Ubuntu: Might have installed some malware or spyware. Need help to uninstall



Question:

I am an idiot who has probably installed some drivers from a phishing site in order to get my printer to work.

Site in question is https://drivers-canon.net/canon-ts5053-driver.html; Yea I know I'm a moron, I didn't notice the sketchy English until I returned confused to the website.

I can't figure out where the files ended up and they definitely did not help me print anything.
I did manage to scan with synaptics to remove the installed file in question. Any way I can be sure I have removed everything?


Solution:1

I don't think you got infected (might be wrong). I ran virustotal scan on the windows exe, tar.gz and .deb, and all results were clean.

Virustotal scan result Virustotal Scan Results: exe, deb, tar.gz.

But, if you are infected, unfortunately there's no other way except reinstalling to be completely sure you're clean.

If that's not an option, run a thorough virus check with ClamAV.

After that, scan your pc for rootkits, see this guide.

If you're curious, open the tar.gz, there you'll find an install.sh file, open it with gedit and try breaking it down. You'll find the paths where the installer copied the files.

Happy Hunting.


Solution:2

There isn't any way you can be sure that your system is secure except for reinstalling the OS because you gave the bogus printer driver root permissions when you installed it. Because it was given root permissions, the bogus printer driver could meddle with parts of your filesystem that are owned by root without you knowing about it.


Solution:3

You can not be sure your AV found it all, but is likely it did. Do not panic yet. You ran AV scan which is the right thing. Run the AV few times. If the computer starts behave strangely than sadly you may have to reinstall. Before you reinstall OS and programs, you will want to save your data files. Now for the really bad news. Even if you reinstall the OS and all you programs, the infection may be hiding inside the data. So after reinstall you would get the same thing back. On the other hand, you may be lucky and the infection was hiding in the OS. And that means reinstalling OS will solve your problem.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »