Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

<Overfiend> Joy: Hey, I'm an asshole. Assholes emit odious gas. That's what we do.


computers / alt.os.linux.mageia / Re: virus warning

SubjectAuthor
* virus warningfaeychild
+- Re: virus warningBit Twister
+* Re: virus warningDavid W. Hodgins
|`- Re: virus warningfaeychild
+* Re: virus warningWilliam Unruh
|+* Re: virus warningDavid W. Hodgins
||+* Re: virus warningfaeychild
|||`* Re: virus warningDavid W. Hodgins
||| `* Re: virus warningDavid W. Hodgins
|||  `- Re: virus warningfaeychild
||`* Re: virus warningAragorn
|| `* Re: virus warningfaeychild
||  `* Re: virus warningAragorn
||   +* Re: virus warningfaeychild
||   |`- Re: virus warningAragorn
||   `* Re: virus warningfaeychild
||    `* Re: virus warningTJ
||     `* Re: virus warningfaeychild
||      `- Re: virus warningAragorn
|`- Re: virus warningfaeychild
+* Re: virus warningfaeychild
|`* Re: virus warningDoug Laidlaw
| +* Re: virus warningfaeychild
| |`- Re: virus warningBit Twister
| `* Re: virus warningTJ
|  `* Re: virus warningBit Twister
|   +* Re: virus warningAragorn
|   |+- [OT] Re: virus warningBit Twister
|   |`* Re: [OT] virus warningBit Twister
|   | `* Re: [OT] virus warningAragorn
|   |  `* Re: [OT] virus warningBit Twister
|   |   `* Re: [OT] virus warningAragorn
|   |    `* Re: [OT] virus warningBit Twister
|   |     `* Re: [OT] virus warningWilliam Unruh
|   |      `* Re: [OT] virus warningDavid W. Hodgins
|   |       +- Re: [OT] virus warningBit Twister
|   |       `- Re: [OT] virus warningWilliam Unruh
|   `- Re: virus warningTJ
+* Re: virus warningfaeychild
|`- Re: virus warningBit Twister
`* Re: virus warningfaeychild
 +* Re: virus warningBit Twister
 |`* Re: virus warningfaeychild
 | +- Re: virus warningAragorn
 | +- Re: virus warningWilliam Unruh
 | `* Re: virus warningBit Twister
 |  `* Re: virus warningfaeychild
 |   `* Re: virus warningBit Twister
 |    `* Re: virus warningfaeychild
 |     `* Re: virus warningfaeychild
 |      `* Re: virus warningBit Twister
 |       `- Re: virus warningfaeychild
 +- Re: virus warningTJ
 `- Re: virus warningAragorn

Pages:123
virus warning

<t4pm6b$ebu$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4662&group=alt.os.linux.mageia#4662

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: virus warning
Date: Tue, 3 May 2022 08:32:40 +1000
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <t4pm6b$ebu$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 2 May 2022 22:32:44 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bb124316b3512cae103eb0a6d8edcd5e";
logging-data="14718"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18q5uYoLP3qm/9T66nlCIospjs25geRWio="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:4WOxSIkShIXyOsB9Gtgt4F8x0gY=
Content-Language: en-US
 by: faeychild - Mon, 2 May 2022 22:32 UTC

This morning I had several warnings popup in the notification panel

"Your PC is at risk
Viruses found - Click to fix"

and followed by a red shield icon

The last Waring was followed by a blue Windows Icon

So- clearly legit and competent :-)

It seems to be associated with Firefox. I have no antivirus only
Ghostery and Noscript

It is curious, though
--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<slrnt70nr4.19f4o.BitTwister@wb.home.test>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4663&group=alt.os.linux.mageia#4663

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Mon, 2 May 2022 17:46:59 -0500
Organization: A noiseless patient Spider
Lines: 26
Message-ID: <slrnt70nr4.19f4o.BitTwister@wb.home.test>
References: <t4pm6b$ebu$1@dont-email.me>
Injection-Info: reader02.eternal-september.org; posting-host="0d011e7e0573151933a68f6ad7ebf0ea";
logging-data="7759"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/CeQtmGP27Rr9bZ96D3mbw1+2nUXHAP4E="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:ZEwFUKMWA8UOSiLeT5eIvC/HXLo=
 by: Bit Twister - Mon, 2 May 2022 22:46 UTC

On Tue, 3 May 2022 08:32:40 +1000, faeychild wrote:
>
>
> This morning I had several warnings popup in the notification panel
>
> "Your PC is at risk
> Viruses found - Click to fix"
>
> and followed by a red shield icon
>
> The last Waring was followed by a blue Windows Icon
>
>
> So- clearly legit and competent :-)
>
> It seems to be associated with Firefox. I have no antivirus only
> Ghostery and Noscript
>
> It is curious, though

Yep, since you are running Linux, I have no idea where it came from based
on your description. I get on screen pop ups on some sites.
I have never had a notification panel alert.

Re: virus warning

<op.1lkczphna3w0dxdave@hodgins.homeip.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4665&group=alt.os.linux.mageia#4665

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!paganini.bofh.team!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dwhodg...@nomail.afraid.org (David W. Hodgins)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Mon, 02 May 2022 19:03:15 -0400
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <op.1lkczphna3w0dxdave@hodgins.homeip.net>
References: <t4pm6b$ebu$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="cc6e198ac66721c02c3cfca3ffc21a3b";
logging-data="28930"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18Nt8d3700sNo9McedDFL879zkPRtgOkY4="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:BvdvfWpM1aGXzXAq+zs/ZLydxSM=
 by: David W. Hodgins - Mon, 2 May 2022 23:03 UTC

On Mon, 02 May 2022 18:32:40 -0400, faeychild <faeychild@nomail.afraid.org> wrote:
> This morning I had several warnings popup in the notification panel
> "Your PC is at risk
> Viruses found - Click to fix"
> and followed by a red shield icon
> The last Waring was followed by a blue Windows Icon
> So- clearly legit and competent :-)
> It seems to be associated with Firefox. I have no antivirus only
> Ghostery and Noscript
> It is curious, though

What websites were loaded?

