Hello again, On Mon, 17 Jan 2022, colin course via clamav-users wrote:
one more thing ged who is this user 121 ?is that normal to see on process properties and its only on clam it was root and thats when the scan worked but i have seen it being user 121 before
In a Linux system, each user has both a numeric ID and a name. The numeric IDs are picked by the system when it creates new user names and they will differ from one system to another because the users are created for example when you install software and you usually won't do exatly the same things in exactly the same order on different systems. This can cause an issue when you transfer files from one system to another, e.g. with an archiving utility like 'tar'. The number itself isn't really of concern, and although there is some meaning in it (low numbers tend to be 'system' users but you can control that) you really don't need to worry about it if you're working on a single system.
i am having to change permissions to stop virus running all over me
That's never going to work. If your system has already been compromised then you are wasting your time trying to install ClamAV - or anything else - on it. Replace all the mass storage devices, and start again from scratch with a known good installation medium from a known good source. If you do not want any data from the existing system then instead of replacing the mass storage devices you *might* safely be able to wipe and reformat them but you need to know what you are doing to do that and I am fairly sure that you are not at present capable of doing it. Some malware may even be able recover from a reformat but admittedly that's rare. After that and before you do anything else with the system make sure that *everything* on it is up to date on security patches provided by the distribution. Then keep it that way daily by seting up automatic system updates. There will be a way to do that using your system's package manager and a package or packages provided by the 'distro'. Treat the compromised storage devices as dangerous to a computer's health until you learn how to handle them safely, which is going to take you a while - possibly years. If there may be data which you need on the devices you might want to consider using a data recovery service to get it back but at present you are probably not capable of safely copying data from a compromised device to a clean device. You could compromise the clean device if you did that. Do not visit nor believe random Internet sources nor mail messages which claim to have found or be able to fix fix problems with your computer. In fact as a general rule of thumb do not believe what you read in mail nor on Internet sources unless you have very good reason to do so. I am very happy for you to suspect that I might not be telling you the truth - you have to make your own decisions when you're out in the forest on your own and it's the same on the Internet at the moment. There is no Internet Police Force, and no Internet Search and Rescue, and no Internet Fire Brigade, and there is no Internet Ambulance Service. Eventually perhaps there will be, but then there will probably also be Internet Licenses and Taxation, so enjoy the Wild West it while it's free for all (a free for all:). You have most probably visited a compromised Website, or opened a malicious email inadvisedly using a graphical mail client. It's best if you train yourself not to visit random Websites and learn to be *very* choosy about which email message you read. If it's any guide at all, more than 95% of the emails which are offered to my servers are either criminal or junk. I have personally put decades into work which prevents anyone here from ever seeing them. I'm not finished. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
