52

Before I removed Windows 7 from my computer and replaced it with Ubuntu, I had over 257 threats that never would go away. I don't know if the trojan horse I had also could transfer over to Ubuntu. Can my computer be infected? I'm trying to be very careful when I use my computer, because I don't want to get a new computer.

I've only had Windows 7 and my PC, for only a few years. First, I took it to Best Buy and they said a trojan horse is supposed to be on the computer. The man only "looked" at it and since he put it in factory settings, it hid and stole my PC twice in a row. Then, I took it somewhere to someone I know and they re-built it. But it had tons of issues again.

My anti-virus and my programs and other files were disappearing right before my eyes. My Wi-Fi was turned off, and I couldn’t turn it back on. It even shut down by itself. And it never did that before.

Will my infections from Windows 7 transfer over to Ubuntu? Just remember I don't have windows 7 any more, I only have Ubuntu.

Braiam
  • 67,791
  • 32
  • 179
  • 269
Morgan
  • 661
  • 1
  • 6
  • 10

11 Answers11

71

Your operating system is neither the first code that executes on your computer, nor is it the code with the highest level of access. Malware loaded into the bootstrap code (including BIOS, video BIOS, RAID BIOS, NIC BIOS, UEFI, UEFI modules) not only will not be erased by installation of a new OS, it can hide itself from detection by the OS (although not perfectly, it will slow things down1 and timing analysis may be able to detect that).

Only a small fraction of all malware operates at this level, but multiple cases have been documented. Here are just a few examples:

Also, Stack Exchange site Information Security has several relevant questions:

To be pedantic, these wouldn't be called "Windows viruses", although they may be carried inside Windows malware which served as the infection vector. And they wouldn't be said to "transfer to Ubuntu". My point is that if you had asked the right question, which I feel is "After formatting my Windows partition and installing Ubuntu, might I continue to be affected by malware?", you would learn that the unfortunate answer is "Yes that is possible."

1 But malware that infects a coprocessor, such as the Intel Management Engine which has recently come to mainstream attention due to a critical vulnerability in the way Intel does remote authentication would not spend processor cycles. At best it might cause some timing variances due to bus and memory contention. Malware that infects a management subsystem is basically a worst-nightmare scenario, for both detection and removal.

Ben Voigt
  • 1,007
  • 6
  • 10
  • 1
    Is it possible in principle for the virus to have infected his router from his computer, so that it could reinfect his computer after he wipes his system (or worse yet, after he buys a new computer)? And the same thing can be done with a flash drive instead of a router, correct? (Technically his computer would be clean when he installs the new OS, but as soon as he connects it to an infected device, it becomes infected.) – Brian Moths Apr 01 '14 at 17:02
  • 2
    @NowIGetToLearnWhatAHeadIs: Well, a computer is not supposed to get infected just by being exposed (connected) to malware. And yes, it's possible for some types of routers to get infected, but they don't run Windows so it wouldn't be infected with the same virus. (It's certainly possible for Windows malware to play a role in attacking a router, whether it carries a payload with it, or opens a backdoor used as a springboard for remote hacking) – Ben Voigt Apr 01 '14 at 18:08
  • @NowIGetToLearnWhatAHeadIs: The essential difference between my answer and your comment is that your infection vectors require that after the hard disk is erased, Windows is again installed. But that didn't happen here, instead Ubuntu was installed. Everything about my answer could continue to be problematic, not because Linux is infected by Windows, but because the infection exists and functions outside the OS. – Ben Voigt Apr 01 '14 at 18:29
  • @BenVoigt thank you for bringing some sanity and critical thinking to this. – Craig Tullis Apr 02 '14 at 00:52
56

There are a few parts to the answer to your problem:

Threats don't transfer from one OS to another

Threats that work on Windows usually don't work on other OS (there might be some that do, but I have never heard of any) because they both work very differently. That way, a virus that looks for your C:\Windows\System32 folder on windows won't find it on Ubuntu as it doesn't exist.

Threats don't survive a total wipe of your hard drive

If you erase your hard drive and install a fresh Windows on top, any existing threats would have disappeared, as they are just regular programs. I don't know if best buy employees did a simple rollback to factory settings or a full re-install of windows, but in the case of the re-install, you shouldn't have had any remaining problem.

As a conclusion, no, your viruses won't transfer to Ubuntu. However, your problem might be related to hardware problems. If you still have issues with your Ubuntu, you might want to ask support to look at your hard drive and motherboard and see if there is any problem there.

Note: If you still have viruses after a 1st Windows re-install, you should seriously check if websites you visit regularly are not infected or install a better protection software.

