Re: possible hacker attempt/virus

PUA stands for "Possibly Unwanted Application" . PUA alerts are often just false positives.

To me that looks like a packed javascript file used in www.kdenews.org.

http://www.clamav.net/support/faq/pua/

Re: possible hacker attempt/virus

PUA = Possibly Unwanted Application.
The file you are being warned for is a JavaScript file, and there's not a lot of harm they can do. It's definitely not a virus or a hacking attempt.
The worst thing I've seen a JavaScript do is one redirecting you from a legitimate site to a website which compromises your security, but the compromises I've seen were ones that would only affect Windows.

Right, this actual sript, as the file name says, is from the KDE website dot.kde.org. and is located here: http://www.kdenews.org/sites/dot.kde...4ef23891290.js (you get this by changing underscores in the file name to slashes). You can open it, it won't do anything since JavaScript files are just text files. It looks like a legitimate Drupal JS file to me. I had a quick look at what it does and I can't see anything malicious about it.

If you are still concerned about this script you can email webmaster@kde.org and let them know of the warning, and the webmaster will be able to confirm that this is a legitimate file that hasn't been compromised.

But, doing a search on Google for "PUA.Script.Packed-1" shows that this tool is widely known for false positives, which in my view makes it useless, unless you score 10 on the paranoia scale and willing to check every hardly-remotely-possible threat.

Hope this helps.

Re: possible hacker attempt/virus

If you use Firefox as a browser, you can install the NoScript add-on to manage Java scripts.

Re: possible hacker attempt/virus

ok thanks for the info and the noscript addon. Is all useful. This site is fast becoming my favorite site for questions regarding linux. I get fast useful info and learn a lot even though I have been using linux for the past few years.

Re: possible hacker attempt/virus

If you use Opera, you can bring the allow javascript button to the display options panel or switch this option in the settings.

Re: possible hacker attempt/virus

You can thank these members. They make this site what it is -- one of the best Linux/KDE forums on the planet.

Re: possible hacker attempt/virus

thanks for all the info.

For those who have read my last post I edited it as they are no longer an issue for me.

The 3 post where:

1 issue with standard login failure
1 issue with log checker that runs every hour
and the last one seems to be an error during boot when loading my firewall.

pam_ck_connector(kdm:session): nox11 mode, ignoring PAM_TTY :0

Can anyone confirm this. I get this log during boot and I also get and error that my firewall need root permission to start. Are these 1 and the same issue's?

Re: possible hacker attempt/virus

Ok I see just 10.000 more posts to become a Kubuntu god!

;-)

Re: possible hacker attempt/virus

No need to use ASCII emots... we have these icon thingies at the top of the edit box!

Re: possible hacker attempt/virus

Ah yes you are so right greygeek-sun

kohai is still learning

> 8) :P :-X

although the ascii-mo's (say as eskimo's ;-)) are always fun

Re: possible hacker attempt/virus

I don't know which firewall you use, but what you wrote sounds familiar to me. I use Guarddog and it sometimes needs to start this shell command with root permission at the start of the session :
Or it blocks all traffic. I had to learn how to autostart it for all users with root permissions. Maybe you need other shell command, but your problem could be the same.

Re: possible hacker attempt/virus

@Lancelot: PAM stands for Personal Authentication Module. It is the program that verifies passwords. Therefore, it is called every time a password needs to be verified. Therefore, I conjecture that the firewall problem and the PAM problem are related. However, that doesn't mean that I have the slightest clue as to the cause or solution of the problem. My first debugging effort would be to (temporarily) disable the firewall, and see whether that stops either the PAM message or the login failure, or both. I suspect that the log checker problem is unrelated.

Re: possible hacker attempt/virus

That's because you can figure them out. I need to see pictures!

Re: possible hacker attempt/virus

OT: Pics are fine, but the traditional, and very useful, sarcasm one is missing! In western style it often looks like this: In the BBS days it was described as tongue-in-cheek but times have changed. Despite the mouse-over tags, I can't say I understand the pics, but I try to make the best of what's available. /OT