Regards, Dave Hodgins

Re: virus warning

<t4poe2$tb2$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4666&group=alt.os.linux.mageia#4666

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: unr...@invalid.ca (William Unruh)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Mon, 2 May 2022 23:10:58 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <t4poe2$tb2$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me>
Injection-Date: Mon, 2 May 2022 23:10:58 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="b726c767e1891a0eb5c1e31985a00e4c";
logging-data="30050"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+s/3+hFYoS4YhN4MEeshWr"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:0bOwvDtfLUhRUch5TBs5j8ezYe0=
 by: William Unruh - Mon, 2 May 2022 23:10 UTC

Do not click. This is almost certainly clickbait, or in otherwords, they
want to fix the lack of viruses on your machine by transfering one of
their own to you.

On 2022-05-02, faeychild <faeychild@nomail.afraid.org> wrote:
>
>
> This morning I had several warnings popup in the notification panel
>
> "Your PC is at risk
> Viruses found - Click to fix"
>
> and followed by a red shield icon
>
> The last Waring was followed by a blue Windows Icon
>
>
> So- clearly legit and competent :-)
>
> It seems to be associated with Firefox. I have no antivirus only
> Ghostery and Noscript
>
> It is curious, though

Re: virus warning

<op.1lkdh60ha3w0dxdave@hodgins.homeip.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4667&group=alt.os.linux.mageia#4667

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dwhodg...@nomail.afraid.org (David W. Hodgins)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Mon, 02 May 2022 19:14:20 -0400
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <op.1lkdh60ha3w0dxdave@hodgins.homeip.net>
References: <t4pm6b$ebu$1@dont-email.me> <t4poe2$tb2$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="cc6e198ac66721c02c3cfca3ffc21a3b";
logging-data="901"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+aOnOj4oKeP3vzGiE23lNps0NGAZ0qvME="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:MYTAB3UbQZZKFxwC6IqfBtpeDCI=
 by: David W. Hodgins - Mon, 2 May 2022 23:14 UTC

On Mon, 02 May 2022 19:10:58 -0400, William Unruh <unruh@invalid.ca> wrote:

> Do not click. This is almost certainly clickbait, or in otherwords, they
> want to fix the lack of viruses on your machine by transfering one of
> their own to you.

> On 2022-05-02, faeychild <faeychild@nomail.afraid.org> wrote:
>> This morning I had several warnings popup in the notification panel

I'd like to check out the site to see how it managed to get the popup into the
notification panel.

Regards, Dave Hodgins

Re: virus warning

<t4q80c$cia$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4668&group=alt.os.linux.mageia#4668

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 13:36:41 +1000
Organization: A noiseless patient Spider
Lines: 30
Message-ID: <t4q80c$cia$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me>
<op.1lkczphna3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 3 May 2022 03:36:44 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bb124316b3512cae103eb0a6d8edcd5e";
logging-data="12874"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19ovJOcqxR3j5z7PcBgFORf37YYUhoL5DQ="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:boMEiG+fcZeCvOxxCroIsus1fHA=
In-Reply-To: <op.1lkczphna3w0dxdave@hodgins.homeip.net>
Content-Language: en-US
 by: faeychild - Tue, 3 May 2022 03:36 UTC

On 3/5/22 09:03, David W. Hodgins wrote:
> On Mon, 02 May 2022 18:32:40 -0400, faeychild
> <faeychild@nomail.afraid.org> wrote:
>> This morning I had several warnings popup in the notification panel
>> "Your PC is at risk
>> Viruses found - Click to fix"
>> and followed by a red shield icon
>> The last Waring was followed by a blue Windows Icon
>> So- clearly legit and competent  :-)
>> It seems to be associated with Firefox. I have no antivirus only
>> Ghostery and Noscript
>> It is curious, though
>
> What websites were loaded?
>
> Regards, Dave Hodgins

Didn't think of that!! Phishing attacks ??

A TV guide and youtube tabs

I have noscript with
youtube , google and googlevideo.com trusted. The others are blocked

I may have to experiment a bit
--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<t4q8dl$etp$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4669&group=alt.os.linux.mageia#4669

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 13:43:46 +1000
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <t4q8dl$etp$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4poe2$tb2$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 3 May 2022 03:43:49 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bb124316b3512cae103eb0a6d8edcd5e";
logging-data="15289"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+auT9VIhKAP0Mzrflde51miB62KBOrq54="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:0jEGgkKUZ6dn0ZEWjYzu1GkLDHE=
In-Reply-To: <t4poe2$tb2$1@dont-email.me>
Content-Language: en-US
 by: faeychild - Tue, 3 May 2022 03:43 UTC

On 3/5/22 09:10, William Unruh wrote:
> Do not click. This is almost certainly clickbait, or in otherwords, they
> want to fix the lack of viruses on your machine by transfering one of
> their own to you.

As I surmised from David's post - phishing

The alerts in the notification panel are not hot and can't respond to
clicks. It makes the entire exercise seem sad and incompetent.

What must it be like to run Windows?