Léo Lam
  • 1,002
  • 3
  • 12
  • 27
Aserre
  • 1,177
  • 12
  • 18
  • 4
    As well... if you transfer files, the infection might transfer along with them. Install files, word documents, etc that are infected, backed up to cd then copied to your clean environment. Most probably of those will target Windows and will be ineffective against Ubuntu. – WernerCD Mar 31 '14 at 16:27
  • 24
    What about MBR, VBR viruses? I thought they can damage hdd, independently from OS – c0rp Mar 31 '14 at 17:23
  • 7
    @c0rp: And BIOS (or now UEFI) viruses too. VBIOS and NetBOOT are potential vectors. As well, installation of a new OS rarely includes a complete wipe of the whole disk, usually just a few partitions. With UEFI, installers are very unlikely to wipe the EFI System Partition. The answers here seem based on low technical literacy. And unfortunately the OP doesn't know better, which is why the question is being asked. – Ben Voigt Mar 31 '14 at 17:26
  • @c0rp doesn't linux completely rewrite MBR & partition table when you make a fresh install ? I'm not sure about it myself. – Aserre Mar 31 '14 at 17:40
  • @Ploutox: A RAID BIOS can make the OS think the drive is smaller that in truly is (set aside part of an SSD for caching purposes, perhaps?), or combine multiple drives into one larger one, etc. If that got infected... – Ben Voigt Mar 31 '14 at 18:06
  • 12
    You'd need to add "usually" to the answer - almost all threats encountered in the wild don't have such capabilities; but we definitely have seen a few multi-platform threats, and there have been demonstrations of threats that can survive a total wipe of the hard drive (e.g., a demo of persistent threat sitting in the HDD firmware). – Peteris Mar 31 '14 at 18:56
  • typical linux installations will not overwrite the MBR (e.g., installing ubuntu). However, it is perfectly possible to open up parted or similar and do that yourself. – aestrivex Mar 31 '14 at 19:12
  • 5
    You can also get a windows virus by running an infected exe in Wine. – jfa Mar 31 '14 at 20:19
  • 2
    If the virus in physically located in the HD's controller firmware, it will survive a HD wipe. – Vincent Apr 01 '14 at 04:52
  • 1
    Viruses CAN be transfered to an other OS, but usually won't be a threat to that OS. It CAN be a threat if e.g. Ubuntu is used as a file server. Connecting Windows clients WILL be exposed. – asgoth Apr 02 '14 at 09:16
  • 1
    You can easily create malware that works on all major systems by using Java or Python. – Martin Thoma Apr 03 '14 at 17:27
  • I've done plenty of virus related formats for friend over the years and have often had friends ask me to save media files which turn out to be viruses. If you copy files from your old install to a new one then threats can "survive". (I agree with your statement technically but worth noting this practicality). – Matt Apr 03 '14 at 20:41
  • And also to add that potential threats exist in cross-platform browser add-ons, usually (but not necessarily) downloaded out of official sites. – Wtower Apr 04 '14 at 13:39
  • As we've seen with the NSA infection of HDD firmware, malware can very much survive a HDD wipe... – Cerin Mar 29 '15 at 16:31
7

No

If you installed Ubuntu over windows and deleted all the Windows files the virus can not spread.

You can get Windows viruses on Ubuntu if and only if you install Windows software via programs like Wine.

Alvar
  • 17,058
  • Are there any examples of that happening? I haven't heard of any viruses on linux desktops via Wine. AFAIK, the only way windows viruses are an issue is if linux servers are interacting with windows clients, but even then there is no reported spread to the host system. – comrademike Mar 31 '14 at 12:00
  • @Comrademike Your Ubuntu system can always get a virus but nothing will happen. But if you install a Windows program via wine then that can be infected. That's why it's a good idea to install a antivirus system if you are using Windows software. Or just be careful, that was my point. – Alvar Mar 31 '14 at 12:30
  • 5
    A Windows virus can be executed in Wine, but it won't really affect your Ubuntu system and would only damage its Wine environment, so your files and personal data will be fine since they're outside of Wine and the virus isn't designed to be able to "escape" that (it'll only search the Wine folders which it'll believe are the real personal folders of the user, which they are on a real Windows system). –  Mar 31 '14 at 12:46
  • @Alvar It's not virus if nothing happens. I don't see how a program inside a Wine prefix is going to spread a virus to the linux system either. – comrademike Mar 31 '14 at 16:31
  • 9
    @comrademike: Even if it can't spread to the linux filesystem, it can still infect other documents opened inside Wine, still send infected e-mails, copy proprietary information to Internet locations, be a DDOS zombie, etc. Malware doesn't need privilege escalation to be harmful. – Ben Voigt Mar 31 '14 at 17:30
  • @Ben Voigt : are there any examples of a virus or malware infecting Linux or any documents from running a program under Wine? Or is it just a theoretical possibility? – comrademike Apr 01 '14 at 07:59
  • @comrademike: Someone tested it here and posted some logs. – Ben Voigt Apr 01 '14 at 13:57
4

Some comments:

  1. There are false alerts, too. Virus scanners often use very crude heuristics. For example, when you have multiple virus scanners, they may detect each other as malware, too! And of course, false alerts can easily carry over to other platforms, if you take data with you.

