My laptop runs on Ubuntu and was recently infected with the brontok virus it managed to infect my Ubuntu – through my flash drive – because I have Wine installed. I had used the USB in an infected Windows computer belonging to someone I know. It creates .exe
files in random application folders.
I've found .exe
files in the folder for Openshot video editor, Audacity, Wine, it sometimes creates an .exe
file in my Desktop folder, it creates the classic Brontok image with the green background in my Pictures folder as an HTML file and if I delete these, they just reappear each time I switch my computer back on.
I can't even name all the folders this worm is making .exe
files in. They're all over and deleting doesn't help. A comprehensive guide on how to remove it is appreciated.
Best Answer
I will show you how to delete wine and the virus it self, step by step:
Step One:
Run the following command(s) in your terminal:
This will
purge
wine from your system:sudo apt-get purge wine
Step Two:
Just in case
apt-get
could not delete a Wine.exe
file for whatever reason, delete the entirewine
folder. It resides in your home folder like so:.wine/
sudo rm -rfv ~/.wine/
Step Three:
To make sure no wine process is still loaded:
sudo reboot
This will reboot your system, without confirmation.
You can run the following command after the reboot to see which
.exe
process is still loaded:And then force close it:
Make sure you know that the process is malicious.
Step Four:
Run this in your home folder, it will try to find any file that ends with the
.exe
prefix.find ~/ -type f -name "*.exe"
Step Five:
The previous find command will display the path of the
.exe
file(s), delete every.exe
file you don't trust. Like so:sudo rm -f /path/to/maybe-a-virus.exe
Step Six:
Scan with an Antivirus for linux, like clam antivirus. How to install and scan here:
Notes:
clamav
does not have a large database of Windows viruses compared to the mayor Antivirus Corporations. If you are not a hundred percent convinced of the legality of a file, you can upload it to:At the time of writing, it use 57 anti viruses to scan files. Its still not a hundred percent accurate, but, it is right for about 99% of the time. My personal experience.
Mono names its binaries to
.exe
, So, not all.exe
files you don't know, are harmful. For a list of Linux projects that use mono, see:Here is a quote - my own - that comments about the security benefits from using PlayOnLinux:
It's a bit safer than using wine.
Step Seven:
After you're absolutely sure that your virus is gone, re-install wine:
Links:
malware - Do Wine Viruses only work while Wine is running? - Ask Ubuntu
VirusTotal - Free Online Virus, Malware and URL Scanner
Mono (software) - Wikipedia, the free encyclopedia#Software_developed_with_Mono
security - How do I scan for viruses with ClamAV? - Ask Ubuntu