--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<t4q8q2$ham$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4670&group=alt.os.linux.mageia#4670

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 13:50:24 +1000
Organization: A noiseless patient Spider
Lines: 28
Message-ID: <t4q8q2$ham$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 3 May 2022 03:50:27 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bb124316b3512cae103eb0a6d8edcd5e";
logging-data="17750"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/lzNXZxhKAStiOo+Lx1ebyar1PUDlOm2k="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:k4XIrHJEAAFOZg3TyE7Ik22YDM0=
In-Reply-To: <op.1lkdh60ha3w0dxdave@hodgins.homeip.net>
Content-Language: en-US
 by: faeychild - Tue, 3 May 2022 03:50 UTC

On 3/5/22 09:14, David W. Hodgins wrote:
> On Mon, 02 May 2022 19:10:58 -0400, William Unruh <unruh@invalid.ca> wrote:
>
>> Do not click. This is almost certainly clickbait, or in otherwords, they
>> want to fix the lack of viruses on your machine by transfering one of
>> their own to you.
>
>> On 2022-05-02, faeychild <faeychild@nomail.afraid.org> wrote:
>>> This morning I had several warnings popup in the notification panel
>
> I'd like to check out the site to see how it managed to get the popup
> into the
> notification panel.
>
> Regards, Dave Hodgins

I am running youtube channels in several tabs and a TV guide

https://www.ourguide.com.au/tv_guide.php?r=melbourne&d=02052022&w=now&t=4
and earlier on "cracked.com and theregister.com"

--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<t4qqs4$d51$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4671&group=alt.os.linux.mageia#4671

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 18:58:40 +1000
Organization: A noiseless patient Spider
Lines: 33
Message-ID: <t4qqs4$d51$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 3 May 2022 08:58:44 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bb124316b3512cae103eb0a6d8edcd5e";
logging-data="13473"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18xkxRDuN1RiGwltwKA5Qf3ALs2m4zVB2w="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:1QyN55qWXj63FVZBsRPjYd1VEek=
In-Reply-To: <t4pm6b$ebu$1@dont-email.me>
Content-Language: en-US
 by: faeychild - Tue, 3 May 2022 08:58 UTC

On 3/5/22 08:32, faeychild wrote:
>
>
> This morning I had several warnings popup in the notification panel
>
> "Your PC is at risk
> Viruses found - Click to fix"
>
> and followed by a red shield icon
>
> The last Waring was followed by a blue Windows Icon

So further on today I've had web pages not loading or webpage menus not
responding.
And if I set every entry in the noscript menu to trusted, the webpages
load fine.

I may try un-installing noscript and see what happens.

I just checked the "About Firefox" to get the version and the popup
window was blank until I set noscript to all trusted

Firefox 91.8.0esr (64-bit)

I wonder about this and the coincidence with the virus warning

--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<20220503180418.3ec614db@nx-74205>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4672&group=alt.os.linux.mageia#4672

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: thoron...@telenet.be (Aragorn)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 18:04:18 +0200
Organization: A noiseless patient Strider
Lines: 36
Message-ID: <20220503180418.3ec614db@nx-74205>
References: <t4pm6b$ebu$1@dont-email.me>
<t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: reader02.eternal-september.org; posting-host="94fef172746f2bf860c4ed585e3d7a45";
logging-data="10482"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+IXbCsfqGcXaXOFx2iDxJ2"
Cancel-Lock: sha1:yqHDCnZ2JIMRpt5NNlVT/UQ7eQM=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: Aragorn - Tue, 3 May 2022 16:04 UTC

On 02.05.2022 at 19:14, David W. Hodgins scribbled:

> On Mon, 02 May 2022 19:10:58 -0400, William Unruh <unruh@invalid.ca>
> wrote:
>
> > Do not click. This is almost certainly clickbait, or in otherwords,
> > they want to fix the lack of viruses on your machine by transfering
> > one of their own to you.
>
> > On 2022-05-02, faeychild <faeychild@nomail.afraid.org> wrote:
> >> This morning I had several warnings popup in the notification
> >> panel
>
> I'd like to check out the site to see how it managed to get the popup
> into the notification panel.

Commonly this is the result of the biological unit between the
keyboard and the chair having allowed notifications for that site.

If this is enabled for that particular site and that particular browser,
then as soon as the site detects that your browser is online — you
don't even have to load the site — it'll push out a notification.

Myself, I only allow that for two sites: YouTube and the Manjaro forum.
But these days, it's one of the first things you are asked when
visiting a site. Not THE first thing, though. That would be whether
to allow cookies. And the second thing is whether you want to
subscribe to their newsletter. And your third click is to stop the
auto-playing video. :p

Just kidding, but you get the gist. ;)

--
With respect,
= Aragorn

Re: virus warning

<op.1llu9yrua3w0dxdave@hodgins.homeip.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4673&group=alt.os.linux.mageia#4673

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dwhodg...@nomail.afraid.org (David W. Hodgins)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 03 May 2022 14:35:48 -0400
Organization: A noiseless patient Spider
Lines: 22
Message-ID: <op.1llu9yrua3w0dxdave@hodgins.homeip.net>
References: <t4pm6b$ebu$1@dont-email.me> <t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net> <t4q8q2$ham$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="cc6e198ac66721c02c3cfca3ffc21a3b";
logging-data="12457"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+zabKsBFdrQDmi9PK0qm/nnjKXdhDGw0k="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:S3evgquEJwOuwHThF+TZI778Hz8=
 by: David W. Hodgins - Tue, 3 May 2022 18:35 UTC

On Mon, 02 May 2022 23:50:24 -0400, faeychild <faeychild@nomail.afraid.org> wrote:
> On 3/5/22 09:14, David W. Hodgins wrote:
>> On Mon, 02 May 2022 19:10:58 -0400, William Unruh <unruh@invalid.ca> wrote:
>>> Do not click. This is almost certainly clickbait, or in otherwords, they
>>> want to fix the lack of viruses on your machine by transfering one of
>>> their own to you.
>>> On 2022-05-02, faeychild <faeychild@nomail.afraid.org> wrote:
>>>> This morning I had several warnings popup in the notification panel

>> I'd like to check out the site to see how it managed to get the popup
>> into the
>> notification panel.

