd line. There is also two other files in /etc/: hosts. allow and hosts.deny. Each contains a description inside itself that briefly describes what it does. You can also search google for additional information.
                    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                    – John F. Kennedy, February 26, 1962.

                    Comment


                      #11
                      Originally posted by GreyGeek View Post
                      Yes, that is the correct link.

                      Every Kubuntu installation has the /etc/hosts file. If it is the default file it will contain something like this:

                      of course, you system will have a different 2nd line. There is also two other files in /etc/: hosts. allow and hosts.deny. Each contains a description inside itself that briefly describes what it does. You can also search google for additional information.
                      Hello GreyGeek.
                      I launched the script at the middle of the afternoon. Untill now, I did not see any track of these untimely sites like track.vocliq.....
                      I think, now, I could not ask you to close this topic. I would prefer to wait at least a week, after that you can tag this subject as solved. I will keep you updated.

                      Many thx for your help.

                      Happy new year to you all.

                      Comment


                        #12
                        Hello GreyGeek.
                        Feedback about the scripts you proposed me.
                        After few days, the untimely links are still presents. I applied the script, I restarted kubuntu. However the links undesired links are still here.

                        Regards.

                        Comment


                          #13
                          Let's say that you browse to http://www.somewebssite.com in firefox...

                          1. firefox first tries to resolve somewebssite.com with help of local resolver ( libresolve.so ), then
                          2. the first check is either file (which means "/etc/hosts") or dns (which means /etc/resolv.conf"). Which is first depends on the setting in "/etc/nsswitch.conf", in the line "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4".
                          3. so it defaults to search in the file "/etc/hosts" first,
                          4. if somewebssite.com is not matched in "/etc/hosts" then it will refer to "/etc/resolv.conf", where it's check the nameserver tag. If nameserver is not configured then resolver send dns Query to localhost on port 53,
                          5. if nameserver defines "nameserver 8.8.8.8", for example, then it will send a query to "dig google.com @8.8.8.8", getting answer from the pubic dns.


                          If you don't want Firefox to visit track.vocliq.com then add the line"
                          127.0.0.1 track.vocliq.com
                          to /etc/hosts, and Firefox will get nothing from track.vocliq.com because the localhost won't supply anything. Great way to keep the kids off of pornsite.com.
                          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                          – John F. Kennedy, February 26, 1962.

                          Comment


                            #14
                            Originally posted by GreyGeek View Post
                            If you don't want Firefox to visit track.vocliq.com then add the line"
                            127.0.0.1 track.vocliq.com
                            to /etc/hosts, and Firefox will get nothing from track.vocliq.com because the localhost won't supply anything. Great way to keep the kids off of pornsite.com.
                            An optional extra: configure Apache to listen on localhost and serve a selection of images of you looking disapproving.

                            Then every time a "forbidden" site is visited they get a scare hehe
                            samhobbs.co.uk

                            Comment


                              #15
                              Originally posted by Feathers McGraw View Post
                              An optional extra: configure Apache to listen on localhost and serve a selection of images of you looking disapproving.

                              Then every time a "forbidden" site is visited they get a scare hehe
                              lol, mine just says: "Daddy is watching!"

                              Please Read Me

                              Comment

                              Working...
                              X