104 virus encontrados pelo clamtk, o que devo fazer ?

arcashaid · 23 de Março de 2016, 00:51

baixei o clamtk e após scannear todo o meu hd com ele foram detectados vários vírus 104 no total, então agora eu estou confuso se tenho que formatar, apenas apagar os vírus, ou outra coisa, abaixo o log de todos os arquivos "infectados"

Encontrado 104 possível ameaças (203237 arquivos verificado).

/usr/share/doc/texlive-doc/latex/visualfaq/troubleshoot-vlf.pdf PUA.Script.PDF.EmbeddedJS-1
/usr/share/doc/texlive-doc/latex/ran_toks/doc/rantoks_man.pdf PUA.Script.PDF.EmbeddedJS-1
/usr/share/doc/texlive-doc/latex/movie15/overlay-example.pdf PUA.Script.PDF.EmbeddedJS-1
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup2.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup4.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup3.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup5.ini PUA.Phishing.Bank
/usr/share/doc/texlive-doc/latex/dvdcoll/dcexample.pdf PUA.Script.PDF.EmbeddedJS-1
/usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110
/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C31067FCD8CA31118BB5F7638509EB08A22F250F PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A0C53E6ACE0ACA9A50BCE57766BA577E6E5D83C9 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/04407B5EC79A5AD726417AD76762B1D7B0AFB6A5 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/EA0B448CA50C89E05A967A83A0CE06182D38CC90 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/43A9B72C0C7E0E58E66299D62F59F54D06B954D6 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A28F42C82C7B0F5EF2D2A527FD7ED5F75B276EA7 PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/animate/animate.pdf PUA.Script.PDF.EmbeddedJS-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/D75A6E121D1F2E0C51D425326BB324D279A92BAC PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/FD1EC83AEBFC558382B20BE5B5A1F470FF2F960F PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/40359DAC4E539ECB852B253AB02946416769BFC6 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/F09330E3700180DF6202EF66D9754C8D7163DDA5 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A6AD8F2D3193121ACBB1F49F0D3D5902D43778C8 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/FE362577803989364BE89421740C78F06BD10DD1 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/9BF70AF439974842255B7C46569B34C089FAF1A3 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C33E5F429DD1DB89F60A2530B138FE1C295B2B66 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/089F00C52D01461CB6E2F3FE2552702630CE7C72 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C4116B35143DDB0E8E1F3D0B05CF4AC783BA1954 PUA.JS.Xored
/usr/share/doc/texlive-doc/latex/cooltooltips/cooltooltips.pdf PUA.Script.PDF.EmbeddedJS-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/ADC98375DA0B090022CF4B99ABF549769E1F115B PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/CAE9210F8783DAD813CB962BB23426778481A609 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/49229E865BC1F1557D732840CB522A4C407ED2D5 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/BBDB80756B1F67E27BF82ED5A8B17320E4C21EB0 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/8810C0CB85FE725C12AF557215F00B571D092FB2 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/0DE23A4BA60B554B61D7873615F35970A36A3D7E PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A469F7D6295E34B77966EBF2CDB3751862AF7242 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/38AD24B8B309C056BF6FC5C4A895427022B11B22 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C019764A9A52C44B8A3D2FDD51F22AB271B200AF PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/D5AF9A79C9B6A5596CBE4B03B533A9EB7B2F6489 PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/hypdvips/hypdvips.pdf PUA.Win32.Packer.Upx-28
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/8788E55E77ADD77E7146F2D5BB5BC5AE8ED54D68 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/E1E302653A20FB01B1FCDD2E775937EB899ADD9F PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/05207E73F4CD8195BEFE81FCDA3107CF724068E5 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/EAF105C73A3F3038075D67DD1973A6BF7B302942 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/70A31D1A542948D3DCBB916E6B1635E722E43786 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/4089BE94CB4047EB1D37EA60C94CFE51E36362F2 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A633E6AA4F3E0D6B04E3CB79C579E37E37E92646 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/45FD336736DEF97F0BC96B320A69112D8241EAB9 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/5EA458FDA94120C2BF590E18106436961C0BE159 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/FA52D9FDD0AB3BEE8D2B6B1A0DA1F237BCFFFFC4 PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/interactiveworkbook/samplefiles/check.pdf PUA.Script.PDF.EmbeddedJavaScript