> I am running youtube channels in several tabs and a TV guide
> https://www.ourguide.com.au/tv_guide.php?r=melbourne&d=02052022&w=now&t=4
> and earlier on "cracked.com and theregister.com"

I'm not seeing any sort of a "virus warning" on youtube or ourguide. It's most
likely coming from an advertiser, but which ads show depends on location, browsing
history, and timing, so it can be difficult to track down the source.

Regards, Dave Hodgins

Re: virus warning

<t4s9n6$lbi$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4675&group=alt.os.linux.mageia#4675

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 08:18:14 +1000
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <t4s9n6$lbi$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net> <20220503180418.3ec614db@nx-74205>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 3 May 2022 22:18:14 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="ca65e53cff0c77f81fea82f15c86a8c1";
logging-data="21874"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/x0LlXMdgAMxplkvFphQNKj7SAhw0aKkc="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:j/RcqO/MS4FdEMXyK1UOPdh0Pq4=
In-Reply-To: <20220503180418.3ec614db@nx-74205>
Content-Language: en-US
 by: faeychild - Tue, 3 May 2022 22:18 UTC

On 4/5/22 02:04, Aragorn wrote:

> subscribe to their newsletter. And your third click is to stop the
> auto-playing video. :p
>
> Just kidding, but you get the gist. ;)
>

YES!!! Particularly the damn auto playing video.
That must be disabled every time Firefox updates :-(
--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<20220504005705.136893e4@nx-74205>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4676&group=alt.os.linux.mageia#4676

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: thoron...@telenet.be (Aragorn)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 00:57:05 +0200
Organization: A noiseless patient Strider
Lines: 45
Message-ID: <20220504005705.136893e4@nx-74205>
References: <t4pm6b$ebu$1@dont-email.me>
<t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net>
<20220503180418.3ec614db@nx-74205>
<t4s9n6$lbi$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: reader02.eternal-september.org; posting-host="8006c1b694c25f9ffee9e2d0326fc8ba";
logging-data="10482"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+IzfwbtlIJwCw76Mrbo60u"
Cancel-Lock: sha1:ULF7veWkeEJuG3n/T3rW6GHKuWk=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: Aragorn - Tue, 3 May 2022 22:57 UTC

On 04.05.2022 at 08:18, faeychild scribbled:

> On 4/5/22 02:04, Aragorn wrote:
>
> > subscribe to their newsletter. And your third click is to stop the
> > auto-playing video. :p
> >
> > Just kidding, but you get the gist. ;)
> >
>
> YES!!! Particularly the damn auto playing video.
> That must be disabled every time Firefox updates :-(

Either way, the point is that with notifications enabled across the
board, it doesn't matter what tabs you have open, because that one
particular site that sends the notification is picking up that you've
launched Firefox and will send out that notification, even when you're
not visiting that site.

I always disable notifications and only allow exceptions for the two
sites I've mentioned, i.e. YouTube and the Manjaro forum. Likewise for
sites wanting to know my location and wanting to access my camera and
microphone — neither of which I have on this particular computer
anyway.

But you do have to have your wits about you when setting up a
browser, and Firefox is no exception to that rule. If you don't want to
be tracked by Google, then you should always check the following...:

° Always send a "do not track me" signal to the server, not just in
private windows. (Note: Not al servers respect this. Most notably,
Google and Mozilla themselves do not respect this signal.)

° Disable the "Warn you for dangerous software", because that's a
Google spy tool. It checks every URL you visit against Google's
list of infected websites.

° Set DuckDuckGo as your main search engine and disable Google as
a search engine. Mozilla gets a considerable amount of money from
Google for making Google the default search engine in Firefox.

--
With respect,
= Aragorn

Re: virus warning

<t4sjte$3oj$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4677&group=alt.os.linux.mageia#4677

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!aioe.org!DXYF1aAsXE6lrZNouAzpVA.user.46.165.242.91.POSTED!not-for-mail
From: laidl...@hotkey.net.au (Doug Laidlaw)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 11:12:13 +1000
Organization: Aioe.org NNTP Server
Message-ID: <t4sjte$3oj$1@gioia.aioe.org>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: gioia.aioe.org; logging-data="3859"; posting-host="DXYF1aAsXE6lrZNouAzpVA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
 by: Doug Laidlaw - Wed, 4 May 2022 01:12 UTC

On 3/5/22 18:58, faeychild wrote:
> On 3/5/22 08:32, faeychild wrote:
>>
>>
>> This morning I had several warnings popup in the notification panel
>>
>> "Your PC is at risk
>> Viruses found - Click to fix"
>>
>> and followed by a red shield icon
>>
>> The last Waring was followed by a blue Windows Icon
>
>
> So further on today I've had web pages not loading or webpage menus not
> responding.
> And if I set every entry in the noscript menu to trusted, the webpages
> load fine.
>
> I may try un-installing noscript and see what happens.
>
> I just checked the "About Firefox" to get the version and the popup
> window was blank until I set noscript to all trusted
>
> Firefox  91.8.0esr (64-bit)
>
> I wonder about this and the coincidence with the virus warning
>
>
Linux is not by nature impervious to viruses; it is just that nobody has
written a virus for Linux. A magazine contained an article describing
in detail, how to write a basic virus for Linux.

I ALWAYS treat messages like yours as suspect, whether they look genuine
or not. This one looks to me like a phishing attempt. If you have no
other reason to suspect a virus, I would ignore it. All you need to do
to be infected is to open the message!

As an example of phishing, some time ago, I received an email, probably
purporting to be from eBay. (At this moment, a screen has popped up with
a window border style like Mint. I was able to close it; it was from a
HTML editor whose launcher was visible.) What I was trying to say was,
that every link in the message was genuine, EXCEPT the one for your
login information, which went to a different IP address, i.e. somebody's
home computer.

Doug.

