I ran a virus scan in the wee hours of the morning and found 9 threats. When I woke up and sat down, I had Comodo quarantine them and rebooted. Done and done, right? Wrong. After I rebooted, the taskbar disappears and only reappears when I've got an application maximized. I had thought that part of the problem might be the "show desktop" icon on the taskbar, so I deleted it. No dice. Plus, when I can see it, it's covering up the top row of desktop icons (see screenshot). Clicking on "always visible" under taskbar settings does nothing. What am I missing? Thanks.
-
-
What were these 9 threats? I'm fascinated!
The taskbar issue sounds like things I've seen that sorted themselves out after an unknown number of attempts to fix (or passing of time). Have you rebooted?
Try setting it to "windows can go under", and then back again.
If all else fails, you might have to delete the panel and make a new one.I'd rather be locked out than locked in. -
Install rkhunter and chkrootkit from the repository and run them on your machine. (Ignore the Suckit false positive). Do they see the 9 infections?"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Yes, do please provide more details. If you really do have some infections, that would be of great interest (my background is infosec).Originally posted by markslaw View Post
Installing these on an infected system is likely to be less than useful -- rootkits can hide from detectors. These tools work best when installed on a known clean machine since they look for deviations from the baseline, and the baseline can only be measured in a known clean state.Originally posted by GreyGeek View PostComment
-
Can you run these tools from a live USB and bypass the "hiding"? Or is that not going to help?Originally posted by SteveRiley View PostI'd rather be locked out than locked in.Comment
-
You can, but then they're running only in signature scanning mode, which means they will discover only what they already can detect. They won't be able to flag unknown but suspicious behavior.Originally posted by SecretCode View PostComment
-
Can an any AV detect what they don't have a signature for? I.E., if the malware' sig is not in the vaccine file.Originally posted by SteveRiley View Post
http://www.rackspace.com/knowledge_c...-with-rkhunter
I use both, running as a crib job, to verify a possible infection. I've never found an infection. Since I started using Linux in 1998 I've never been infected or hacked, although several have tried. If I even suspected an infection I would wipe the drive and re-install.Neither rkhunter nor chkrootkit are necessarily better than the other and can easily be run at the same time, giving added defence measures and peace of mind.
As with chkrootkit, rkhunter is not an active defence method. It does not prevent exploits being placed on your Server but it will inform you if there is a suspected exploit. Again, as with chkrootkit, if you have been exploited then the only real option is to reinstall with a fresh image.Last edited by GreyGeek; May 21, 2015, 03:09 PM."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
These tools aren't don't protect against viruses.Originally posted by GreyGeek View Post
rkhunter:
chrootkit:scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Essentially, these tools look for deviations from known good defaults, with a little bit of preprogrammed awareness of certain malicious patterns.a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.Comment
-
Surely Comodo has a log where the affected files are listed?
Did or do you have proprietary drivers like nVidia installed?
For me the symptoms look like the removal of some configuration file(s).
It would be good if someone takes the trouble to install and run it on the same software and see what's up.Comment
-
I agree. It has to be configuration. I've uninstalled flast, uninstalled firefox, disabled flash in chromium in the tools menu and it still sits there churning away. I'm almost ready to throw the thig against the wall! What are some possibilities besides flash being the culprit? What could I tweak that I haven't thought of yet?
Originally posted by Teunis View PostComment
-
-
Modern AV software like Comodo usually includes "heuristic" routines that look for other clues beside just signature strings.Originally posted by GreyGeek View Post
I'd be curious to see the list of "threats" as well, markslaw.Comodo AntiVirus employs various heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then the application deletes the file or recommends it for quarantine. Heuristics is about detecting virus-like behavior or attributes rather than looking for a precise virus signature that matches a signature on the virus blacklist.Comment
-
And the rate of occurance of false positives.Originally posted by SeijiSensei View Post"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Sure. Here's the list of threats Comodo identified:
First time, Comodo found nine, this time six. None since then. Not really sure what that means except that I'm not running Windoze, in which case, there would be about 35 per day!Last edited by markslaw; May 25, 2015, 12:24 PM.Comment
-
That's a Windows Trojan.
http://www.symantec.com/security_res...011016-3514-99
Do you have installed WINE on your Linux partition?
If not the exe file cannot be executed. Perhaps a Java applet on a website you visited saved it but couldn't execute it.
What at about the possibility that Comodo is "salting the mine"?Last edited by GreyGeek; May 25, 2015, 03:06 PM."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
Comment