Visited malicious website. Now what?

Issues & Assistance Unsupported Software (AUR & Other)
1

I visited a webpage that I post-mortem found to be malicious (by scanning it via virustotal.com). I'm worried that something bad might happen to my computer in the background. What should I do?

garuda-inxi:

System:
  Kernel: 5.15.79-1-lts arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-lts
    root=UUID=4bc99fd1-6a7e-4096-8fca-ccd010a3944b rw rootflags=subvol=@
    quiet quiet splash rd.udev.log_priority=3 vt.global_cursor_default=0
    loglevel=3
  Desktop: Xfce v: 4.16.1 tk: Gtk v: 3.24.34 info: xfce4-panel wm: xfwm
    v: 4.16.1 vt: 7 dm: LightDM v: 1.32.0 Distro: Garuda Linux base: Arch Linux
Machine:
  Type: Laptop System: Acer product: Aspire A315-56 v: V1.15
    serial: <superuser required>
  Mobo: IL model: Sleepy_IL v: V1.15 serial: <superuser required>
    UEFI: Insyde v: 1.15 date: 07/13/2020
Battery:
  ID-1: BAT1 charge: 40.2 Wh (100.0%) condition: 40.2/47.8 Wh (84.1%)
    volts: 12.0 min: 11.2 model: LGC AP18C8K type: Li-ion serial: N/A
    status: full
CPU:
  Info: model: Intel Core i3-1005G1 bits: 64 type: MT MCP arch: Ice Lake
    gen: core 10 level: v4 note: check built: 2019-21 process: Intel 10nm
    family: 6 model-id: 0x7E (126) stepping: 5 microcode: 0xB6
  Topology: cpus: 1x cores: 2 tpc: 2 threads: 4 smt: enabled cache:
    L1: 160 KiB desc: d-2x48 KiB; i-2x32 KiB L2: 1024 KiB desc: 2x512 KiB
    L3: 4 MiB desc: 1x4 MiB
  Speed (MHz): avg: 1505 high: 2223 min/max: 400/3400 scaling:
    driver: intel_pstate governor: powersave cores: 1: 2223 2: 1197 3: 1301
    4: 1300 bogomips: 9523
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities:
  Type: itlb_multihit status: KVM: VMX disabled
  Type: l1tf status: Not affected
  Type: mds status: Not affected
  Type: meltdown status: Not affected
  Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable
  Type: retbleed mitigation: Enhanced IBRS
  Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
    prctl and seccomp
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
    sanitization
  Type: spectre_v2 mitigation: Enhanced IBRS, IBPB: conditional, RSB
    filling, PBRSB-eIBRS: SW sequence
  Type: srbds mitigation: Microcode
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: Intel Iris Plus Graphics G1 vendor: Acer Incorporated ALI
    driver: i915 v: kernel arch: Gen-11 process: Intel 10nm built: 2019-21
    ports: active: eDP-1 empty: HDMI-A-1 bus-ID: 00:02.0 chip-ID: 8086:8a56
    class-ID: 0300
  Device-2: Quanta HD User Facing type: USB driver: uvcvideo bus-ID: 1-7:4
    chip-ID: 0408:a061 class-ID: 0e02
  Display: x11 server: X.Org v: 21.1.4 compositor: xfwm v: 4.16.1 driver: X:
    loaded: modesetting alternate: fbdev,intel,vesa dri: iris gpu: i915
    display-ID: :0.0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
    s-diag: 582mm (22.93")
  Monitor-1: eDP-1 model: BOE Display 0x07cb built: 2018 res: 1920x1080
    hz: 60 dpi: 142 gamma: 1.2 size: 344x193mm (13.54x7.6") diag: 394mm (15.5")
    ratio: 16:9 modes: 1920x1080
  API: OpenGL Message: Unable to show GL data. Required tool glxinfo
    missing.
Audio:
  Device-1: Intel Ice Lake-LP Smart Sound Audio vendor: Acer Incorporated ALI
    driver: snd_hda_intel v: kernel alternate: snd_sof_pci_intel_icl
    bus-ID: 00:1f.3 chip-ID: 8086:34c8 class-ID: 0403
  Sound API: ALSA v: k5.15.79-1-lts running: yes
  Sound Server-1: PulseAudio v: 16.1 running: no
  Sound Server-2: PipeWire v: 0.3.60 running: yes
Network:
  Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    vendor: Acer Incorporated ALI driver: r8169 v: kernel pcie: gen: 1
    speed: 2.5 GT/s lanes: 1 port: 4000 bus-ID: 01:00.0 chip-ID: 10ec:8168
    class-ID: 0200
  IF: enp1s0 state: down mac: <filter>
  Device-2: Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter
    vendor: Lite-On driver: ath10k_pci v: kernel pcie: gen: 1 speed: 2.5 GT/s
    lanes: 1 bus-ID: 02:00.0 chip-ID: 168c:0042 class-ID: 0280
  IF: wlp2s0 state: up mac: <filter>
  IF-ID-1: tun0 state: unknown speed: 10 Mbps duplex: full mac: N/A
Bluetooth:
  Device-1: Lite-On Qualcomm Atheros QCA9377 Bluetooth type: USB driver: btusb
    v: 0.8 bus-ID: 1-10:5 chip-ID: 04ca:3015 class-ID: e001
  Report: bt-adapter ID: hci0 rfk-id: 2 state: up address: <filter>
Drives:
  Local Storage: total: 238.47 GiB used: 124.27 GiB (52.1%)
  SMART Message: Required tool smartctl not installed. Check --recommends
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston
    model: RBUSNS8154P3256GJ1 size: 238.47 GiB block-size: physical: 512 B
    logical: 512 B speed: 15.8 Gb/s lanes: 2 type: SSD serial: <filter>
    rev: E8FK12.3 temp: 28.9 C scheme: GPT
Partition:
  ID-1: / raw-size: 238.21 GiB size: 238.21 GiB (100.00%)
    used: 124.27 GiB (52.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-2: /boot/efi raw-size: 260 MiB size: 256 MiB (98.46%)
    used: 594 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
  ID-3: /home raw-size: 238.21 GiB size: 238.21 GiB (100.00%)
    used: 124.27 GiB (52.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-4: /var/log raw-size: 238.21 GiB size: 238.21 GiB (100.00%)
    used: 124.27 GiB (52.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-5: /var/tmp raw-size: 238.21 GiB size: 238.21 GiB (100.00%)
    used: 124.27 GiB (52.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
  ID-1: swap-1 type: zram size: 7.56 GiB used: 0 KiB (0.0%) priority: 100
    dev: /dev/zram0
Sensors:
  System Temperatures: cpu: 54.0 C mobo: N/A
  Fan Speeds (RPM): N/A
Info:
  Processes: 267 Uptime: 4m wakeups: 1 Memory: 7.56 GiB used: 3.35 GiB (44.4%)
  Init: systemd v: 252 default: graphical tool: systemctl Compilers:
  gcc: 12.2.0 clang: 14.0.6 Packages: pm: pacman pkgs: 1441 libs: 379
  tools: paru Shell: Bash v: 5.1.16 running-in: xfce4-terminal inxi: 3.3.23
Garuda (2.6.9-1):
  System install date:     2022-09-11
  Last full system update: 2022-11-24
  Is partially upgraded:   No
  Relevant software:       NetworkManager
  Windows dual boot:       No/Undetected
  Snapshots:               Snapper (maybe)
  Failed units:
1 Like
2