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/CD1BEE01DE400FA0206912F04CC413F5C8F2B89F PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/7C1FDC4B00BD616669C1D752F60268155E88BD4D PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A29B085CF9966F539A6BF3D3E565F7480219D7DA PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/7E4BD34A22F77BC5C3E23845554416876024BDEC PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/AF1219E59F163F36377B3EE026ACDEA19311757A PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C6242BBB82467307DD156B7A2C92C13B04B94BF8 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/313B1090AE11B8E3BA0E396D462825844D0499ED PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/5389EFE32A2E86270949E8FB9555A997B74B88F4 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/9A2D9ED44D0DAE66F1D7AE7DDE39E567EEFA20D6 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/83FD42BE78FF230509FD14192CE4332ECB25D35D PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/interactiveworkbook/samplefiles/radio.pdf PUA.Script.PDF.EmbeddedJavaScript
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/50BCAC83924CA10F8F78ABE63C034C45BE9D9B47 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/DA6A44B13DAAC0EBDC8C43A2A8799A9487413A38 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/2354EE40E82A8A2609F92A0F7115072D048E5688 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/7D7D43FF1C494A9B3F0A1443325EDBFAC3821EA0 PUA.Http.Exploit.CVE_2015_1692
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/9037D27FC849CCA44A128315C87810FC52AC8726 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C1A6D2CE66B8A369969CE49AA37DA7A4747BBCF9 PUA.HTML.Infected.WebPage-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/2AF59535331B8F51B09A4A782B5177F868FCD4A0 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/02D231FAEA330FE630173010CB874E76A18CB339 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/B81680C903EDA005CBE5EF968C7D8D4370F381DB PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/9DD2F391A5E368C38F8749077EAE5E4D17B4DA76 PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/interactiveworkbook/samplefiles/ndex.pdf PUA.PDF.LaunchActionObject
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C6722F8D03315C2CFA9A48AFD36986403BEFC22F PUA.JS.Xored
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/6D6619D715428C15BBAF3145C585634B91A6122A PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/62C332FFB9678CDBBE60E62AF7DFA36EDBB859EE PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/450D447554686D0A7BD5188CDBBA142537CE713E PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/76ED15B29CC0688B23993C8813EE2DCE1D32DFB0 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A7C34223A7E3731D0E08DB3185F64EDE696AE2F7 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A4D2E820A5EB48FB7B68449B678A3955300067EE PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/8287EC77B3CA6A8B94CE5B40E35472A13FB9A0A9 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/61B9EE63A2739F87C51909D2925EFA15A173F6EE PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/8DC131242BBF1EB6284276526EB07D49B1A6696F PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/interactiveworkbook/samplefiles/popup.pdf PUA.Script.PDF.EmbeddedJS-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/5585CA56F5D6F8D6A1DDFEE28B1FA18E2D6365C0 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/B3E43A0F1B9124B21E7AEFB9F1083D47315A5B57 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/646E49ED6330A27F18AABF73F9B7E05E8D68BB6D PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/B1F74353B4E215A429F36A4F98353F8376E6C882 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/9AB5F5276A83C2EA11FBF2EC99C4376A569256EB PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/DAD16EAA4AAAF4FE3EA0F312C09E93DF94E30012 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/883D97DB76245803DDD020BE8CA449AF49A1FF26 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/87F80B7F1C98DE125763831844DEB543FF87C8EA PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/9A99D2BEA1D2CAD1C3249B304BC9B9EFA585D25B PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/550B5358D8BFCB6ADDB5307899713077D8111E00 PUA.Script.Packed-1
/usr/share/doc/texlive-doc/latex/interactiveworkbook/samplefiles/field.pdf PUA.Script.PDF.EmbeddedJS-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A01182D109083111D6C441F8AE3195EE650D2DA9 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/FDF2CBD95EA4BEE9CAEAB02649E41BADA9481420 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/528D138786EF68C5FC769C86D35F202F580037D6 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/04C489929A23880BC528DE0AB614B2CD12F57D83 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/8BCAE72434FBA3C5DA950945FD12DF804193808B PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/A95A58A1BDA097D9A27FFD6703031E1D3787F6C7 PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/C5BA05ACF3677B14732421DF7E852CE827C2898C PUA.Script.Packed-1
/home/artur/.cache/mozilla/firefox/gc6o40hy.default/cache2/entries/55AB1584BDB597F94D3401F5B11915D2446CE28F PUA.Script.Packed-1
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup1.ini

