So I do a search for this monstermarketthing and it looks like reverse shilling spam.
On 9/26/12, Edward C. Jones <edcjo...@comcast.net> wrote: > I use up-to-date Debian testing (wheezy), amd64 architecture. > > When I do a Google search, I sometimes get a window asking if I want to > do a search at monstermarketplace.com. For Windows, there is a piece of > malware with this name. Does this malware now exist for linux systems? > If so, how do I get rid of it? If my suspicions are unfounded, are you running as root? If so, consider yourself hosed. I'm not sure I'd even trust the motherboard any more. If not, if you do your day-to-day work from an non-admin account, start with clearing all your cache, cookies, and history, and un-installing any suspicious browser extensions. Clear your bookmarks, too, all but the ones you really need and know you can trust. Restart your browser. If it still happens, un-install all extensions and clear all bookmarks. If there's a bookmark you really need, think twice, three times, and if you still think you trust and need it, open up a text editor and copy-paste the url into the text editor. Repeat, only for necessary bookmarks, and save the text document as something like "bookmark_urls.txt". Then clear your bookmarks and restart your browser. If it still happens, shut your browser down and nuke your .mozilla configuration directory. As in "rm -rf ~/.mozilla/*". If you still get re-directs, you have six options, take you pick which you go with first: (0) Consider where you spend your time on the web. You could be fixing your problem every time you shut down your browser, only to have a website you regularly visit stuff a piece of malware javascript that never goes away into your browsing session. (1) Check your DNS infractructure. Can you trust the servers that are matching your domain name requests with IP addresses? One might be occasionally feeding your requests to a troll. (2) Nuke your user account. Back up your data first. Don't back up your configurations, because something could be hiding in there. Grab the text-only bookmarks you saved (but remember the problem I mentioned in (0)). Log in as an admin and erase the account. Completely. Make a new account. Maybe even a new user name/id, definitely a new password. Use a good password, of course. Restore your data, using chown as appropriate if you changed the userid. (3) Back up all user data for all accounts on the system, wipe the system, and re-install. (4) Hey, it's a good time for a new hard disk, anyway. Install a fresh system on the new hard disk and mount the old one under /suspicious and carefully move the data you need from the old drive to the new one, as you need it. Maybe do some forensics on the drive in your spare time. (5) Maybe it's a good excuse to update the motherboard with the new disk. (See (4).) -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caar43inbpqx8ptebxr78a86cer2-mtovgksnyx3dqu8gnuv...@mail.gmail.com
