Mon Feb 10, 2020 11:19:05 pm
So I decided to run a system wide scan using ClamTK. Now if you don't know what ClamTK is, its actually the GUI interface for ClamAV, that is usually installed with all Linux OS's. Something just didn't sit right with me, so I ran the scan. If you've ever run a system wide scan before with ClamTK, you know that takes hours.
So, the scan completed and found 1 threat, and it was win.trogen.agent-7573836-0. The file was listed as tasklist.exe, which was located in OPT/Wine-Stable/LIB/Wine.
When I did my research on this threat, I discovered that its a common threat that people get under Windows. And thankfully because its so common, its flagged and listed under all anti-virus and anti-malware programs.
How I got it? Well, I have Steam installed, as I play some Windows titles. And of in order to do that under Linux, it requires the use of the Wine compatibility layer. (Which these days is enhanced by the use of Proton) So viruses made for Windows can still get on your Linux system. Do I think that the virus was able to actually do anything since it was more then likely coded for DOS? Nope! But you still don't want that on your system regardless.
Here's the thing though! The virus knew where to install itself. It knew that the directory in question does not provide you automatic root privileges to be able to remove any files in that directory. Because of this, ClamTK was not able to remove the virus when I clicked delete. So, I was forced to do the only terminal command I know of to get root privileges. I did the GKSU nautilus command, went to the directory in question, right clicked tasklist.exe, and I scan for threat. Once found, (again) I clicked delete, and it deleted it this time.
So that is this weeks PSA. If you get a virus that your scanner does not remove, then you have to gain root privileges in order to get it removed. Cause these virus's are tricky barftards, they know what they are doing in order to screw you best. Hope this information helps.