Tota · 23 de Março de 2016, 02:55

Só apague. São virus para Windows em sua maioria.

Depois mantenha uma verificação diaria para ter certeza que removeu tudo.

Dê boot pelo Windows. Passe um antivirus na sua partição com Windows. Limpe a máquina.

irtigor · 23 de Março de 2016, 09:48

A maioria são arquivos no cache do Firefox, é provável que tenha entrado em sites com malware e eles foram baixados pro teu pc (e pode removê-los sem problema). Outros podem ser mais preocupantes, "PUA.Script.PDF.EmbeddedJS-1" indica que o arquivo pdf tem embutido uma aplicação potencialmente indesejada ( Potentially Unwanted Application - PUA). Nesse caso é um javascript (EmbeddedJS), se você colocou isso no PDF ignore, caso contrário, apague o mesmo.

---
Se acessa esse HD do Windows é mais provável que esses arquivos foram infectados a partir dele, ai deveria ver se esse sistema ainda está infectado. Também recomendo que mude toda e qualquer senha que tenha digitado nesse navegador.

arcashaid · 23 de Março de 2016, 10:47

O ubuntu não deixa apagar os

e eu não tenho windows uso apenas o ubuntu.

usr/share/doc/texlive-doc/latex/visualfaq/troubleshoot-vlf.pdf PUA.Script.PDF.EmbeddedJS-1
/usr/share/doc/texlive-doc/latex/ran_toks/doc/rantoks_man.pdf PUA.Script.PDF.EmbeddedJS-1
/usr/share/doc/texlive-doc/latex/movie15/overlay-example.pdf PUA.Script.PDF.EmbeddedJS-1
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup2.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup4.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup3.ini PUA.Phishing.Bank
/home/artur/.mozilla/firefox/gc6o40hy.default/adblockplus/patterns-backup5.ini PUA.Phishing.Bank
/usr/share/doc/texlive-doc/latex/dvdcoll/dcexample.pdf PUA.Script.PDF.EmbeddedJS-1
/usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110
/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js PUA.Script.Packed-1

arcashaid · 23 de Março de 2016, 12:04

Eu de sudo no antivirus e apaguei eles, mas ai o pc travou e agora sempre que tento entrar na minha conta do ubuntu volta para a parte de senha, entrando por convidado esta normal, mas não posso acessar minhas pastas e tem muita coisas importante no pc !

Tota · 23 de Março de 2016, 14:29

Use o live CD do Ubuntu.

Com ele você acessa suas pastas pessoais e pode consertar o que apagou errado.

Possivelmente você removeu algumas pastas do ambiente gráfico

arcashaid · 23 de Março de 2016, 14:41

Eu formatei todo o computador, depois de instalar apenas os programas da central do ubuntu usei o antivirus de novo e ele localisou esse virus !

/usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1

jkmsjq · 23 de Março de 2016, 16:41

Provavelmente, um falso positivo.

garfo · 23 de Março de 2016, 17:33

Citare eu não tenho windows uso apenas o ubuntu.

Se usa só o ubuntu então não tem com o que se preocupar. Se fosse eu nem usaria o Clamtk pra não ficar cismando tanto com qualquer coisinha que aparecer. A maioria deve ser falso positivo também.

marcos90 · 11 de Abril de 2016, 16:07

No caso do Firefox . Não adianta apenas limpar o cache em Preferencias =>Avançado=> Rede => limpar cachê ? ou tem que ser manualmente ?