monstermarketplace malware for linux?
So I do a search for this monstermarketthing and it looks like reverse
On 9/26/12, Edward C. Jones <email@example.com> wrote:
> I use up-to-date Debian testing (wheezy), amd64 architecture.
> When I do a Google search, I sometimes get a window asking if I want to
> do a search at monstermarketplace.com. For Windows, there is a piece of
> malware with this name. Does this malware now exist for linux systems?
> If so, how do I get rid of it?
If my suspicions are unfounded, are you running as root? If so,
consider yourself hosed. I'm not sure I'd even trust the motherboard
If not, if you do your day-to-day work from an non-admin account,
start with clearing all your cache, cookies, and history, and
un-installing any suspicious browser extensions. Clear your bookmarks,
too, all but the ones you really need and know you can trust. Restart
If it still happens, un-install all extensions and clear all
bookmarks. If there's a bookmark you really need, think twice, three
times, and if you still think you trust and need it, open up a text
editor and copy-paste the url into the text editor. Repeat, only for
necessary bookmarks, and save the text document as something like
"bookmark_urls.txt". Then clear your bookmarks and restart your
If it still happens, shut your browser down and nuke your .mozilla
configuration directory. As in "rm -rf ~/.mozilla/*".
If you still get re-directs, you have six options, take you pick which
you go with first:
(0) Consider where you spend your time on the web. You could be fixing
your problem every time you shut down your browser, only to have a
never goes away into your browsing session.
(1) Check your DNS infractructure. Can you trust the servers that are
matching your domain name requests with IP addresses? One might be
occasionally feeding your requests to a troll.
(2) Nuke your user account. Back up your data first. Don't back up
your configurations, because something could be hiding in there. Grab
the text-only bookmarks you saved (but remember the problem I
mentioned in (0)). Log in as an admin and erase the account.
Completely. Make a new account. Maybe even a new user name/id,
definitely a new password. Use a good password, of course. Restore
your data, using chown as appropriate if you changed the userid.
(3) Back up all user data for all accounts on the system, wipe the
system, and re-install.
(4) Hey, it's a good time for a new hard disk, anyway. Install a fresh
system on the new hard disk and mount the old one under /suspicious
and carefully move the data you need from the old drive to the new
one, as you need it. Maybe do some forensics on the drive in your
(5) Maybe it's a good excuse to update the motherboard with the new
disk. (See (4).)
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org