[vox-tech] Linux Computer Infected

[Rick Moen]

Quoting Bob Scofield (scofield at omsoft.com):

> I've got an infected Linux desktop and I don't have the technical
> expertise to fix it.

FYI, nothing you said in either of your posts would suggest malware.
(Also, IMO:  http://linuxmafia.com/~rick/faq/#virus)

Your system has a Linux Mint installation with the Cinnamon
(variant-GNOME3) Desktop Environment.  


Suggestion #1 (move .mozilla out of the way):

> When I clicked on the link to the story or video or whatever it is,
> Firefox crashed.  It crashed permanently.  If I try to start
> Firefox all I get is the "Mozilla Crash Report."  I've removed
> Firefox 3 times.  I've purged Firefox twice.  I've reinstalled and
> the problem persists.

Am betting this is related to your per-user configuration files for
Firefox.  Try this (it's reversible):

1.  Make sure Firefox is _truly_ not running.  To do this, first, open a 
terminal console.  (I'm very much not a GNOME person, so you
find and do that based on your local knowledge.)  In the following, the
'$' stands for a non-root user's shell prompt.  '#', used in a later bit
of this message stands for the root user's shell prompt.  Therefore, the
suggestion is that you type the commands quoted below, but not the
prompt characters.  (This is a display convention you will encounter
widely in discussion of Unix system operations.)  Now:

  $ ps auxw | grep firefox

If an instance of Firefox is running, you need to kill the process.
Like:

  $ killall firefox
  $ killall -9 firefox

(or whatever the process's name is)


Now:

2.

  $ cd
  $ mv .mozilla .mozilla-save
  $ exit

3.  Try starting Firefox again.  Don't get alarmed that your bookmarks,
etc., aren't there.  The information for them is safely ensconced in the 
.mozilla-save directory.  

4.  Report back to the mailing list.  Does Firefox still go kablooey,
even with a fresh-generated .mozilla tree that resulted when you
restarted Firefox in step #3?  Let us know.

5.  After shutting down Firefox, put your .mozilla directory back:

  $ cd
  $ rm -rf .mozilla
  $ mv .mozilla-save .mozilla
  $ exit

You are back.




Suggestion #2 (add user 'test'):

See if a second user set up for test purposes encounters the same
problem or not.  If yes, then you have a system-wide problem.  If no,
then you have a problem isolated to your personal login's configuration
files.  Make sense?

Open a terminal console, and:

  $ sudo su -
  # adduser test
  # passwd test
  # exit
  $

You have just created additional local login user 'test' and assigned
that new user a login password.   The 'passwd' command will, FYI, have
prompted you to type in that password twice, to ensure that you haven't
fumblefingered it.

Now, do whatever it is you do to shut down the Cinnamon DE, logout, and
return to the Linux Mint grapical login thingie.  This time, instead of
logging in as your regular user, login as 'test'.  _If_, as I suspect, 
you have no system-wide problem but rather a problem isolated to your
personal login's configuration files, then you in the guise of the
'test' user will now enjoy a pristine Cinnamon DE environment with 
no weird 'crashes', etc., etc.

One last thing:  I mean no personal criticism here whatosever, but 
I'm going to make a guess based on long decades working with Linux
newcomers that if I asked you to check and make sure your system isn't
running short on RAM because some process or processes is/are grabbing 
it, you would say 'How?'  Right?  

Your symptoms might easily be caused by runaway RAM consumption by
something.  There are ways to track that down using old-school Unix
command-line tools like 'free', 'ps', and 'top', but how to interpret
their information requires learning.  Additionally, intelligently
interpreting that information would require learning what the various
running processes are and what they're doing.  Any GNOME variant has
a great many running processes, IMO, making that part of the task more
difficult than it would be with more-lightweight environments.

But anyway, try the 'test' user, and report back whether the problem 
replicates with that user or not.  I'm going to bet 'no'.  Based on your
answer, this mailing list's denizens will be in a better position to
give you meaningful and useful, i.e., targeted, suggestions.

(I didn't cover how to remove user 'test', but it's also not
difficult. But frankly I'd advise keeping that login around.)



> In the meantime I tried to read the story with Chromium.  Chromium
> now constantly crashes.  It will not stay up for more than about 30
> seconds.

Could be that something's hogging RAM.

> What's more, Cinnamon (I'm using Linux Mint) is now crashing every
> once and awhile and I've never seen Cinnamon crash before.

Could be that something's hogging RAM.


(If the best solution is for someone to drive over and debug this for
you, coolness, but unfortunately I personally am way too far away, down
at the south end of San Mateo County.)