Re: virus warning

<t4smcv$56v$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4679&group=alt.os.linux.mageia#4679

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 11:54:36 +1000
Organization: A noiseless patient Spider
Lines: 33
Message-ID: <t4smcv$56v$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net> <20220503180418.3ec614db@nx-74205>
<t4s9n6$lbi$1@dont-email.me> <20220504005705.136893e4@nx-74205>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 4 May 2022 01:54:39 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="ca65e53cff0c77f81fea82f15c86a8c1";
logging-data="5343"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/v1qkpbAXLtqwyy3aTIcCfQ40heiwRLcA="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:UnpWPSSUeUxQQndDZUmAWo11ny0=
In-Reply-To: <20220504005705.136893e4@nx-74205>
Content-Language: en-US
 by: faeychild - Wed, 4 May 2022 01:54 UTC

On 4/5/22 08:57, Aragorn wrote:

> But you do have to have your wits about you when setting up a
> browser, and Firefox is no exception to that rule. If you don't want to
> be tracked by Google, then you should always check the following...:
>
> ° Always send a "do not track me" signal to the server, not just in
> private windows. (Note: Not al servers respect this. Most notably,
> Google and Mozilla themselves do not respect this signal.)
>
> ° Disable the "Warn you for dangerous software", because that's a
> Google spy tool. It checks every URL you visit against Google's
> list of infected websites.
>
> ° Set DuckDuckGo as your main search engine and disable Google as
> a search engine. Mozilla gets a considerable amount of money from
> Google for making Google the default search engine in Firefox.
>

Yep! Most of those
Still considering DuckDuck

How have you set "HTTPS-Only Mode"
mine is set to "Don't". I wonder about it. I haven't researched it

--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<t4srag$2an$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4680&group=alt.os.linux.mageia#4680

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 13:18:37 +1000
Organization: A noiseless patient Spider
Lines: 42
Message-ID: <t4srag$2an$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 4 May 2022 03:18:41 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="ca65e53cff0c77f81fea82f15c86a8c1";
logging-data="2391"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19oUobh0O7iqUH5GzWaqnV1IOuNqMRZlJs="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:k2yVc6brk4YcRTj22w7BiVXJo0U=
In-Reply-To: <t4pm6b$ebu$1@dont-email.me>
Content-Language: en-US
 by: faeychild - Wed, 4 May 2022 03:18 UTC

On 3/5/22 08:32, faeychild wrote:
>
>
> This morning I had several warnings popup in the notification panel
>
> "Your PC is at risk
> Viruses found - Click to fix"
>
> and followed by a red shield icon
>
> The last Waring was followed by a blue Windows Icon
>
>
> So- clearly legit and competent  :-)
>
> It seems to be associated with Firefox. I have no antivirus only
> Ghostery and Noscript
>
> It is curious, though

Further developments are a feral "Noscript" that started breaking
websites yesterday
Sites fail to load or load incompletely
For instance, I thought to upload a screenshot of the notifications only
to find that "imagebox" site was blocked by Noscript

I had to check all as "trusted" to have it load.
Many other sites are behaving like this.

And I wonder if the virus warning is at all connected.

https://imgbox.com/rnbMTz1T

screenshot showing notification warnings

--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<t4ssc6$7ro$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4681&group=alt.os.linux.mageia#4681

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 13:36:35 +1000
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <t4ssc6$7ro$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 4 May 2022 03:36:39 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="ca65e53cff0c77f81fea82f15c86a8c1";
logging-data="8056"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Ckn0i4Ag00xl4nD1Mru1OxMcy85BD+1c="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:sM1Plzf+2tRHh2DW6LGA44AvBaA=
In-Reply-To: <t4sjte$3oj$1@gioia.aioe.org>
Content-Language: en-US
 by: faeychild - Wed, 4 May 2022 03:36 UTC

On 4/5/22 11:12, Doug Laidlaw wrote:

>
> I ALWAYS treat messages like yours as suspect, whether they look genuine
> or not.  This one looks to me like a phishing attempt.  If you have no
> other reason to suspect a virus, I would ignore it. All you need to do
> to be infected is to open the message!

I agree. A sudden arrival of multiple virus warnings, AND in the
notification panel as well, is highly suspicious.
And now with the noscript extension suddenly behaving badly, I can only
ponder

regards

--
faeychild
Running plasmashell 5.20.4 on 5.15.35-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: virus warning

<slrnt73tgf.amlf.BitTwister@wb.home.test>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4682&group=alt.os.linux.mageia#4682

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 22:42:07 -0500
Organization: A noiseless patient Spider
Lines: 72
Message-ID: <slrnt73tgf.amlf.BitTwister@wb.home.test>
References: <t4pm6b$ebu$1@dont-email.me> <t4srag$2an$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="83c7554ef4ad2f65cdafb2a130c25b7f";
logging-data="3769"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/nt3vHPBEBqpunnHGg1tvG4DtN1+qNyJ4="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:YERkXgUGcSLIfEHo2nklnnMaXNE=
 by: Bit Twister - Wed, 4 May 2022 03:42 UTC

On Wed, 4 May 2022 13:18:37 +1000, faeychild wrote:
> On 3/5/22 08:32, faeychild wrote:
>>
>>
>> This morning I had several warnings popup in the notification panel

Ah, so, Now we can see that those were not notifications in the panel.
They were pop up from web site.

>> "Your PC is at risk
>> Viruses found - Click to fix"
>>
>> and followed by a red shield icon
>>
>> The last Waring was followed by a blue Windows Icon
>>
>>
>> So- clearly legit and competent  :-)

Nope, usual window crap from either an infected site or just click bait
for the site to gain ad revenue. A bit of reflection should make a linux
user wonder how a web page can scan the install for viruses. :)

>> It seems to be associated with Firefox. I have no antivirus only
>> Ghostery and Noscript
>>
>> It is curious, though
>
>
> Further developments are a feral "Noscript" that started breaking
> websites yesterday
> Sites fail to load or load incompletely
> For instance,

And yet more useless information. :(

PROVIDE LINK(s) TO ALLOW US TO AT LEAST HAVING A SHOT AT TELLING
_YOU_ IF THE PROBLEM IS GLOBAL OR JUST LOCAL ON YOUR SYSTEM.