Delete your browser history and cookies.

2 Likes
3

What kind of malware did virustotal report?
That could hint at what the page was trying to do (like, trying to drop malicious files somewhere on your system vs "just" abusing your cpu time and network bandwidth).
I'm no security expert, in any case I'd say look into it but don't worry too much.

4

Use "sign out from all devices" function of websites you were logged in to.

5

You can take some comfort in the fact that the majority of computer viruses are written for Windows, and often can't even run on a Linux machine. Still, Linux viruses are on the rise. If Linux continues to become more popular, then that trend will unfortunately worsen as well.

If you want to scan your system for viruses, ClamAV is a well-known antimalware option that is kept up to date with the latest virus definitions, et cetera. It has fairly robust configuration options, although it is not known for being simple to set up. Running a one-off scan, however, is very trivial.

First, install it (bring your system fully up to date before installing a package):

sudo pacman -S clamav

Update the virus definitions:

sudo freshclam

Then you can point a clamscan at your downloads directory, your entire home folder, or even scan your whole system by pointing it at root:

sudo clamscan -riv /

You can expect it to take at least a few hours if you scan your whole system, so maybe start the scan when you will be away from the computer for a while. As long as you pass the -i flag you will get a summary of any infected files found after the scan is complete.

Update

I ran a full system scan as described above last night because I was curious how long it would actually take. It took thirteen hours! :flushed:

----------- SCAN SUMMARY -----------
Known viruses: 8644822
Engine version: 0.105.1
Scanned directories: 273152
Scanned files: 6094124
Infected files: 0
Total errors: 23232
Data scanned: 323792.73 MB
Data read: 406496.01 MB (ratio 0.80:1)
Time: 47639.331 sec (793 m 59 s)
Start Date: 2022:11:27 12:24:52
End Date:   2022:11:28 01:38:51
7 Likes
6

I have used clamscan quite a bit in the past, moreso when I was still using Windows. I mostly used it for scanning my Windows partitions for malware. I don't think it ever found a legitimate issue on my Linux system, but there were many false positives. I gave up on it for that reason when I stopped using Windows, as it just seemed redundant with Linux's lack of malware.

Of course, things are changing so there may be a need for Linux users to run an AV program in the future. I just don't think Linux is exposed to enough of a security threat to worry about running a full time AV at this point. :person_shrugging:

7

Likewise--I've never found an actual virus with it, only a few false positives.

I don't have it running all the time either, I agree that seems unnecessary for my particular use. I only use it from time to time for one-off scans in case I...*ahem*...accidentally pull down a torrent off of the Pirate Bay or similar, just to double-check I didn't wind up with any uninvited guests.

1 Like
8

You might want to consider using a good VPN for times like these. . :slight_smile:

1 Like
9

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.