This is a static archive of the old Zorin Forum.

The information below may be outdated. Visit the new Zorin Forum here ›

If you have registered on the old forum, you will need to create an account on the new forum.

Old Zorin Forum archiveOff Topic

PSA: WARNING - Windows Virus's On Linux - How To Deal!

star treker

Mon Feb 10, 2020 11:19:05 pm

OK guys, I felt quite weird after Katie's recent ordeal with a virus, that was actually spotted by her email service, that shut her computer down quick, and she had to take large steps to get her computer going again. Link below if you want to read about it.........
https://zoringroup.com/forum/viewtopic.php?f=5&t=15369

So I decided to run a system wide scan using ClamTK. Now if you don't know what ClamTK is, its actually the GUI interface for ClamAV, that is usually installed with all Linux OS's. Something just didn't sit right with me, so I ran the scan. If you've ever run a system wide scan before with ClamTK, you know that takes hours.

So, the scan completed and found 1 threat, and it was win.trogen.agent-7573836-0. The file was listed as tasklist.exe, which was located in OPT/Wine-Stable/LIB/Wine.

When I did my research on this threat, I discovered that its a common threat that people get under Windows. And thankfully because its so common, its flagged and listed under all anti-virus and anti-malware programs.

How I got it? Well, I have Steam installed, as I play some Windows titles. And of in order to do that under Linux, it requires the use of the Wine compatibility layer. (Which these days is enhanced by the use of Proton) So viruses made for Windows can still get on your Linux system. Do I think that the virus was able to actually do anything since it was more then likely coded for DOS? Nope! But you still don't want that on your system regardless.

Here's the thing though! The virus knew where to install itself. It knew that the directory in question does not provide you automatic root privileges to be able to remove any files in that directory. Because of this, ClamTK was not able to remove the virus when I clicked delete. So, I was forced to do the only terminal command I know of to get root privileges. I did the GKSU nautilus command, went to the directory in question, right clicked tasklist.exe, and I scan for threat. Once found, (again) I clicked delete, and it deleted it this time.

So that is this weeks PSA. If you get a virus that your scanner does not remove, then you have to gain root privileges in order to get it removed. Cause these virus's are tricky barftards, they know what they are doing in order to screw you best. Hope this information helps.

Swarfendor437

Mon Feb 10, 2020 11:26:23 pm

Which is why I don't use Wine any more - it is on the Zorin install purely for testing purposes but I don't do gaming anymore that use Windows unless it is offline. The best solution is to run Windows as a VM and install Comodo Internet Security, Malwarebytes and SUPERAnti-Spyware. If the VM gets a virus, just delete and replace with that VM backup you made elsewhere before going online! :D

Aravisian

Mon Feb 10, 2020 11:56:11 pm

Swarfendor437 wrote:Which is why I don't use Wine any more - it is on the Zorin install purely for testing purposes but I don't do gaming anymore that use Windows unless it is offline. The best solution is to run Windows as a VM and install Comodo Internet Security, Malwarebytes and SUPERAnti-Spyware. If the VM gets a virus, just delete and replace with that VM backup you made elsewhere before going online! :D

I have completely done away with Wine as well. It's been a while since I used it and when I had it installed, I barely ever used it. I do not use Steam BUT I wonder how other people may cope with Steam and it's WinEm (I cannot recall the name of it off the top of my head.)

Swarfendor437

Tue Feb 11, 2020 12:08:30 am

Proton? Like the e-mail that even forum spammers have used on here! :lol:
There is another 'kid on the block' - Lutris - but I'm not interested. If I want to play games I will do it off line or on old rigs with Netbui and Ultimate Race Pro with the two steering wheels to play with family members! :lol:

Aravisian

Tue Feb 11, 2020 12:11:57 am

Swarfendor437 wrote:Proton? Like the e-mail that even forum spammers have used on here! :lol:

Yes, I am sure the spammers have never used yahoo or gmail...

Swarfendor437

Tue Feb 11, 2020 12:13:29 am

On the contrary - but you don't expect forum spammer jerks to use/access Proton mail - it's a paid for service after all - unless it's been hacked! :lol:

Aravisian

Tue Feb 11, 2020 12:29:00 am

Swarfendor437 wrote:On the contrary - but you don't expect forum spammer jerks to use/access Proton mail - it's a paid for service after all - unless it's been hacked! :lol:

You can get Protonmail for free. I have the free Protonmail. It just has limited sotrage space. I actually have found that to be a BOON, not an inconvenience.
Many people never delete old emails and this is very wasteful. Uneconomical and bad for the environment because of Energy Waste.
By forcing me to keep only the emails i want to keep, it makes me keep my email inbox clutter free and neat and tidy.
And the amount of allowed space is pretty big- I have never filled it and had to clean it out.

star treker

Tue Feb 11, 2020 12:40:09 am

Yes unfortunately, I need Wine in order to play Steam games. The Proton that I am referring to is an enhancement to the Wine compatibility layer, has nothing to do with ProtonMail.
https://www.protondb.com/

Valve created Proton, which allows us the ability to play more Windows titles. And as you know, most games are made for Windows, so it really helps. While its true that some games are made natively for Linux, there isn't a high number of them. Every once in awhile, ProtonDB adds another title to the list that will indeed play on Linux.