IMG001.exe file?Malware?

noxios · 18-11-17, 16:21

Is there any way to delete these files, all at one time (some script perhaps)
Actually these files are supposed to be runing and infecting PC's since they are *.exe files, but they always end up in my Gigabox Quad Plus with openvix, in all the versions that I flashed with the virus/trojan ends up entering and is placed in all the folders of the system openvix.
In fact these files are placed in so many folders of the system that I always end up preferring to reinstall a new image in the system (this is also one of the reasons I know now it is a vulnerability of openvix image) in other images I was not infected, example with openMips, only with openvix this happens.
So if someone has a script for linux that can search in multiple folders and delete files at our choice would be very useful

**ccs** · 18-11-17, 16:27

I suggest you should read this thread from start to finish to establish how these files are getting into your local lan, block the loophole, and then reflash the Gigabox.

noxios · 18-11-17, 16:47

I think I got a better solution... a fast one at least !

find / \( -name "*.exe" -o -name "*.zip" \) -type f -delete

this does the trick

**SpaceRat** · 18-11-17, 17:00

It's a crappy solution.
You are messing with the symptoms rather than fixing the problem.

It's a PEBKAC type of problem.

**birdman** · 18-11-17, 18:32

Originally Posted by noxios

In fact these files are placed in so many folders of the system that I always end up preferring to reinstall a new image in the system (this is also one of the reasons I know now it is a vulnerability of openvix image) in other images I was not infected, example with openMips, only with openvix this happens.

That's sounds as though you are mounting your Vix box's file-system on your PC and a virus there is just copying file into all directories it can find (?).
The problem wodul then be on your PC, and until you fix that (your PC) there's no point doing anything anywhere else.

noxios · 18-11-17, 18:40

Originally Posted by birdman

That's sounds as though you are mounting your Vix box's file-system on your PC and a virus there is just copying file into all directories it can find (?).
The problem wodul then be on your PC, and until you fix that (your PC) there's no point doing anything anywhere else.

not at all ... the system is installed directly in my gigablue without going through my PC, and it was not only in a version that I realized this but in all the versions of openvix that I installed until today all of them end up contracting such a trojan / virus, my solution until now was to reinstall the system.
but now, with the line that I posted before it deletes what I want in the system easily

Note: the contraction of the trojan/virus is purely cosmetic because it does not affect the linux system (its for PC's only since it is an executable) nor does it change anything but I do not like to see such files proliferating in the system

**ccs** · 18-11-17, 19:47

Originally Posted by noxios

I think I got a better solution... a fast one at least !

find / \( -name "*.exe" -o -name "*.zip" \) -type f -delete

this does the trick

Certainly fast, but it also deletes all your settings and image backups.

noxios · 18-11-17, 20:13

Originally Posted by ccs

Certainly fast, but it also deletes all your settings and image backups.

LOL... you make me laugh, this is just a general info!!! you can adapt to your needs, and mine were as in the photo of the first post shows those two files.
and in that case the line is as follows:
find / \( -name "IMG001.exe" -o -name "info.zip" \) -type f -delete (this way only files with these names will be deleted)

if u need some more help just ask...

You do not have to criticize to receive my help

.
by the way ... the line that I posted works for me ... but if you think that it is not good for you then... do not use!

peace

**ccs** · 18-11-17, 20:25

Let's hope nobody followed your advice.

noxios · 18-11-17, 20:36

as a solution to your "problem", and because I'm a nice person

lollllll... You can always make a backup of your current settings (I assume they are the good ones that are running

and the image backup in the same way) once you have cleaned the "bad" files...
...but all this just because you did not understood the first concept

**SpaceRat** · 18-11-17, 21:17

I think it was wrong that I stopped taking down wide open boxes ...
IMHO internet providers should be forced to shut down customers operating botnet members.

Gesendet von meinem SM-N910F mit Tapatalk

**ccs** · 18-11-17, 21:35

Originally Posted by noxios

as a solution to your "problem", and because I'm a nice person

lollllll... You can always make a backup of your current settings (I assume they are the good ones that are running

and the image backup in the same way) once you have cleaned the "bad" files...
...but all this just because you did not understood the first concept

Did I ever say I'd deleted my backups?
No point in asking for advice if you're not going to listen.

**birdman** · 19-11-17, 02:04

Originally Posted by noxios

not at all ... the system is installed directly in my gigablue without going through my PC

Which isn't related to what I wrote.
I'm suggesting that perhaps you have installed/activated Samba on the box to enable access from your PC, and your (infected) PC is then copying the files onto it.

Thread: IMG001.exe file?Malware?

Thread Tools

Display

The Following 2 Users Say Thank You to ccs For This Useful Post:

The Following User Says Thank You to birdman For This Useful Post:

The Following User Says Thank You to ccs For This Useful Post:

The Following User Says Thank You to SpaceRat For This Useful Post:

Posting Permissions

Options

About

Site Links

Social Media