This is probably not the right community but I haven’t found a better one.

So I watched a video from Seytonic where he mentiond that some malware creates a windows link with the name of the usb on a usb. So I checked my usb because I remembered that I had to click 2 times on my usb to opened it. I found a link that contained cmd.exe and a name of a file next to it. Upload to the virustotal showed Raspberry Roblin worm.

I use Linux but my familly uses windows so I will have to go through all familly computers and remove the worm. Where can I find info how to remove this specific worm - Raspberry Roblin? On google I found a description about how the worm works but not specific files it creates and how to remove it.

The first page that shows up is microsoft.com and it says that windows defender detects the worm, but clearly it doesnt.

  • stevedidwhat_infosec@infosec.pub
    link
    fedilink
    arrow-up
    8
    ·
    6 months ago

    Here’s probably all the info you could ever need:

    https://redcanary.com/blog/threat-intelligence/raspberry-robin/

    Next, you need to get your systems scanned and cleaned. Malware bytes is likely enough, but I always recommend BitDefender. Their efficacy rates are always fantastic, and they have been leading the industry for several years now. Download the AV on a clean system, put on clean flash drive, and install that way.

    Last, you’re gonna need to reset your passwords. Yes, I know that’s toxic af. But this is the reality and why we always need to be veeeery careful with what we do. This worm communicates with a c2 server which means it can update itself which makes detection hard, and it also means that, at one point it may have been spying on your activity (and it likely was if not continues to)

    This stuff happens, don’t beat yourself up too much. Live and learn

    • chevy9294@monero.townOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Thank you for the link, it will help for sure!

      I (not me but my family) always used just default Windows Defender but I heard good things about Malware bytes and BitDefender, I’ll checked them out.

      • stevedidwhat_infosec@infosec.pub
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Bitdefender usually goes on sale too - check for coupon codes, don’t pay full price. Plus you get like 5 devices with your license IIRC. Worth a shot

          • stevedidwhat_infosec@infosec.pub
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            6 months ago

            And you got what you paid for, no?

            I believe there is a free version as well but don’t think just because you’re installing Linux that you’re somehow safer.

            There was just a package that was essentially socially engineered into by a hacker, who then had full access to everyone’s shit.

            All because a GitHub author was pressured into letting them contribute to code. Mac/Apple are no different and starting to be more and more vulnerable as the “security by obscurity” wears off.

            Free tools are fine and well, but that stuff is done for free. Including maintainence and everything else. In times like these, ain’t nobody got time for that anymore. People need to make a living and you will see degradation in the products thusly

            • laughterlaughter@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              6 months ago

              I didn’t downvote you, but I think you’re assuming waaaay too much about OP’s life circumstances. For al we know, he’s an Argentinian teenage girl with an allowance, or a Vietnamese retired fisherman with no life savings.

              • stevedidwhat_infosec@infosec.pub
                link
                fedilink
                arrow-up
                1
                ·
                6 months ago

                Could be. However, the point stands, you’re gonna get what you pay for in the end. Not trying to be a dick ofc, but that’s the reality.

                There are some well performing options that are free, but they are limited, and not too common imo

                If anyone does have some good options, feel free to share as I may be unaware of them and think learning about them would be neat

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    And here I was under the impression that using USB storage for anything else than installing operating systems was a thing of the past.

      • Dave@lemmy.nz
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        Personally, most stuff is in cloud storage. For local stuff I use syncthing.

        But for the average person, I’d expect using iCloud, Google Drive, Onedrive, or Dropbox and then creating a shareable link for the other person.

        I also can’t remember the last time I used a USB drive for anything other than installing an OS.

      • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        If I want to quickly share something from my phone, I use NGINX in Termux with autoindex enabled.

        No need for anything else than browser on client-side.
        Actually, on Play store there’s also a simple GUI app called “Simple HTTP server”, but NGINX feels fancier.

        Just a tip if you want to try this:
        By default, error logs are kept. One source of errors is interface suddenly disappearing (i.e. your phone got disconnected from network). This error will be logged as quickly as it can be.
        What happened (when this occurred)? I found my phone stuck in bootloop. The error log filled internal storage to the last byte causing Android system to crash and unable to reboot, which it tried again, again, again,… Bootloop. I just found my pocket suddenly feeling unreasonably hot.
        In my case, forcing it into recovery, turning it off from there and retrying boot up freed 17MB from somewhere, allowing the phone to boot up.
        Alternative to that would be a hard reset.

        Sounds crazy, but any app could fill the internal storage like that.

  • Techognito@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    Have you run a full scan using Windows Defender?

    Can you confirm that the worm is actually running?

    AV software may remove the installed worm from the system, but not from the drive.

    Probably a good idea to reformat the USB drive

    PS. if all else fails, nuke and pave (reinstall the computers in your household, including your linux machine)

    You should do this offline, as in, quarantine the situation.

  • sramder@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    Doesn’t virus total display a list of the AV software it triggered?

    I generally use Malware Bytes on windows but I don’t know if it’s effective against that particular virus.

    • chevy9294@monero.townOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Yes it does but I haven’t checked whichones do end whichones don’t. But half of them do, thats important.

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Flamethrower and hammer, to be sure.

    Joke aside, Kaspersky Virus Removal Tool is the tool you need. Download a fresh copy and put it on a USB stick. Whatever Windows computer you need to disinfect, restart in safe mode and copy KVRT. It is standalone and runs offline and can be removed after use. It will scan the whole system. Its malware removal rate is approximately the same as Kaspersky suite, so you know it will do the job.

    Edit: turns out there are brainwormed redditors out here. Ignore their downvotes and you will be fine following advice.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      6 months ago

      Edit: turns out there are brainwormed redditors out here. Ignore their downvotes and you will be fine following advice.

      https://en.wikipedia.org/wiki/Eugene_Kaspersky

      Yeah… No. Pick any other reputable company.

      Kaspersky is one of many Russian “oligarchs”

      Edit: I think this paints the picture pretty clear… So worth adding to the discussion. Note the domains that are voting for this post vs not.

  • stevedidwhat_infosec@infosec.pub
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    I’ll also toss this hat into the ring - sysmon this is essentially a logging tool thats a bit better/nicer than the windows default, and categorizes all logs into very neat buckets that will make watching out for strange shit much much easier.

    Sysmon is part of the sysinternals suite (vetted by the community + microsoft, which is sayin somethin lol) and you can make use this as the config file to use (Uses industry-standard MITRE Att&ck framework) which you can then use to correlate to more threats/malware authors/malware artifacts if you really wanna get your hands dirty/have some fun

    • borari@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      6 months ago

      To level set, Microsoft owns SysInternals, and has since 2006. None of it is “community vetted”, to me that implies FOSS or something.