I was NOT on-line last night, actually reading a book instead, when my wife comes downstairs saying that our computer is telling her that it has been infected with spyware and that we NEED to download some software to fix that.
I chuckled, of course, knowing that our computer is RHEL5 using Firefox 3.0.x. But, being the 24/7 support person, I went upstairs. The odd thing was that the screen behind the dialogue box looked very Windoze-like. I went to a terminal window, and did a kill -15 on the firefox process. That killed it right away, and it was only using 5% of CPU, so it couldn't have been too evil.
I then did a find / -ctime 0 -print to see all of the changes/adds. Interestingly, there were some .wine files in our /tmp, which would explain the Windoze-like appearance. I am kind of curious now what the thing might have tried to do had we agreed to download their anti-spyware.
Anyway, I wiped out the /tmp stuff, and our Firefox is already configured for clearing out temporary Internet files upon exit. I then did a restart, and checked my ps -ef and everything was all clear. I will admit though, that Firefox 3.0.x (versus 2.0.x) seems to be a very busy program, using CPU time even after one closes it out. It is probably writing some cached database entries of some variety. Who knows?
Gee, maybe I need one of those Linux-based anti-spyware programs........ not!
Got something to add? Send me email.
More Articles by Bill Mohrhardt © 2009-11-07 Bill Mohrhardt
Perl: The only language that looks the same before and after RSA encryption. (Keith Bostic)