First sorry for posting here but there’s no security forum and I think I just “mucked” up.
Long story, made short as possible: noticed file in Download dir called gmail.py. clicked on file, there was a system beep. I thank wtf, than notice a file called os. A file of type ps. Thank wtf, right click> open with> orkular. this file is a screenshot of my DTop when I clicked on this gmail.py file. Open gmail.py with kwrite, it is a Python script asking for my gmail password. I promptly deleted entire Download dir. The last thing I downloaded was a program called Transmute for converting bookmarks from one browser to the next. I “did not” install this app, was simple looking at source code. Undoubtly, I need to change password(s), but concerned about the possiblity of key logger. How can I found this out?
I’m about to have a look at files recently modified. I have tcp_portmon on conky, watching it. Hopefully I just needlessly freaked. But, click on mysterious file, system beep, now screenshot of dt, :O.
On 06/16/2012 03:46 PM, ogbi-web kenobi wrote:
> noticed file in Download dir called
> gmail.py. clicked on file, there was a system beep
why would the first thing you do is run a suspect file?
wouldn’t it be better/safer to inspect (with a single right click) it first!? and ask yourself a few questions:
-is the file executable? (BEFORE clicking it)
-where did it come from?
-what is the date of the file?
-what is inside it?
-what are the results of a google on the file name
<https://www.google.com/search?q=gmail.py>
or post here and ask before freaking (or executing)…
so, why not show us the entire gmail.py script?
oh no, you already destroyed the evidence…pity.
so, i guess it is actually in the trash can, huh? (so, if it is
dangerous it is still around, huh?..relax a little, i bet it is not so
harmful that it can do more than delete your entire home folder or steal
your gmail account…(and, i’m sure you have a backup of your home
folder, and gmail accounts are free, and you would never store a list of
bank passwords in a gmail…so . . .)
unless, if you executed it while logged in as root then it could kill
the entire system, or install a root kit, and/or email every secret to
the bad guys . . .]
dd, yes all very good questions, that unforunately I have no, intelligent answer for. Why did i execute a mysterious file? I asked myself that right after I did it. All is good anyway (ie needlessly freaked). But still don’t know where the file came from. I don’t do alot of downloading and looked at everything in my seamonkey download manager. The only possiblities are some fonts I got from dafont.com. But at least I have learned a few very valuable lessons. Pay “better” attention to what I’m downloading. Pay “better” attention to what files are being extracted from the .gz, etc file so i know where a certain file has come from. And “do not” click with something you know nothing about.
As for my gmail account, if Israel wants the password to 2000+ spam messages, you don’t need to use stuxnix, just ask for it. lulz
Thanks for the reply.
And yes, I’m not so noobish that i don’t have backups of my home partition. Just thought I should mention that.