> I thought to upload a screenshot of the notifications only
> to find that "imagebox" site was blocked by Noscript

FYI: You can use import desired.format_here to pull items off your screen
improving pointing attention to desired item. Example: import random_name.png or
import random_name.jpg

$ get_src_rpm import

Looked for : import
Using : /usr/bin/magick
Installed rpm : imagemagick-7.0.10.62-1.mga8.tainted
rpm short name: imagemagick
Source rpm : imagemagick-7.0.10.62-1.mga8.tainted.src.rpm
Information : http://www.imagemagick.org/
Packager : neoclust <neoclust>
Summary : An X application for displaying and manipulating images
List rpm contents: rpm --query --list imagemagick-7.0.10.62-1.mga8.tainted

> I had to check all as "trusted" to have it load.
> Many other sites are behaving like this.
>
> And I wonder if the virus warning is at all connected.
>
> https://imgbox.com/rnbMTz1T
>
> screenshot showing notification warnings

Yep, all site generated pop ups.

Re: virus warning

<slrnt73u7r.amlf.BitTwister@wb.home.test>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4683&group=alt.os.linux.mageia#4683

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Tue, 3 May 2022 22:54:35 -0500
Organization: A noiseless patient Spider
Lines: 34
Message-ID: <slrnt73u7r.amlf.BitTwister@wb.home.test>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org> <t4ssc6$7ro$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="83c7554ef4ad2f65cdafb2a130c25b7f";
logging-data="3769"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+bEbI0tUj6c7vYSsaXcoRy6UMwkElMkZc="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:TwFSzPkd2mw7T8tcstMqFkLKhxg=
 by: Bit Twister - Wed, 4 May 2022 03:54 UTC

On Wed, 4 May 2022 13:36:35 +1000, faeychild wrote:
> On 4/5/22 11:12, Doug Laidlaw wrote:
>
>>
>> I ALWAYS treat messages like yours as suspect, whether they look genuine
>> or not.  This one looks to me like a phishing attempt.  If you have no
>> other reason to suspect a virus, I would ignore it. All you need to do
>> to be infected is to open the message!
>
>
> I agree. A sudden arrival of multiple virus warnings, AND in the
> notification panel as well, is highly suspicious.
> And now with the noscript extension suddenly behaving badly, I can only
> ponder

If you are not going to give us failing urls you could at least use a test
account to very if problem is system wide or just local to your account.
For example I have a test account "junk". It becomes trivial for me to
click up a xterm
su -u junk
\rm -r .mozilla/*
firefox
and install noscript.

The above deletes previous firefox user files and forces firefox into
a pristine setup without any user changes.

If same noscript errors/problems on same URLs in junk indicates a sysetm
wide problem.

Note site may notice connection from same IP addy and respond differently.

Re: virus warning

<20220504160700.3bd09230@nx-74205>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4684&group=alt.os.linux.mageia#4684

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: thoron...@telenet.be (Aragorn)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Wed, 4 May 2022 16:07:00 +0200
Organization: A noiseless patient Strider
Lines: 43
Message-ID: <20220504160700.3bd09230@nx-74205>
References: <t4pm6b$ebu$1@dont-email.me>
<t4poe2$tb2$1@dont-email.me>
<op.1lkdh60ha3w0dxdave@hodgins.homeip.net>
<20220503180418.3ec614db@nx-74205>
<t4s9n6$lbi$1@dont-email.me>
<20220504005705.136893e4@nx-74205>
<t4smcv$56v$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: reader02.eternal-september.org; posting-host="8006c1b694c25f9ffee9e2d0326fc8ba";
logging-data="22285"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18j5yYdiYWafhv+yA2L1z1C"
Cancel-Lock: sha1:prdUrBCJxZ/5VsmpzZnjCfx8qFw=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: Aragorn - Wed, 4 May 2022 14:07 UTC

On 04.05.2022 at 11:54, faeychild scribbled:

> On 4/5/22 08:57, Aragorn wrote:
>
> > But you do have to have your wits about you when setting up a
> > browser, and Firefox is no exception to that rule. If you don't
> > want to be tracked by Google, then you should always check the
> > following...:
> >
> > ° Always send a "do not track me" signal to the server, not just
> > in private windows. (Note: Not al servers respect this. Most
> > notably, Google and Mozilla themselves do not respect this
> > signal.)
> >
> > ° Disable the "Warn you for dangerous software", because that's a
> > Google spy tool. It checks every URL you visit against Google's
> > list of infected websites.
> >
> > ° Set DuckDuckGo as your main search engine and disable Google as
> > a search engine. Mozilla gets a considerable amount of money
> > from Google for making Google the default search engine in
> > Firefox.
>
> Yep! Most of those
> Still considering DuckDuck
>
> How have you set "HTTPS-Only Mode"
> mine is set to "Don't". I wonder about it. I haven't researched it

Well, I use Chromium as my main browser with Firefox — and most
specifically, it's a modified Firefox from the Arch User Repository,
with extended support for KDE Plasma integration, such as "global menu"
support (which I need) — as a fallback. Both are set to https-only, but
with an exception for my router, which does not accept https.

I've also got Falkon and Pale Moon installed, but I rarely ever use
those, and I haven't even checked whether it's enabled there.