  2. In theory, Wine can also be used to run a Windows virus.

  3. There could be a virus that has support for multiple platforms. Eventually there will be one, written in JavaScript and infecting Node.js webservers, for example.

  4. Some tools scare Windows users, and report every web tracking cookie as a threat.

In practise, I have not heard a convincing report of this happening.

Peter Mortensen
  • 884
Has QUIT--Anony-Mousse
  • 138
  • 6
4

Although I don't know any actual virus that does it, I have to say:

Yes, a Windows malware can do harm under Linux.

Infection of files

Linux does not magically remove viruses. If you use Linux as a file server and the HDD was infected, it will spread the Windows malware although Linux is not affected.

Wine

You can execute windows binaries with wine. Although not every malware might be effective this way, some could still work with wine.

Honeypots / Java

If you have some malware that you don't see as malware, this could work on any system. Let's say you have a game that is a real game at the first glance, but does also use your computer for DOS attacks. You might even make it work on a new system.

An easy way to do this might be Java applets. They work on many systems and Java has lot of security issues.

Another hot candidate might be JavaScript or Flash. Both are available on many systems and you might use sites that deploy this malware (eventually without knowing).

The complicated way

Combined vulnerabilities

Suppose you had Windows and a virus that allowed the attacker to execute arbitrary code. Then the attacker could know vulnerabilities (eventually allowing him to execute arbitrary code when the system gets mounted) of Linux. Of course, he can load this.

MBR viruses

See Boot sector viruses

Note

By the way, I think such questions might be better suited for Information Security Stack Exchange.

Community
  • 1
Martin Thoma
  • 19,277
  • I think the correct term for your third category is Trojan, not Honeypot. – Ben Voigt Aug 28 '14 at 04:40
  • @BenVoigt I'm not sure about it. Doesn't a Trojan typically spy on you? What I wanted to express is that you might put significant effort into making the malware work. – Martin Thoma Feb 11 '15 at 08:28
  • spying or not has nothing to do with the definition of Trojan. A Trojan is something that is welcomed by the legitimate user based on a false appearance, like the trojan horse. A honeypot also presents a false appearance, but this time the legitimate user knows the truth, and the malware is deceived (and therefore executes its attack where the user can observe it). – Ben Voigt May 31 '17 at 16:22
3

I totally disagree with Ploutox's and Alvar's answers.

On one hand:

There would be a virus that can infect both Ubuntu and Windows! Simply the virus search for operating systems and infect them, even it can be more powerful because the virus don't need administrative rights when you use Windows to infect Ubuntu.

In conclusion: there could be a virus that runs on two different systems.

On the other hand:

A simple format should kill all viruses on a hard drive. Antivirus programs are really powerful nowdays.

Community
  • 1
user263958
  • 47
  • 1
  • 8
    While what you said on your first point is theoretically true, it is quite difficult to put in place. Programs compiled on a specific OS don't often work on another OS, as they don't have the same kernel and use different compilers. This compatility gap is further increased when you use sytem commands in your virus. You could theoretically develop viruses using languages that use a RE and are thus portable (for instance Java), but this adds another security layer to breach and makes it a lot harder. – Aserre Mar 31 '14 at 17:22
1

In general: No

Normally, this is not the case.

Disc wipes

A disc wipe (“format”) is something a virus cannot survive iff done on a clean system (e.g. a booting from a clean Live CD, not an infected system).

Some viruses can be stored in the MBR, though this is a part of the disc that is also often overwritten during OS installation.

However, some viruses can infect the firmware (OpenFirmware, OpenBOOT, BIOS, EFI). That is massively harder to get rid of. Changing the mainboard usually helps. The comments about a clean Live CD (or write-protectable USB stick) from above apply.

Virus transfer

I know of someone who “double-clicked” on an eMail attachment on his SuSE Linux KDE desktop, which “helpfully” (hah…) started the Windows® virus using Wine (a Windows® loader)… and the system integration of Wine was good enough for the virus to be able to read the person's KDE (Linux) address book and spread to their friends.

