A virus in Linux? [solved]

I’m having a problem with Yahoo in Ubuntu 14.04. Basically it’s seized up, but the worrying part is that is says “transferring data from s.yimg.com”, which appears to be a virus.

Only Yahoo sems to be affected so far, but it’s the same story on a laptop and a desktop, both running 14.04.

Any ideas please?

It’s not going to be a “virus”, it’s actually registered by Yahoo

s.yimg.com resolves to 217.12.1.151

and a whois lookup says

whois 217.12.1.151
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '217.12.0.0 - 217.12.2.255'

% Abuse contact for '217.12.0.0 - 217.12.2.255' is '[email protected]'

inetnum:        217.12.0.0 - 217.12.2.255
netname:        YAHOONET
descr:          Yahoo! Europe
descr:          =======================================
descr:          Abuse reports to [email protected]
descr:          =======================================
country:        GB
admin-c:        YEU-RIPE
tech-c:         YEU-RIPE
status:         ASSIGNED PA
mnt-by:         YAHOO-MNT
created:        2004-10-22T10:38:15Z
last-modified:  2006-10-13T14:12:57Z
source:         RIPE

role:           Yahoo Europe Operations Department
address:        Yahoo Europe Operations
address:        125 Shaftesbury Avenue
address:        London
address:        WC2H 8AD
remarks:        trouble: [email protected]
admin-c:        NA1231-RIPE
tech-c:         NA1231-RIPE
tech-c:         IG1154-RIPE
nic-hdl:        YEU-RIPE
mnt-by:         YAHOO-MNT
created:        2005-02-21T10:54:13Z
last-modified:  2014-03-25T20:11:11Z
source:         RIPE # Filtered
abuse-mailbox:  [email protected]

% Information related to '217.12.0.0/20AS15635'

route:          217.12.0.0/20
descr:          Yahoo-EU-NET
origin:         AS15635
mnt-by:         YAHOO-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:33:24Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.88 (WAGYU)

You could try clearing your web browser cache then restarting your browser … and/or disabling any browser add-ons.

But as I said, it’s NOT a “virus”, if anything it’d be a simple hijacker … but most likely just yahoo serving up adverts or something.

If in doubt and paranoid, reset your browser back to defaults by renaming it’s config directory in your home folder … if you want to do this (but be aware you’ll loose ALL passwords/bookmarks/etc.) and you’re running Firefox…

With Firefox closed, run:

mv -v ~/.mozilla ~/.mozilla-backup

now when you next open firefox it will be back to defaults and completely clean

Thanks Mark,
As long as it’s not a virus I think I’ll do nothing. I’ve since discovered the problem doesn’t exist in chromium, so I’ll use that for Yahoo.

I’m still a bit baffled though. I thought these things couldn’t sneak through in linux. I’m beginning to wonder about Firefox, although I like several of it’s features enough to keep it in reserve…

Browser hijackers (or any other browser based hack) CAN “get into Linux”, but they cannot do anything outside your home folder.

In fact they’re unlikely to even break out of your browser config directory (hidden folder in your home folder).

So they can do limited (or no) damage.

OK thanks Mark,

Is there a browser you’d particularly recommend? As I said, FF has a couple of features I like, but otherwise it seems to be getting slow and saying “Well, this is embarrassing” a bit too often.

Not really, Firefox has always been my firm favourite … so if I were to recommend one it’d be Firefox.

Take your pick, there’s a load of em out there :wink:

OK thanks Mark,

I’ll stick with FF and Chromium for now, then.

Your help much appreciated as always. I’ll mark this solved now.

M