--
With respect,
= Aragorn

Re: virus warning

<t50gcg$5qs$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4702&group=alt.os.linux.mageia#4702

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: TJ...@noneofyour.business (TJ)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Thu, 5 May 2022 08:36:24 -0400
Organization: A noiseless patient Spider
Lines: 47
Message-ID: <t50gcg$5qs$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 5 May 2022 12:36:32 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="2208d43859cc1d47d3f215595a0977aa";
logging-data="5980"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+RyE3UzClWUDg8O1DG0I5Ivj/Y1PLUCoc="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:9VSz4TBb5QI/8Sj11KIDB7LCbdA=
In-Reply-To: <t4sjte$3oj$1@gioia.aioe.org>
Content-Language: en-US
 by: TJ - Thu, 5 May 2022 12:36 UTC

On 5/3/22 21:12, Doug Laidlaw wrote:
>>
> Linux is not by nature impervious to viruses; it is just that nobody has
> written a virus for Linux.  A magazine contained an article describing
> in detail, how to write a basic virus for Linux.
>
I wouldn't get too complacent with that theory. In my years on the
Mageia QA team, every once in a while we get a security hole fix that is
urgent to test because the hole is known to have been exploited "in the
wild."

So it isn't that "nobody" has written malware for Linux - it's just much
less common.

> I ALWAYS treat messages like yours as suspect, whether they look genuine
> or not.  This one looks to me like a phishing attempt.  If you have no
> other reason to suspect a virus, I would ignore it. All you need to do
> to be infected is to open the message!
>
> As an example of phishing, some time ago, I received an email, probably
> purporting to be from eBay. (At this moment, a screen has popped up with
> a window border style like Mint.  I was able to close it; it was from a
> HTML editor whose launcher was visible.)  What I was trying to say was,
> that every link in the message was genuine, EXCEPT the one for your
> login information, which went to a different IP address, i.e. somebody's
> home computer.
>
>
Some of these things are platform-independent. It's been a long time
since this happened, but I remember clicking on a site from a Google
search years back that immediately redirected me to something that had a
notification pop up like happened to the OP, clearly meant for Windows
users, but affecting Linux Firefox anyway. The difference was that I
couldn't close it through normal means. It took my browser over almost
completely. I had to resort to ctrl-alt-delete to stop it.

Like I said, it hasn't happened for a long time. That's probably because
of the many changes that have happened to Firefox in the years since. I
have seen a popup now and again, but they don't take over the browser
any more.

I don't use Google as my search engine these days, and I don't miss it
even a little bit. I use DuckDuckGo. If it wasn't the nightmare it would
be to change it everywhere I do business I'd consider dumping Gmail as well.

TJ

Re: virus warning

<slrnt77n4g.8lpt.BitTwister@wb.home.test>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4705&group=alt.os.linux.mageia#4705

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!paganini.bofh.team!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Thu, 5 May 2022 09:17:50 -0500
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <slrnt77n4g.8lpt.BitTwister@wb.home.test>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org> <t50gcg$5qs$1@dont-email.me>
Injection-Info: reader02.eternal-september.org; posting-host="19ccdb73de1447c652e5db2c2e8d4293";
logging-data="16364"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/ArbaW8Byk/HSDJoPKr+RAoexNRkXa9jk="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:IdYRhEKLW0horotGuCiy0hUPjSA=
 by: Bit Twister - Thu, 5 May 2022 14:17 UTC

On Thu, 5 May 2022 08:36:24 -0400, TJ wrote:

> Some of these things are platform-independent. It's been a long time
> since this happened, but I remember clicking on a site from a Google
> search years back that immediately redirected me to something that had a
> notification pop up like happened to the OP, clearly meant for Windows
> users, but affecting Linux Firefox anyway. The difference was that I
> couldn't close it through normal means. It took my browser over almost
> completely. I had to resort to ctrl-alt-delete to stop it.

Yup, been there, done that, have the T-shirt and hat.

I have FF set up to always switch to new tab/window and middle click mouse
to see link page.
That gives me a chance to use Ctl w to close the current tab window.

Sometimes I can use a desktop hot key to switch desktop window to
get a root prompt to kill firefox.

> I don't use Google as my search engine these days, and I don't miss it
> even a little bit. I use DuckDuckGo. If it wasn't the nightmare it would
> be to change it everywhere I do business I'd consider dumping Gmail as well.

HEHEHEHE, I was thinking the same thing because they broke my fetchmail script.
Was real happy to get it back running about two or three days ago.

I do have to work on postfix to see if I can get it to send via gmail from my node.

Re: virus warning

<20220505170012.3a5e90f0@nx-74205>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4706&group=alt.os.linux.mageia#4706

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: thoron...@telenet.be (Aragorn)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Thu, 5 May 2022 17:00:12 +0200
Organization: A noiseless patient Strider
Lines: 38
Message-ID: <20220505170012.3a5e90f0@nx-74205>
References: <t4pm6b$ebu$1@dont-email.me>
<t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org>
<t50gcg$5qs$1@dont-email.me>
<slrnt77n4g.8lpt.BitTwister@wb.home.test>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: reader02.eternal-september.org; posting-host="208cb5560e2d3fe018ac6d20852543de";
logging-data="11372"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18fAbNmf+y07RWdNbRi/i5I"
Cancel-Lock: sha1:xOr47RG+gv6CA/rXsCaNhVIUAfQ=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: Aragorn - Thu, 5 May 2022 15:00 UTC

On 05.05.2022 at 09:17, Bit Twister scribbled:

> On Thu, 5 May 2022 08:36:24 -0400, TJ wrote:
>
> > Some of these things are platform-independent. It's been a long time
> > since this happened, but I remember clicking on a site from a Google
> > search years back that immediately redirected me to something that
> > had a notification pop up like happened to the OP, clearly meant
> > for Windows users, but affecting Linux Firefox anyway. The
> > difference was that I couldn't close it through normal means. It
> > took my browser over almost completely. I had to resort to
> > ctrl-alt-delete to stop it.
>
> Yup, been there, done that, have the T-shirt and hat.
>
> I have FF set up to always switch to new tab/window and middle click
> mouse to see link page.
> That gives me a chance to use Ctl w to close the current tab window.
>
> Sometimes I can use a desktop hot key to switch desktop window to
> get a root prompt to kill firefox.