But that's been quite a while ago, and rare. Although, with all the user-friendliness and focus on getting former Windows® users to convert to Ubuntu®, it would not surprise me if it could still happen.

Still, nothing you should worry about, I think.

Ducky
  • 23
  • 2
mirabilos
  • 676
  • 11
  • 19
0

The answer is NO

Threats that work on Windows usually don't work on other OS That way, a virus that looks for you folder on windows won't find it on Ubuntu as it doesn't exist or simply as a file or Folder

Main reason is that in windows it will be .exe files which will run as the virus and that format is not supported in other OS.

Though sometimes it may effect wine but don't worry about a crash because of that.

Daniel
  • 27
  • 2
0

What I am hearing you say is that you had problems with your computer that some program identified as "threats" and that your problems did not go away after a factory reset. I would be concerned as well that the installation of a new operating system might not remove the problems completely.

In short, it is very unlikely that a Windows virus or threat could infect Ubuntu since a Windows virus is typically hidden inside a Windows program and you cannot run Windows programs in Ubuntu (except in Wine or similar). It might possible that a virus inside a Word or Excel file could harm you if you open the file in Libreoffice but these do not generally hide inside hard disk partitions.

The Ubuntu installation should have replaced the boot sector with GRUB, so you should be ok here. If you want to be really sure what partitions are on your hard disk, install GParted and see what's there. If you don't need Windows any more, you can delete these extra partitions. Just don't delete the one that has as mount point / (This is your Ubuntu system)

Do you know how to install a program in Ubuntu?

atmelino
  • 149
  • 8
0

As with almost everything in the computer world, nothing is impossible - but a lot of things are highly improbable. In theory it is possible to write a Windows virus that will also infect a Linux system but as the two use entirely different architectures and file handling systems, it would be difficult to say the least. As many others have said, if you run some sort of Windows emulation like Wine, then you are running an effective Windows environment and it can be infected. If, as I do, you install both systems with a dual-boot loader (Grub) and choose which one to run at boot-up then any Windows virus cannot transfer from one to the other. I also run a full-featured commercial anti-malware program on my Windows system and have never had an infection find its way past that. From your initial post I'd say that the 'technician' who did the initial check didn't know squat! Your system should have been reformatted and a clean re-install performed; without this it's very difficult to be certain that even regular viruses and trojans are removed. However, even with this, it only needs one infected document, one infected site, or one vicious email and you're back on the same merry-go-round. The good thing is that if you install Linux, these most likely can't infect that.

Best of luck.

thenudehamster
  • 31
  • 1
-1

A windows thread almost never infects Linux. However a thread can survive usually these ways:

By having 2 partitions in which on the one infected windows are in

This is the way that most times make Linux users regret for using Linux. If you boot into windows with Linux installed on another partition the thread goes in the Linux partition and destroys files, programs and sometimes the Linux system. However if you do not boot into windows this problem will not appear in Linux

By keeping old infected files from windows and having WINE installed on Linux

WINE, which is a compatibility layer for running windows programs on windows (wine Is Not Emulator), usually can't run windows threads and wine crashes in such situations, however sometimes it can, and the thread might be more harmful than in windows. And that's because, again, Wine Is Not an Emulator it can harm sometimes your system.

SOLUTION

Install ClamAV and its graphical frontend, ClamTK, an antivirus for linux wich can't be destroyed by a windows thread. ClamAV can scan your files for infections (even for the "windowish" ones) and most times repair them. It is very easy to install them. simply run:

$ sudo add-apt-repository ppa:ubuntu-clamav/ppa $ sudo apt-get update $ sudo apt-get install clamav gdebi $ wget https://bitbucket.org/dave_theunsub/clamtk/downloads/clamtk_5.09-1_all.deb $ sudo gdebi clamtk_5.09-1_all.deb

and if you wand to remove them:

$ sudo apt-get remove clamav* clamtk*

user258456
  • 27
  • 4
  • @user68186 1. Thread a thread can be a virus, trojan, malware, spyware, worm... 2. Windows might not support ext4, but the the thread might support ext4 and it might have a hidden *.sh file wich will execute itself on a bash shell - If the hacker has linux knowledge he will be able to do such a thing. Also I had a patch for window$ xp that makes windows support ext4 format partitions and write/edit/delete files in there ;-) – user258456 Mar 23 '15 at 15:37
  • Sorry for "thread" - you were right, it is spelled as "threat", and a thread is like a "give me your credit card number" virus. Well, I am a greek user of ubuntu and sometimes my english sucks! Sorry!!! – user258456 Mar 24 '15 at 20:00