Doesn't Ctrl+Alt+Esc followed by a mouse-click on the offending window
work anymore in Mageia? (It's independent of the chosen window manager
or desktop environment.)

In Manjaro it still does, and last I checked, in PCLinuxOS as well —
for details, please consult Mrs. Sellers of the PCLOS Marketing
Department. :p

I'd be surprised if Mageia had somehow decided to disable that
functionality, although admittedly, I don't know whether it works under
Wayland. That's a very different beast, of course.

--
With respect,
= Aragorn

[OT] Re: virus warning

<slrnt77qdo.8lpt.BitTwister@wb.home.test>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4707&group=alt.os.linux.mageia#4707

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: [OT] Re: virus warning
Date: Thu, 5 May 2022 10:14:00 -0500
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <slrnt77qdo.8lpt.BitTwister@wb.home.test>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org> <t50gcg$5qs$1@dont-email.me>
<slrnt77n4g.8lpt.BitTwister@wb.home.test>
<20220505170012.3a5e90f0@nx-74205>
Injection-Info: reader02.eternal-september.org; posting-host="19ccdb73de1447c652e5db2c2e8d4293";
logging-data="17359"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18axpjTXE26svFbb5ruprPH36oK1EjqwYQ="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:XFWcN+kI3lcAdLNG+hXhu1/KOr8=
 by: Bit Twister - Thu, 5 May 2022 15:14 UTC

On Thu, 5 May 2022 17:00:12 +0200, Aragorn wrote:
> On 05.05.2022 at 09:17, Bit Twister scribbled:
>
>> On Thu, 5 May 2022 08:36:24 -0400, TJ wrote:
>>
>> > Some of these things are platform-independent. It's been a long time
>> > since this happened, but I remember clicking on a site from a Google
>> > search years back that immediately redirected me to something that
>> > had a notification pop up like happened to the OP, clearly meant
>> > for Windows users, but affecting Linux Firefox anyway. The
>> > difference was that I couldn't close it through normal means. It
>> > took my browser over almost completely. I had to resort to
>> > ctrl-alt-delete to stop it.
>>
>> Yup, been there, done that, have the T-shirt and hat.
>>
>> I have FF set up to always switch to new tab/window and middle click
>> mouse to see link page.
>> That gives me a chance to use Ctl w to close the current tab window.
>>
>> Sometimes I can use a desktop hot key to switch desktop window to
>> get a root prompt to kill firefox.
>
> Doesn't Ctrl+Alt+Esc followed by a mouse-click on the offending window
> work anymore in Mageia?

Never tried it. Do not want to try while replying to this post.

> (It's independent of the chosen window manager
> or desktop environment.)

Ok, I am using Xfce as DE.

Re: virus warning

<t50snb$e02$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4708&group=alt.os.linux.mageia#4708

 copy link   Newsgroups: alt.os.linux.mageia
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: TJ...@noneofyour.business (TJ)
Newsgroups: alt.os.linux.mageia
Subject: Re: virus warning
Date: Thu, 5 May 2022 12:07:06 -0400
Organization: A noiseless patient Spider
Lines: 44
Message-ID: <t50snb$e02$1@dont-email.me>
References: <t4pm6b$ebu$1@dont-email.me> <t4qqs4$d51$1@dont-email.me>
<t4sjte$3oj$1@gioia.aioe.org> <t50gcg$5qs$1@dont-email.me>
<slrnt77n4g.8lpt.BitTwister@wb.home.test>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 5 May 2022 16:07:07 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bccfb17c61cff37a3c31741a1aecfb88";
logging-data="14338"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+5JRTI9aveutAuCRsgzqGe12EVtU9VBAk="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.8.1
Cancel-Lock: sha1:RXE7MkQK5VBwxRYIuTCn9GBG9K0=
In-Reply-To: <slrnt77n4g.8lpt.BitTwister@wb.home.test>
Content-Language: en-US
 by: TJ - Thu, 5 May 2022 16:07 UTC

On 5/5/22 10:17, Bit Twister wrote:
> On Thu, 5 May 2022 08:36:24 -0400, TJ wrote:
>
>
>> Some of these things are platform-independent. It's been a long time
>> since this happened, but I remember clicking on a site from a Google
>> search years back that immediately redirected me to something that had a
>> notification pop up like happened to the OP, clearly meant for Windows
>> users, but affecting Linux Firefox anyway. The difference was that I
>> couldn't close it through normal means. It took my browser over almost
>> completely. I had to resort to ctrl-alt-delete to stop it.
>
> Yup, been there, done that, have the T-shirt and hat.
>
> I have FF set up to always switch to new tab/window and middle click mouse
> to see link page.
> That gives me a chance to use Ctl w to close the current tab window.
>
> Sometimes I can use a desktop hot key to switch desktop window to
> get a root prompt to kill firefox.
>
As I think about it, I don't remember getting one of those "takeover"
sites since Firefox was revamped to not use the old plugins any more,
something about running tabs/windows in a sandbox now. Although, it
actually could be longer even than that.

I too have my search engine set to open a new tab when I click on a
link, so maybe that makes a difference. I have seen phony "Your PC is
INFECTED" sites, but all I have to do is close the tab.
>
>> I don't use Google as my search engine these days, and I don't miss it
>> even a little bit. I use DuckDuckGo. If it wasn't the nightmare it would
>> be to change it everywhere I do business I'd consider dumping Gmail as well.
>
> HEHEHEHE, I was thinking the same thing because they broke my fetchmail script.
> Was real happy to get it back running about two or three days ago.
>
> I do have to work on postfix to see if I can get it to send via gmail from my node.

I couldn't dump gmail altogether, anyway. I need a google account of
some sort to be able to use the "Google Play Store" (terrible name for a
repository) to install even free software on my Android devices.

TJ

Pages:123
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor